[Openswan Users] xauth trouble
Philipp Snizek
psnizek at seaan.net
Mon May 24 12:19:24 CEST 2004
Hi
got a problem with xauth.
the gateway's config:
conn rwXauth
type=tunnel
authby=secret
pfs=yes
keyexchange=ike
auth=esp
left=192.168.0.2
leftsubnet=172.16.1.0/24
leftnexthop=192.168.0.5
leftxauthserver=yes
rightxauthclient=yes
right=%any
rightsubnetwithin=192.168.1.0/16
auto=add
this will cause this answer
/usr/local/libexec/ipsec/whack: unrecognized option `--xauthserver'
when ipsec auto --add rwXauth is executed.
with this gateway config:
conn rwXauth
type=tunnel
authby=secret
pfs=yes
keyexchange=ike
auth=esp
left=192.168.0.2
leftsubnet=172.16.1.0/24
leftnexthop=192.168.0.5
xauth=yes
right=%any
rightsubnetwithin=192.168.1.0/16
auto=add
I can add the conn, but when trying to connect with softremote the
/var/log/secure log logs this:
Mar 19 16:12:41 saopaulo pluto[1259]: packet from 192.168.0.5:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 19 16:12:41 saopaulo pluto[1259]: "rwXauth"[2] 192.168.0.5 #6:
responding to Main Mode from unknown peer 192.168.0.5
Mar 19 16:12:41 saopaulo pluto[1259]: "rwXauth"[2] 192.168.0.5 #6:
Pluto does not support XAUTHInitPreShared authentication.Attribute
OAKLEY_AUTHENTICATION_METHOD
Mar 19 16:12:41 saopaulo pluto[1259]: "rwXauth"[2] 192.168.0.5 #6: no
acceptable Oakley Transform
Mar 19 16:12:41 saopaulo pluto[1259]: "rwXauth"[2] 192.168.0.5:
deleting connection "rwXauth" instance with peer 192.168.0.5
{isakmp=#0/ipsec=#0}
I did compile openswan with xauth=true in makefile.inc.
box is slackware 9.1 with vanilla kernel 2.4.2x. Openswan is 2.0.0 I
think (box is at school and I can't access it right now).
thanks for your help
regards,
Philipp
More information about the Users
mailing list