[Openswan Users] Using XAUTH against Checkpoint firewall
webserv at s3group.cz
Thu Dec 17 05:49:32 EST 2009
I am trying to test 2 phase authentication for RoadWarrior client with
Checkpoint R95 firewall using XAUTH.
Now, when I comment out the xauth stuff, I am able to establish the
tunnel using my certificates. When I uncomment the xauth stuff, I am not
able to finish even the first (IKE) stage of the negotiation:
104 "Prague" #1: STATE_MAIN_I1: initiate
003 "Prague" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
003 "Prague" #1: received and ignored informational message
And the firewall complains: "Reason: unsupported authentication method
Who is right here? According to
extended authentication should be required AFTER successfully finished
stage 1. So OpenSwan should authenticate stage 1 using certificate and
THEN expect/require ISAKMP authentication request with XAUTH.
Can someone shed some light into this?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users