[Openswan dev]
standalone pluto + VPN client Aggressive mode + PSK + XAUTH
Philippe Sultan
philippe.sultan at inria.fr
Wed Jul 7 19:56:57 CEST 2004
Hello everybody,
I have compiled pluto (openswan v1.0.6) without klips in order to get a
standalone ISAKMP stack and make it work with a Cisco VPN client.
The client works as a roadwarrior in IKE Aggressive mode + preshared
keys + XAUTH. My /etc/ipsec.secrets file :
%any: PSK "*********"
:PSK "*********"
The first message from the client is processed through the
'aggr_inI1_outR1()' function (Cisco client specifies a wrong value for
the packet size in the ISAKMP HDR, but I think pluto should ignore this
in my case), and after that by find_host_connections() ->
find_host_pair_connections() -> find_host_pair().
These functions (found in connections.c) always returns NULL which makes
pluto discard the ISAKMP message.
In fact, the 'for' loop in the find_host_pair() is never entered,
because the static struct 'host_pairs' is set to NULL (and p =
host_pairs at loop initialization).
I would like to know when and how the host_pairs struct if filled.
Shouldn't it be initialized before we enter find_host_pair()?
Thanks in advance for any help.
Philippe
More information about the Dev
mailing list