[Openswan Users] Problem with E91

Denis Beltramo denis at denisio.net
Fri May 9 12:07:07 EDT 2008 

In all my game with openswan, i tryed to connect all: leopard mac windows.
Work all.. There is a last system.. openswan with symbian.
The negotiation work but when I insert the password don't work... Say alway
that password is incorrect.
I have create with htpasswd file in /etc/ipsec.d/passwd with line:
test:rekfkdr

This is configuration on ipsec.conf

conn E61
        # Key exchange
        ike=aes256-sha1-modp1536
        # Data exchange
        esp=aes256-sha1
        # Authentication method PSK
        authby=secret
        auto=add
        keyingtries=3
        rekey=no
        pfs=no
        # Modeconfig setting
        modecfgpull=yes
        # local endpoint
        left=123.123.123.1
        leftxauthserver=yes
        leftmodecfgserver=yes
        leftsourceip=192.168.1.1
        leftsubnet=192.168.1.0/24
        # remote endpoint
        right=%any
        rightxauthclient=yes
        rightmodecfgclient=yes
        rightsourceip=192.168.1.2
        rightsubnet=192.168.1.2/32


The log say this:

May  9 17:59:33 vpnserver pluto[3567]: packet from 123.123.123.123:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
May  9 17:59:33 vpnserver pluto[3567]: packet from 123.123.123.123:500:
received Vendor ID payload [XAUTH]
May  9 17:59:33 vpnserver pluto[3567]: packet from 123.123.123.123:500:
received Vendor ID payload [Cisco-Unity]
May  9 17:59:33 vpnserver pluto[3567]: "E61"[3] 123.123.123.123 #2:
responding to Main Mode from unknown peer 123.123.123.123
May  9 17:59:33 vpnserver pluto[3567]: "E61"[3] 123.123.123.123 #2:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May  9 17:59:33 vpnserver pluto[3567]: "E61"[3] 123.123.123.123 #2:
STATE_MAIN_R1: sent MR1, expecting MI2
May  9 17:59:34 vpnserver pluto[3567]: "E61"[3] 123.123.123.123 #2: ignoring
unknown Vendor ID payload [e5cb38e444c95694a8dfaa8e0bfe424a]
May  9 17:59:34 vpnserver pluto[3567]: "E61"[3] 123.123.123.123 #2:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
May  9 17:59:34 vpnserver pluto[3567]: "E61"[3] 123.123.123.123 #2:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
May  9 17:59:34 vpnserver pluto[3567]: "E61"[3] 123.123.123.123 #2:
STATE_MAIN_R2: sent MR2, expecting MI3
May  9 17:59:35 vpnserver pluto[3567]: "E61"[3] 123.123.123.123 #2: Main
mode peer ID is ID_KEY_ID: '@#0x6973696c696e65'
May  9 17:59:35 vpnserver pluto[3567]: "E61"[3] 123.123.123.123 #2: switched
from "E61" to "E61"
May  9 17:59:35 vpnserver pluto[3567]: "E61"[4] 123.123.123.123 #2: deleting
connection "E61" instance with peer 123.123.123.123 {isakmp=#0/ipsec=#0}
May  9 17:59:35 vpnserver pluto[3567]: "E61"[4] 123.123.123.123 #2: I did
not send a certificate because I do not have one.
May  9 17:59:35 vpnserver pluto[3567]: "E61"[4] 123.123.123.123 #2:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
May  9 17:59:35 vpnserver pluto[3567]: "E61"[4] 123.123.123.123 #2:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=aes_256 prf=oakley_sha group=modp1536}
May  9 17:59:35 vpnserver pluto[3567]: "E61"[4] 123.123.123.123 #2: XAUTH:
Sending XAUTH Login/Password Request
May  9 17:59:35 vpnserver pluto[3567]: "E61"[4] 123.123.123.123 #2: XAUTH:
Sending Username/Password request (XAUTH_R0)
May  9 17:59:49 vpnserver pluto[3567]: "E61"[4] 123.123.123.123 #2: XAUTH:
Unsupported XAUTH parameter XAUTH-TYPE received.
May  9 17:59:49 vpnserver pluto[3567]: XAUTH: User test: Attempting to login
May  9 17:59:49 vpnserver pluto[3567]: XAUTH: pam authentication being
called to authenticate user test
May  9 17:59:49 vpnserver pluto[3567]: (pam_unix) check pass; user unknown
May  9 17:59:49 vpnserver pluto[3567]: (pam_unix) authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=
May  9 17:59:51 vpnserver pluto[3567]: XAUTH: User test: Authentication
Failed: Incorrect Username or Password
May  9 17:59:52 vpnserver pluto[3567]: "E61"[4] 123.123.123.123 #2:
Expecting MODE_CFG_REPLY, got ISAKMP_CFG_ACK instead.
May  9 17:59:52 vpnserver pluto[3567]: "E61"[4] 123.123.123.123 #2:
Informational Exchange message is invalid because it has a Message ID of 0

Suggestion
Thanks!

-- 
Denis Beltramo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080509/a2c003e7/attachment.html

More information about the Users mailing list