<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0in;
        margin-right:0in;
        margin-bottom:0in;
        margin-left:.5in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
 /* List Definitions */
 @list l0
        {mso-list-id:1719469966;
        mso-list-type:hybrid;
        mso-list-template-ids:-1260362010 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext="edit">
  <o:idmap v:ext="edit" data="1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=EN-US link=blue vlink=purple>

<div class=Section1>

<p class=MsoNormal>Hi,<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>In order to the see the working of openswan xauth server and
client, I am testing the scripts in the folder testing/pluto/xauth-pluto-11.<o:p></o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal><o:p>&nbsp;</o:p></p>

<p class=MsoNormal>Can you please let me know the following:<o:p></o:p></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>Even with the following in ipsec.conf, I don&#8217;t see
more debug on the output.<o:p></o:p></p>

<p class=MsoListParagraph>plutostderrlog=/tmp/pluto.log<o:p></o:p></p>

<p class=MsoListParagraph>plutodebug=&quot;all&quot;<o:p></o:p></p>

<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>

<p class=MsoListParagraph>Am I missing something?<o:p></o:p></p>

<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>I have configured east.conf and road.conf with the
relevant ip addresses and retained the rest of the information as it is. And,
started the test as follows:<o:p></o:p></p>

<p class=MsoListParagraph>On the server,<o:p></o:p></p>

<p class=MsoListParagraph>./testparams.sh<o:p></o:p></p>

<p class=MsoListParagraph>./eastinit.sh<o:p></o:p></p>

<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>

<p class=MsoListParagraph>On the client,<o:p></o:p></p>

<p class=MsoListParagraph>./testparams.sh<o:p></o:p></p>

<p class=MsoListParagraph>./roadinit.sh<o:p></o:p></p>

<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>

<p class=MsoListParagraph>The server does nothing except for :<o:p></o:p></p>

<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>

<p class=MsoListParagraph>[root@rreddy-fc5 xauth-pluto-11]# ./eastinit.sh <o:p></o:p></p>

<p class=MsoListParagraph>ipsec_setup: Openswan IPsec apparently already
active, start aborted<o:p></o:p></p>

<p class=MsoListParagraph>done<o:p></o:p></p>

<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>

<p class=MsoListParagraph>The client gives the following:<o:p></o:p></p>

<div class=MsoListParagraph align=center style='text-align:center'>

<hr size=2 width="100%" align=center>

</div>

<p class=MsoListParagraph>ipsec_setup: Starting Openswan IPsec 2.6.14...<o:p></o:p></p>

<p class=MsoListParagraph>ipsec_setup: No KLIPS support found<o:p></o:p></p>

<p class=MsoListParagraph>ipsec_setup: NETKEY support found. Use
protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting
to continue with NETKEY<o:p></o:p></p>

<p class=MsoListParagraph>ipsec_setup: <o:p></o:p></p>

<p class=MsoListParagraph>ipsec_setup: <o:p></o:p></p>

<p class=MsoListParagraph>000 &quot;xauth-road--eastnet&quot;:
10.8.10.244&lt;10.8.10.244&gt;[@road.testing.xelerance.com,+XC+S=C]...192.168.3.38&lt;192.168.3.38&gt;[@east,+XS+S=C];
unrouted; eroute owner: #0<o:p></o:p></p>

<p class=MsoListParagraph>000 &quot;xauth-road--eastnet&quot;: &nbsp;&nbsp;&nbsp;&nbsp;myip=unset;
hisip=unset;<o:p></o:p></p>

<p class=MsoListParagraph>000
&quot;xauth-road--eastnet&quot;:&nbsp;&nbsp;&nbsp;&nbsp; xauth info:
myxauthuser=use1; <o:p></o:p></p>

<p class=MsoListParagraph>000 &quot;xauth-road--eastnet&quot;:&nbsp;&nbsp;
ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%;
keyingtries: 3<o:p></o:p></p>

<p class=MsoListParagraph>000 &quot;xauth-road--eastnet&quot;:&nbsp;&nbsp;
policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 32,32; interface: eth0; <o:p></o:p></p>

<p class=MsoListParagraph>000 &quot;xauth-road--eastnet&quot;:&nbsp;&nbsp;
newest ISAKMP SA: #0; newest IPsec SA: #0; <o:p></o:p></p>

<p class=MsoListParagraph>done<o:p></o:p></p>

<p class=MsoListParagraph>[root@aragon openswan-2.6.14_xauth]#<o:p></o:p></p>

<div class=MsoListParagraph align=center style='text-align:center'>

<hr size=2 width="100%" align=center>

</div>

<p class=MsoListParagraph><o:p>&nbsp;</o:p></p>

<p class=MsoListParagraph style='margin-left:0in'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; I
am not able to make out what exactly happened here? Can you please tell me if
the xauth took place successfully or has it failed? How can I print more debug
information here?<o:p></o:p></p>

<p class=MsoListParagraph style='margin-left:0in'><o:p>&nbsp;</o:p></p>

<p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>3.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
</span></span><![endif]>Also, what types of extended authentication does &nbsp;openswan
xauth server support? Like username, password, passcode, message etc? and where
can these be configured on the server? Any help is greatly appreciated.<o:p></o:p></p>

<p class=MsoListParagraph style='margin-left:0in'><o:p>&nbsp;</o:p></p>

<p class=MsoListParagraph style='margin-left:0in'>Thanks,<o:p></o:p></p>

<p class=MsoListParagraph style='margin-left:0in'>Rajitha.<o:p></o:p></p>

</div>

</body>

</html>