[Openswan Users] Testing xauth-pluto-11

Rajitha Reddy RReddy at mocana.com
Thu Jul 17 18:45:29 EDT 2008 

Hi,

In order to the see the working of openswan xauth server and client, I am testing the scripts in the folder testing/pluto/xauth-pluto-11.


Can you please let me know the following:

1.       Even with the following in ipsec.conf, I don't see more debug on the output.

plutostderrlog=/tmp/pluto.log

plutodebug="all"



Am I missing something?



2.       I have configured east.conf and road.conf with the relevant ip addresses and retained the rest of the information as it is. And, started the test as follows:

On the server,

./testparams.sh

./eastinit.sh



On the client,

./testparams.sh

./roadinit.sh



The server does nothing except for :



[root at rreddy-fc5 xauth-pluto-11]# ./eastinit.sh

ipsec_setup: Openswan IPsec apparently already active, start aborted

done



The client gives the following:

________________________________

ipsec_setup: Starting Openswan IPsec 2.6.14...

ipsec_setup: No KLIPS support found

ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY

ipsec_setup:

ipsec_setup:

000 "xauth-road--eastnet": 10.8.10.244<10.8.10.244>[@road.testing.xelerance.com,+XC+S=C]...192.168.3.38<192.168.3.38>[@east,+XS+S=C]; unrouted; eroute owner: #0

000 "xauth-road--eastnet":     myip=unset; hisip=unset;

000 "xauth-road--eastnet":     xauth info: myxauthuser=use1;

000 "xauth-road--eastnet":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3

000 "xauth-road--eastnet":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW; prio: 32,32; interface: eth0;

000 "xauth-road--eastnet":   newest ISAKMP SA: #0; newest IPsec SA: #0;

done

[root at aragon openswan-2.6.14_xauth]#

________________________________



                I am not able to make out what exactly happened here? Can you please tell me if the xauth took place successfully or has it failed? How can I print more debug information here?



3.       Also, what types of extended authentication does  openswan xauth server support? Like username, password, passcode, message etc? and where can these be configured on the server? Any help is greatly appreciated.



Thanks,

Rajitha.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080717/813210c5/attachment.html

More information about the Users mailing list