[Openswan Users] Getting XAuth

Rajitha Reddy RReddy at mocana.com
Tue Jul 15 17:01:58 EDT 2008


Can you please help with the following question?

I am trying to test my Xauth client with the Openswan Xauth server. Before that, I want to get the Openswan Xauth Server working with Openswan XAuth Client. But, I am getting a "encountered fatal error in state STATE_XAUTH_I1" on the client side.

On the openswan Xauth server, I have done the following to enable Xauth:

1.    Set USE_XAUTH=true in Makefile.inc

2.    make programs

3.    make install

4.    Configured single shared secret (PSK) in /etc/ipsec.secrets:

For ex:  : PSK "xauth"

5.    Created a file /etc/ipsec.d/passwd with username:passwd:conn_name

6.    Added leftxauthserver=yes in /etc/ipsec.conf

7.    The server and client address are already configured in /etc/ipsec.conf

I have carried out the same steps as above to get an openswan Xauth client except for step 6:

6.    Added leftxauthclient=yes in /etc/ipsec.conf

On the server, I start the ipsec service.

On the client side, I start the ipsec service & ipsec auto --up client. But, I am seeing the following error on the client side:

104 "bison2" #1: STATE_MAIN_I1: initiate

010 "bison2" #1: STATE_MAIN_I1: retransmission; will wait 20s for response

003 "bison2" #1: received Vendor ID payload [Openswan (this version) 2.6.14 ]

003 "bison2" #1: received Vendor ID payload [Dead Peer Detection]

003 "bison2" #1: received Vendor ID payload [XAUTH]

106 "bison2" #1: STATE_MAIN_I2: sent MI2, expecting MR2

108 "bison2" #1: STATE_MAIN_I3: sent MI3, expecting MR3

003 "bison2" #1: received Vendor ID payload [CAN-IKEv2]

004 "bison2" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536}

041 "bison2" #1: bison2 prompt for Username:

Name enter:   user1

040 "bison2" #1: bison2 prompt for Password:

Enter secret:

004 "bison2" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set

037 "bison2" #1: encountered fatal error in state STATE_XAUTH_I1

I would like to know if I have configured the server and client correctly so that I can start testing my client. Can you please let me know if I am missing some steps?

Thanks for your time.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080715/8cc39c56/attachment.html 

More information about the Users mailing list