[Openswan Users] unexpected STRING [xauth] trying to set up connection to SonicWall
James Muir
muir.james.a at gmail.com
Mon Jan 19 10:02:34 EST 2009
Neil Aggarwal wrote:
> James:
>
> Based on your post, I changed my config files to:
>
> sonicwall.conf:
> conn sonicwall
> type=tunnel
> auto=add
> auth=esp
> pfs=no
> authby=secret
> keyingtries=0
> left=1.2.3.4
> leftid=1.2.3.4
> leftsubnet=1.2.3.4/28
> leftxauthclient=yes
> right=5.6.7.8
> rightsubnet=192.168.1.0/24
> rightid=@00ABCDE
> rightxauthserver=yes
> esp=3des-sha1
> keyexchange=ike
> ike=3des-sha1-modp1024
> aggrmode=yes
>
> sonicwall.secrets:
>
> 1.2.3.4 @00ABCDE : PSK "myPass"
>
> I still get this output:
>
> Jan 16 17:08:18 jamm8 pluto[29365]: "sonicwall" #1: initiating Aggressive
> Mode #1, connection "sonicwall"
> Jan 16 17:08:18 jamm8 pluto[29365]: | setting sec: 1
> Jan 16 17:08:18 jamm8 pluto[29365]: "sonicwall" #1: Informational Exchange
> message must be encrypted
>
> Any idea?
I'm not certain if it will solve your problem, but I think you have the
file ipsec.secrets configured incorrectly. PSK is short for "pre-shared
key" -- your password doesn't go there. PSK + XAUTH is an
authentication method; my sonicwall uses this method, but yours might do
something different (talk to your sys admin).
Assuming that your sonicwall is set to do PSK + XAUTH, your pre-shared
key is a hex-string that both you and the sonicwall share (e.g.
0123456789ABCDEF). Your sys admin can give this to you. This is the
string that goes in ipsec.secrets.
Once you initiate your connection, and the PSK is verified, the
sonicwall will prompt you for your password.
-James
More information about the Users
mailing list