[Openswan Users] Connecting to Cisco 3000

Marcus Better marcus.better at abc.se
Fri Sep 3 11:56:22 CEST 2004


Hello,

I am trying to connect Openswan 2.1.5 (with XAUTH support enabled) 
running on Fedora Core 2, kernel 2.6.8, to a Cisco VPN Concentrator 3060.

I have set up a pre-shared key in ipsec.secrets. Apparently Main mode 
works, but I cannot get past the XAUTH password prompt. I enter my 
username and password, but then I just get another password prompt, over 
and over again.

There is no error message, so I'm not sure if my password is accepted or 
not. I use the same user/password with the Cisco VPN client (which is 
also probably broken on my system, but at least manages to connect).

I can get more detailed logs from Openswan if necessary, but perhaps 
someone knows the problem already.

The relevant part of ipsec.conf is:

conn testconn
      right=vpn-tunnel.mydomain.se
      rightxauthserver=yes
      left=%defaultroute
      leftid=@MYGROUP
      leftxauthclient=yes
      authby=secret
      auto=add

The output from Openswan is as follows:

-----------------------------------------------------------------
104 "testconn" #2: STATE_MAIN_I1: initiate
003 "testconn" #2: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-03]
003 "testconn" #2: ignoring Vendor ID payload [4048b7d56ebce885...]
106 "testconn" #2: STATE_MAIN_I2: sent MI2, expecting MR2
003 "testconn" #2: ignoring Vendor ID payload [Cisco-Unity]
003 "testconn" #2: received Vendor ID payload [XAUTH]
003 "testconn" #2: ignoring Vendor ID payload [0bff6462ba885499...]
003 "testconn" #2: ignoring Vendor ID payload [1f07f70eaa6514d3...]
003 "testconn" #2: NAT-Traversal: Result using 
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
108 "testconn" #2: STATE_MAIN_I3: sent MI3, expecting MR3
003 "testconn" #2: ignoring Vendor ID payload [Dead Peer Detection]
004 "testconn" #2: STATE_MAIN_I4: ISAKMP SA established
003 "testconn" #2: XAUTH-Message: Enter Username and Password.
041 "testconn" #2: testconn prompt for Username:
Name enter:   marcus
040 "testconn" #2: testconn prompt for Password:
Enter secret:
004 "testconn" #2: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
003 "testconn" #2: XAUTH-Message: Enter Username and Password.
041 "testconn" #2: testconn prompt for Username:
Name enter:
---------------------------------------------------------------------



More information about the Users mailing list