[Openswan dev] standalone pluto + VPN client Aggressive mode + PSK + XAUTH

Ken Bantoft ken at xelerance.com
Fri Jul 16 16:27:37 CEST 2004

Check users lists for a patch for Aggressive Mode - might help you get 
further along.


On Wed, 7 Jul 2004, Philippe Sultan wrote:

> Hello everybody,
> I have compiled pluto (openswan v1.0.6) without klips in order to get a 
> standalone ISAKMP stack and make it work with a Cisco VPN client.
> The client works as a roadwarrior in IKE Aggressive mode + preshared 
> keys + XAUTH. My /etc/ipsec.secrets file :
> %any: PSK "*********"
> :PSK "*********"
> The first message from the client is processed through the 
> 'aggr_inI1_outR1()' function (Cisco client specifies a wrong value for 
> the packet size in the ISAKMP HDR, but I think pluto should ignore this 
> in my case), and after that by find_host_connections() -> 
> find_host_pair_connections() -> find_host_pair().
> These functions (found in connections.c) always returns NULL which makes 
> pluto discard the ISAKMP message.
> In fact, the 'for' loop in the find_host_pair() is never entered, 
> because the static struct 'host_pairs' is set to NULL (and p = 
> host_pairs at loop initialization).
> I would like to know when and how the host_pairs struct if filled. 
> Shouldn't it be initialized before we enter find_host_pair()?
> Thanks in advance for any help.
> Philippe
> _______________________________________________
> Dev mailing list
> Dev at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/dev

Ken Bantoft			VP Business Development
ken at xelerance.com		Xelerance Corporation
sip://toronto.xelerance.com	http://www.xelerance.com

More information about the Dev mailing list