[Openswan Users] Using XAuth

[Rajitha Reddy]

Hi,

I have installed openswan on 2 linux machines. I am using one as the server and the other as the client and have got ipsec working.

Now, I would like to configure one as Xauth server and the other as the Xauth client.

I have done the following to enable Xauth:


1.       Set USE_XAUTH=true in Makefile.inc

2.       make programs

3.       make install

4.       Configure single shared secret (PSK) in /etc/ipsec.secrets like

0.0.0.0 1.2.3.4  : PSK "a secret for the xauth users"

5.       On the Xauth Server, I added leftxauthserver=yes in /etc/ipsec.conf

6.       On the Xauth Client, I added ledtxauthclient=yes in /etc/ipsec.conf

7.       The basic route details are already configured for ipsec in /etc/ipsec.conf

When I start the Xauth server and client, I simply get the following on both server and client. Can you please tell me what I am missing in the xauth configuration?

[root]# ipsec auto --up aragon
104 "aragon" #2: STATE_MAIN_I1: initiate
003 "aragon" #2: received Vendor ID payload [Openswan (this version) 2.6.14 ]
003 "aragon" #2: received Vendor ID payload [Dead Peer Detection]
003 "aragon" #2: received Vendor ID payload [XAUTH]
106 "aragon" #2: STATE_MAIN_I2: sent MI2, expecting MR2
108 "aragon" #2: STATE_MAIN_I3: sent MI3, expecting MR3
010 "aragon" #2: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "aragon" #2: discarding duplicate packet; already STATE_MAIN_I3
010 "aragon" #2: STATE_MAIN_I3: retransmission; will wait 40s for response
003 "aragon" #2: discarding duplicate packet; already STATE_MAIN_I3
031 "aragon" #2: max number of retransmissions (2) reached STATE_MAIN_I3.  Possible authentication failure: no acceptable response to our first encrypted message
000 "aragon" #2: starting keying attempt 2 of at most 3, but releasing whack

Thanks,
Rajitha.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080708/159e3393/attachment.html