[Openswan Users] Does Xauth client work? - Fatal error

Rajitha Reddy RReddy at mocana.com
Wed Jul 16 01:44:34 EDT 2008 

I added the following to ipsec.conf on the client:

leftxauthname=server1

and the ipsec.secrets looks like this now:

192.168.3.38 10.8.10.244 : PSK "mocana"
server1 : XAUTH "xauth"

And then, I did the following:

==========================================================================================
[root at aragon openswan-2.6.14_xauth]# /usr/local/sbin/ipsec auto --up bison2
104 "bison2" #1: STATE_MAIN_I1: initiate
003 "bison2" #1: received Vendor ID payload [Openswan (this version) 2.6.14 ]
003 "bison2" #1: received Vendor ID payload [Dead Peer Detection]
003 "bison2" #1: received Vendor ID payload [XAUTH]
106 "bison2" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "bison2" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "bison2" #1: received Vendor ID payload [CAN-IKEv2]
004 "bison2" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536}
040 "bison2" #1: bison2 prompt for Password:
Enter secret:
004 "bison2" #1: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
037 "bison2" #1: encountered fatal error in state STATE_XAUTH_I1
==========================================================================================

I entered "xauth" when it asked for secret and then it gave a fatal error. I also tried using whack just to see how it goes:

====================================================================================
[root at aragon openswan-2.6.14_xauth]# /usr/local/sbin/ipsec whack --xauthname 'server1' --xauthpass 'xauth' --name bison2 --initiate
002 "bison2" #2: initiating Main Mode
104 "bison2" #2: STATE_MAIN_I1: initiate
003 "bison2" #2: received Vendor ID payload [Openswan (this version) 2.6.14 ]
003 "bison2" #2: received Vendor ID payload [Dead Peer Detection]
003 "bison2" #2: received Vendor ID payload [XAUTH]
002 "bison2" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "bison2" #2: STATE_MAIN_I2: sent MI2, expecting MR2
002 "bison2" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "bison2" #2: STATE_MAIN_I3: sent MI3, expecting MR3
003 "bison2" #2: received Vendor ID payload [CAN-IKEv2]
002 "bison2" #2: Main mode peer ID is ID_IPV4_ADDR: '192.168.3.38'
002 "bison2" #2: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "bison2" #2: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536}
040 "bison2" #2: bison2 prompt for Password:
002 "bison2" #2: XAUTH: Answering XAUTH challenge with user='server1'
002 "bison2" #2: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
004 "bison2" #2: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
037 "bison2" #2: encountered fatal error in state STATE_XAUTH_I1
==========================================================================================

For all the above, I have just started ipsec on the server and not the connection. If I brought up the connection on the server, then the client would not ask me for passwd at all. Thanks in advance.

Rajitha.


-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Tuesday, July 15, 2008 8:51 PM
To: Rajitha Reddy
Cc: users at lists.openswan.org
Subject: RE: [Openswan Users] Does Xauth client work? - Fatal error

On Tue, 15 Jul 2008, Rajitha Reddy wrote:

> With this, the client asks me for the user name and password. But, I haven't configured the username. But, have configured ipsec.secrets for the PSK. It is here that I am getting stuck. Can you please tell me where I should configure the username and passwd?

You can use leftxauthname= and put the password in ipsec.secrets on a line
like:

username : XAUTH "password"

(from the top of my head, check a recent openswan man page for ipsec.secrets
or check testing/pluto/*xauth*

Paul

More information about the Users mailing list