[Openswan dev] Re: openswan 3DES+SHA1+XAUTH
Michael Richardson
mcr at sandelman.ottawa.on.ca
Wed Dec 8 19:56:59 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Uhm, a)
> Dec 8 16:59:42 [ipsec__plutorun] ...could not start conn "GroupVPN"
you can't have an interactive (i.e. XAUTH) conn started with auto=start.
The password has to be typed in. Some later patches may permit the
username/password to be in the config file... frankly, from a reasonable
security point of view, if you are going to do that, you might as well
use raw RSA keys.
b) > Dec 8 16:59:42 [pluto] "GroupVPN" #1: ISAKMP SA established
> Dec 8 16:59:42 [pluto] "GroupVPN" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#1}
If it goes from ISAKMP SA to quick mode, then, you didn't actually
configure XAUTH.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQbeixYqHRg3pndX9AQFBtAP9GH3cvBzQRvFCxd4lUmvFTmzutkV8tvLe
OQj88FQW/CZn1iwvBOJLVvVH75DCZQAHaORUrgQErJ2rfpOg7/JJKx4JC9WFwk73
IATBuXLC+PcKu2YKMl38G5Alrp6f7dUdOUby+Pv7UAItVJq0pdWZ2Py0MZtSJIX+
dxh5/3A7xVE=
=616d
-----END PGP SIGNATURE-----
More information about the Dev
mailing list