[Openswan Users] xauth trouble

Philipp Snizek psnizek at seaan.net
Mon May 24 12:19:24 CEST 2004


Hi

got a problem with xauth.
the gateway's config:

conn rwXauth
        type=tunnel
        authby=secret
        pfs=yes
        keyexchange=ike
        auth=esp
        left=192.168.0.2
        leftsubnet=172.16.1.0/24
        leftnexthop=192.168.0.5
        leftxauthserver=yes
        rightxauthclient=yes
        right=%any
        rightsubnetwithin=192.168.1.0/16
        auto=add

this will cause this answer 
/usr/local/libexec/ipsec/whack: unrecognized option `--xauthserver'
when ipsec auto --add rwXauth is executed.


with this gateway config:

conn rwXauth
        type=tunnel
        authby=secret
        pfs=yes
        keyexchange=ike
        auth=esp
        left=192.168.0.2
        leftsubnet=172.16.1.0/24
        leftnexthop=192.168.0.5
        xauth=yes
	  right=%any
        rightsubnetwithin=192.168.1.0/16
        auto=add

I can add the conn, but when trying to connect with softremote the
/var/log/secure log logs this:

Mar 19 16:12:41 saopaulo pluto[1259]: packet from 192.168.0.5:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 19 16:12:41 saopaulo pluto[1259]: "rwXauth"[2] 192.168.0.5 #6:
responding to Main Mode from unknown peer 192.168.0.5
Mar 19 16:12:41 saopaulo pluto[1259]: "rwXauth"[2] 192.168.0.5 #6:
Pluto does not support XAUTHInitPreShared authentication.Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 19 16:12:41 saopaulo pluto[1259]: "rwXauth"[2] 192.168.0.5 #6: no
acceptable Oakley Transform
Mar 19 16:12:41 saopaulo pluto[1259]: "rwXauth"[2] 192.168.0.5:
deleting connection "rwXauth" instance with peer 192.168.0.5
{isakmp=#0/ipsec=#0}

I did compile openswan with xauth=true in makefile.inc.

box is slackware 9.1 with vanilla kernel 2.4.2x. Openswan is 2.0.0 I
think (box is at school and I can't access it right now).

thanks for your help

regards,
Philipp 



More information about the Users mailing list