[Openswan Users] Roadwarrior using Openswan

Angel Vicente Perez angelv64 at wanadoo.es
Thu Feb 1 13:20:20 EST 2007 

On Tue, Jan 30, 2007 at 08:14:36PM +0100, Paul Wouters wrote:
> On Mon, 29 Jan 2007, Angel Vicente Perez wrote:
> 
> > I'm very newbie at Openswan. I'd like to setup a connection for a
> > roadwarrior, but after reading some thread in the list about the subject, I
> > didn't get success.
> >
> > I have the next data:
> >
> > IP of a security gateway
> > IPSec ID
> > IPSec secret
> > XAuth username
> > XAuth password
> >
> > with this data, I'm able to act as a roadwarrior using vpnc, but I'm not
> > able to do the same using Openswan.
> 
> see "man ipsec.conf", the options you are looking for are:
> 
> leftid=
> rightid=
> left=%defaultroute
> right=ipofsecuritygateway
> leftxauthclient=yes
> rightxauthserver=yes
> 
Hello...

I'm trying to test it, but without success below is my configuration:

conn Test
    authby=secret
    left=%defaultroute
    leftmodecfgclient=yes
    leftid=@IDLeft
    leftxauthclient=yes
    right=xxx.xxx.xxx.xxx
    rightid=@IDRight
    rightxauthserver=yes
    rightmodecfgserver=yes
    modecfgpull=yes
    auto=add

but when I do: ipsec auto --up Test, I get the next outprint:

angel# ipsec auto --up Test
104 "Test" #9: STATE_MAIN_I1: initiate
003 "Test" #9: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
method set to=108
003 "Test" #9: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
meth=106, but already using method 108
106 "Test" #9: STATE_MAIN_I2: sent MI2, expecting MR2
003 "Test" #9: received Vendor ID payload [XAUTH]
003 "Test" #9: received Vendor ID payload [Dead Peer Detection]
003 "Test" #9: received Vendor ID payload [Cisco-Unity]
003 "Test" #9: ignoring unknown Vendor ID payload
[fef0b7c75c3b14501e906e3cff679e63]
003 "Test" #9: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03:
i am NATed
108 "Test" #9: STATE_MAIN_I3: sent MI3, expecting MR3
010 "Test" #9: STATE_MAIN_I3: retransmission; will wait 20s for response
010 "Test" #9: STATE_MAIN_I3: retransmission; will wait 40s for response
031 "Test" #9: max number of retransmissions (2) reached STATE_MAIN_I3. 
Possible authentication failure: no acceptable response to our first
encrypted message
000 "Test" #9: starting keying attempt 2 of an unlimited number, but
releasing whack

I think that the quiz is in the next line to the "[Cisco-Unity]" but I'm not
sure.

More information about the Users mailing list