Antwort: Re: [Openswan Users] AUTHENTICATION_FAILED trying to connect to BinTec Gateway

Henning Holtschneider henning at loca.net
Mon Apr 11 19:10:28 CEST 2005


On Monday 11 April 2005 17:22, Frank.Mayer at knapp-systems.com wrote:
> If you ask like that: no, I'm not sure, but that router is beyond my
> control and reach (customer's property).
> I was just told there was a log entry about "local id". (This is not used
> with PSK authentication, is it?)

The "ids" are being used on the Bintec by default. If the log entry is 
relevant depends on the configuration of the Bintec router. Also, the Bintec 
will only log useful information if ipsecGlobMaxSysLogLevel is set to "debug" 
and then you have to run "debug ipsec" on the command line interface of the 
Bintec to see the output. The normal system logging which is available 
through the menu-driven interface is meaningless when it comes to IPsec 
problems.

> The router is model X8500, software version unknown to me, but I can ask

Ok, any X8500 firmware should be new enough.

> I just wanted somebody might give me a hint as to how to find out why I
> keep getting "AUTHENTICATION_FAILED" -
> e.g. "invalid preshared secret" or something like that.

There can be several reasons for this. The Linux side should work with a 
minimum configuration, basically just the parameters left, right, leftsubnet, 
rightsubnet and authby=secret. The configuration on the Bintec side is not so 
simple, especially if there is more than one VPN connection configured.

Regards,
Henning Holtschneider
--
LocaNet oHG - http://www.loca.net
Lindemannstrasse 81, D-44137 Dortmund
tel +49 231 91596-25, fax +49 231 91596-55
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20050411/fb27137e/attachment.bin


More information about the Users mailing list