[Openswan Users] Cisco Concentrator 3005 to Openswan

ACasella antony.casella at sand.com
Mon Jun 11 12:35:44 EDT 2007 

I forgot to mention that I have also added 
leftxauthclient=yes to my conf file.  Still same problem.

Thank you

Antony

On Mon, 2007-06-11 at 12:30 -0400, ACasella wrote:
> On Mon, 2007-06-11 at 10:52 -0400, Paul Wouters wrote:
> 
> Paul,
> 
> Thank you for your reply.
> > 
> > That probably means XAUTH.
> > 
> 
> I've now setup my conf file as:
> 
> 
>  conn host-to-host
>      type=tunnel
>      authby=secret
>      left=72.55.yyy.yyy
>      leftnexthop=%defaultroute
>      right=137.186.xxx.xxx
>      rightxauthserver=yes
>      rightnexthop=%defaultroute
>      ike=3des-md5-modp1024
>      esp=3des-md5
>      keyexchange=ike
>      pfs=no
>      xauth=yes
>      auto=add
> 
> Next I run ( I googled this so it may be the wrong thing to run):
>  ipsec whack  --name=host-to-host --xauthname=Some_username
> --xauthpass=somepassword --initiate
> 
> The behaviour is the same a before.  
> 
> 002 "host-to-host" #1: initiating Main Mode
> 104 "host-to-host" #1: STATE_MAIN_I1: initiate
> 003 "host-to-host" #1: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02             _n] method set to=106
> 003 "host-to-host" #1: ignoring unknown Vendor ID payload
> [4048b7d56ebce88525e7d             e7f00d6c2d3c0000000]
> 002 "host-to-host" #1: enabling possible NAT-traversal with method RFC
> 3947 (NAT             -Traversal)
> 002 "host-to-host" #1: transition from state STATE_MAIN_I1 to state
> STATE_MAIN_I             2
> 106 "host-to-host" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 010 "host-to-host" #1: STATE_MAIN_I2: retransmission; will wait 20s for
> response
> 003 "host-to-host" #1: ignoring informational payload, type
> INVALID_COOKIE
> 003 "host-to-host" #1: received and ignored informational message
> 010 "host-to-host" #1: STATE_MAIN_I2: retransmission; will wait 40s for
> response
> 003 "host-to-host" #1: ignoring informational payload, type
> INVALID_COOKIE
> 003 "host-to-host" #1: received and ignored informational message
> 031 "host-to-host" #1: max number of retransmissions (2) reached
> STATE_MAIN_I2
> 000 "host-to-host" #1: starting keying attempt 2 of an unlimited number,
> but releasing whack
> 
> 
> They have not provided a certificate.  Only a username and a pre-shared key.
> 
> 
> > It should be the xauth parameter. See man ipsec.conf
> 
> It says it is not well documented But I am hoping someone can help me
> out on the matter. 
> 
> 
> Thank you
> Antony
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list