[Openswan Users] [Vpn-help] shrewsoft <-> openswan not working with PSK+XAUTH
mgrooms at shrew.net
Thu May 8 12:12:45 EDT 2008
hiren joshi wrote:
> I am not able to establish a connection with following configuration:
> Client: ShrewSoft 2.0.3
> Server: Openswan-2.4.8
> Auth Method: PSK+XAUTH
> Analyzing the log I found:
> Openswan do not send value of XAUTH_TYPE attribute as per:
> http://www.vpnc.org/ietf-xauth/draft-beaulieu-ike-xauth-02.txt. Which
> says -
> XAUTH-TYPE - The type of extended authentication requested whose
> values are described in the next section. This is an optional
> attribute for the ISAKMP_CFG_REQUEST and ISAKMP_CFG_REPLY messages.
> If the XAUTH-TYPE is not present, then it is assumed to be Generic.
> However, Shrewsoft vpn client expects the value of XAUTH_TYPE attribute
> (see below log).
> Perhaps it is following:
> http://tools.ietf.org/html/draft-ietf-ipsec-isakmp-xauth-03. Which says -
> XAUTH_TYPE - The type of extended authentication requested whose
> values are described in the next section. This is a mandatory
> attribute for the ISAKMP_CFG_REQUEST and ISAKMP_CFG_REPLY
> Shrewsoft Vpn Client Log:
> !! : missing required xauth type attribute
> Is there any workaround/patch available?
Thanks for trying out the Shrew Soft Client. There is no solution for
this particular problem that I know of. Providing a work around in the
Shrew Soft Client should be a trivial matter. I have added this to my
TODO list and a patch will be included in the next 2.1.0 beta release. I
will send you a notice when the package is available for testing early
Very good problem analysis BTW :)
More information about the Users