[Openswan dev] trying to configure XAUTH as replacement for working Cisco VPN Client
lawless at spamcop.net
Mon Mar 26 23:43:48 EDT 2007
Thank you for your reply.
Have no control over the Cisco server side, so can't
switch to L2TP.
It seems probable I want to be the xauth client. Would
it help to attempt to be the server? The other end is
a hardware Cisco VPN firewall.
I can look into building the latest Openswan version for OpenWrt
on a MIPS CPU, but it could be a lot of work. Perhaps could
convince the OpenWrt developers to try it or pull a release from
their current development build. Is this the best approach?
At 05:27 AM 3/27/2007 +0200, Paul Wouters wrote:
>On Mon, 26 Mar 2007, David Lawless wrote:
>> I'm trying to configure Openswan v2.4.6-1 running under
>It's unfortunately a little bit dated.
>> v0.9 on a Linksys WRT54GS v2.1 as a substitute for a working
>> Cisco VPN v4.6.03.0021 Windows client. It seems from what I
>> can tell that XAUTH is how this type of client operates.
>You'd make life much easier if you 'ipkg install l2tpd' and use
>with openswan. Additional benefit is that it does not require
>to install any software on Windows or OSX.
>> If I select main mode, Openswan fails immediately with
>> pluto: "Connection" #1: initiating Main Mode
>> pluto: packet from R.R.R.R:500: ignoring informational
>payload, type NO_PROPOSAL_CHOSEN
>> pluto: packet from R.R.R.R:500: received and ignored
>Did you configure with leftxauthserver=yes and
>Or download openswan on a desktop, and check
>> If I select aggressive mode, I can't seem to figure out which
>> algorithms to select. Openswan says
>> pluto: "Connection" #1: multiple transforms were set in
>aggressive mode. Only first one used.
>> pluto: "Connection" #1: transform (7,2,5,128) ignored.
>> pluto: "Connection" #1: transform (7,1,2,128) ignored.
>> pluto: "Connection" #1: transform (7,2,2,128) ignored.
>> pluto: "Connection" #1: ASSERTION FAILED at
>spdb_struct.c:1233: trans->attr_cnt == 4
>As listed in CHANGES:
>* Fix for Aggressive Mode and NAT-T port floating, based on
>RedHat patch [paul]
>* Fix for Aggressive Mode and NAT-T (#491) by Delta Yeh
>* bugtracker bugs fixed:
> #git c2e23a6e16a55632d618740518d419f3fad3323d: AggressiveMode
> fix from Marin
>* bugtracker bugs fixed:
> #474 ASSERTION FAILED at spdb_struct.c:1233: trans->attr_cnt >
>> config setup
>> conn Connection
>> left= %defaultroute
>> leftid= @GroupName
>> leftxauthclient= yes
>> right= R.R.R.R
>> rightsubnet= R.R.R.H/32
>> rightxauthserver= yes
>I assume you want the openwrt to be the xauthserver, not the
>You've swapped the two. Also, using a rightsubnet with /32 is
>always a sign of NAT traversal failing to work, eg due to a
>virtual_private= in config setup in this case.
More information about the Dev