[Openswan dev] standalone pluto + VPN client Aggressive mode + PSK + XAUTH

Philippe Sultan philippe.sultan at inria.fr
Wed Jul 7 19:56:57 CEST 2004

Hello everybody,

I have compiled pluto (openswan v1.0.6) without klips in order to get a 
standalone ISAKMP stack and make it work with a Cisco VPN client.

The client works as a roadwarrior in IKE Aggressive mode + preshared 
keys + XAUTH. My /etc/ipsec.secrets file :
%any: PSK "*********"
:PSK "*********"

The first message from the client is processed through the 
'aggr_inI1_outR1()' function (Cisco client specifies a wrong value for 
the packet size in the ISAKMP HDR, but I think pluto should ignore this 
in my case), and after that by find_host_connections() -> 
find_host_pair_connections() -> find_host_pair().

These functions (found in connections.c) always returns NULL which makes 
pluto discard the ISAKMP message.

In fact, the 'for' loop in the find_host_pair() is never entered, 
because the static struct 'host_pairs' is set to NULL (and p = 
host_pairs at loop initialization).

I would like to know when and how the host_pairs struct if filled. 
Shouldn't it be initialized before we enter find_host_pair()?

Thanks in advance for any help.


More information about the Dev mailing list