
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>

<meta http-equiv=Content-Type content="text/html; charset=us-ascii">

<meta name=Generator content="Microsoft Word 12 (filtered medium)">

<!--[if !mso]>

<style>

v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style>

<![endif]-->

<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri","sans-serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph

        {mso-style-priority:34;

        margin-top:0in;

        margin-right:0in;

        margin-bottom:0in;

        margin-left:.5in;

        margin-bottom:.0001pt;

        font-size:11.0pt;

        font-family:"Calibri","sans-serif";}

span.EmailStyle17

        {mso-style-type:personal-compose;

        font-family:"Calibri","sans-serif";

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page Section1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.Section1

        {page:Section1;}

 /* List Definitions */

 @list l0

        {mso-list-id:1719469966;

        mso-list-type:hybrid;

        mso-list-template-ids:-1260362010 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}

@list l0:level1

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

ol

        {margin-bottom:0in;}

ul

        {margin-bottom:0in;}

-->

</style>

<!--[if gte mso 9]><xml>

 <o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

 <o:shapelayout v:ext="edit">

  <o:idmap v:ext="edit" data="1" />

 </o:shapelayout></xml><![endif]-->

</head>


<body lang=EN-US link=blue vlink=purple>


<div class=Section1>


<p class=MsoNormal>Hi,<o:p></o:p></p>


<p class=MsoNormal><o:p>&nbsp;</o:p></p>


<p class=MsoNormal>In order to the see the working of openswan xauth server and

client, I am testing the scripts in the folder testing/pluto/xauth-pluto-11.<o:p></o:p></p>


<p class=MsoNormal><o:p>&nbsp;</o:p></p>


<p class=MsoNormal><o:p>&nbsp;</o:p></p>


<p class=MsoNormal>Can you please let me know the following:<o:p></o:p></p>


<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span

style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

</span></span><![endif]>Even with the following in ipsec.conf, I don&#8217;t see

more debug on the output.<o:p></o:p></p>


<p class=MsoListParagraph>plutostderrlog=/tmp/pluto.log<o:p></o:p></p>


<p class=MsoListParagraph>plutodebug=&quot;all&quot;<o:p></o:p></p>


<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>


<p class=MsoListParagraph>Am I missing something?<o:p></o:p></p>


<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>


<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span

style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

</span></span><![endif]>I have configured east.conf and road.conf with the

relevant ip addresses and retained the rest of the information as it is. And,

started the test as follows:<o:p></o:p></p>


<p class=MsoListParagraph>On the server,<o:p></o:p></p>


<p class=MsoListParagraph>./testparams.sh<o:p></o:p></p>


<p class=MsoListParagraph>./eastinit.sh<o:p></o:p></p>


<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>


<p class=MsoListParagraph>On the client,<o:p></o:p></p>


<p class=MsoListParagraph>./testparams.sh<o:p></o:p></p>


<p class=MsoListParagraph>./roadinit.sh<o:p></o:p></p>


<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>


<p class=MsoListParagraph>The server does nothing except for :<o:p></o:p></p>


<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>


<p class=MsoListParagraph>[root@rreddy-fc5 xauth-pluto-11]# ./eastinit.sh <o:p></o:p></p>


<p class=MsoListParagraph>ipsec_setup: Openswan IPsec apparently already

active, start aborted<o:p></o:p></p>


<p class=MsoListParagraph>done<o:p></o:p></p>


<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>


<p class=MsoListParagraph>The client gives the following:<o:p></o:p></p>


<div class=MsoListParagraph align=center style='text-align:center'>


<hr size=2 width="100%" align=center>


</div>


<p class=MsoListParagraph>ipsec_setup: Starting Openswan IPsec 2.6.14...<o:p></o:p></p>


<p class=MsoListParagraph>ipsec_setup: No KLIPS support found<o:p></o:p></p>


<p class=MsoListParagraph>ipsec_setup: NETKEY support found. Use

protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting

to continue with NETKEY<o:p></o:p></p>


<p class=MsoListParagraph>ipsec_setup: <o:p></o:p></p>


<p class=MsoListParagraph>ipsec_setup: <o:p></o:p></p>


<p class=MsoListParagraph>000 &quot;xauth-road--eastnet&quot;:

10.8.10.244&lt;10.8.10.244&gt;[@road.testing.xelerance.com,+XC+S=C]...192.168.3.38&lt;192.168.3.38&gt;[@east,+XS+S=C];

unrouted; eroute owner: #0<o:p></o:p></p>


<p class=MsoListParagraph>000 &quot;xauth-road--eastnet&quot;: &nbsp;&nbsp;&nbsp;&nbsp;myip=unset;

hisip=unset;<o:p></o:p></p>


<p class=MsoListParagraph>000

&quot;xauth-road--eastnet&quot;:&nbsp;&nbsp;&nbsp;&nbsp; xauth info:

myxauthuser=use1; <o:p></o:p></p>


<p class=MsoListParagraph>000 &quot;xauth-road--eastnet&quot;:&nbsp;&nbsp;

ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%;

keyingtries: 3<o:p></o:p></p>


<p class=MsoListParagraph>000 &quot;xauth-road--eastnet&quot;:&nbsp;&nbsp;

policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 32,32; interface: eth0; <o:p></o:p></p>


<p class=MsoListParagraph>000 &quot;xauth-road--eastnet&quot;:&nbsp;&nbsp;

newest ISAKMP SA: #0; newest IPsec SA: #0; <o:p></o:p></p>


<p class=MsoListParagraph>done<o:p></o:p></p>


<p class=MsoListParagraph>[root@aragon openswan-2.6.14_xauth]#<o:p></o:p></p>


<div class=MsoListParagraph align=center style='text-align:center'>


<hr size=2 width="100%" align=center>


</div>


<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>


<p class=MsoListParagraph style='margin-left:0in'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; I

am not able to make out what exactly happened here? Can you please tell me if

the xauth took place successfully or has it failed? How can I print more debug

information here?<o:p></o:p></p>


<p class=MsoListParagraph style='margin-left:0in'><o:p>&nbsp;</o:p></p>


<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span

style='mso-list:Ignore'>3.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

</span></span><![endif]>Also, what types of extended authentication does &nbsp;openswan

xauth server support? Like username, password, passcode, message etc? and where

can these be configured on the server? Any help is greatly appreciated.<o:p></o:p></p>


<p class=MsoListParagraph style='margin-left:0in'><o:p>&nbsp;</o:p></p>


<p class=MsoListParagraph style='margin-left:0in'>Thanks,<o:p></o:p></p>


<p class=MsoListParagraph style='margin-left:0in'>Rajitha.<o:p></o:p></p>


</div>


</body>


</html>