[Openswan dev] Re: openswan 3DES+SHA1+XAUTH

[Paul Wouters]

On Wed, 8 Dec 2004, Bas Huisman wrote:

thanks for trying this with 2.3.0dr4 Bas,

> I am the client side (the Server is a "Sonic Wall" IPSEC server),
>
> when I use 2.3.0dr4 as you suggested I get:
>
> Dec  8 16:59:41 [pluto] Starting Pluto (Openswan Version 2.3.0dr4 X.509-1.5.4 PLUTO_USES_KEYRR)

> Dec  8 16:59:42 [pluto] added connection description "GroupVPN"

> Dec  8 16:59:42 [pluto] "GroupVPN" #1: initiating Main Mode
> Dec  8 16:59:42 [ipsec__plutorun] 104 "GroupVPN" #1: STATE_MAIN_I1: initiate
> Dec  8 16:59:42 [ipsec__plutorun] ...could not start conn "GroupVPN"
> Dec  8 16:59:42 [pluto] "GroupVPN" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
> Dec  8 16:59:42 [pluto] "GroupVPN" #1: ignoring unknown Vendor ID payload [da8e937880010000]

This I do not udnerstand, since we seem to support (or know at least) that vendor id:

http://www.openswan.org/development/docs/html/vendor_8c.html

> Dec  8 16:59:42 [pluto] "GroupVPN" #1: ignoring unknown Vendor ID payload [404bf439522ca3f6]
> Dec  8 16:59:42 [pluto] "GroupVPN" #1: received Vendor ID payload [XAUTH]
> Dec  8 16:59:42 [pluto] "GroupVPN" #1: I did not send a certificate because I do not have one.
> Dec  8 16:59:42 [pluto] "GroupVPN" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
> Dec  8 16:59:42 [pluto] "GroupVPN" #1: Main mode peer ID is ID_IPV4_ADDR: 'x.x.x.x'
> Dec  8 16:59:42 [pluto] "GroupVPN" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
> Dec  8 16:59:42 [pluto] "GroupVPN" #1: ISAKMP SA established
> Dec  8 16:59:42 [pluto] "GroupVPN" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#1}
> Dec  8 16:59:42 [pluto] "GroupVPN" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN

Can you produce any logs from the other end?
Can you show us your ipsec.conf?
Did you built with xauth support?
Did you built with or without pamd support?

> It is nog longer ignoring the XAUTH but sill the two Vendor ID's

Paul