[Openswan Users] Ipsec configuration Lucent VPN Gateway with OpenSwan or others (Lucent

Michael H. Warfield mhw at WittsEnd.com
Sun Feb 21 18:07:39 EST 2010


On Sun, 2010-02-21 at 21:56 +0000, srbarrios at gmail.com wrote:
> Because I want work in Linux, but I can't because I only have access
> to vpn using this client in Windows, and I search help to connect to
> this vpn using OpenSwan.

Ah!  Ok...  Got it.

Yeah, I think you have the same problem as I do and several other
people.  It's a little bigger problem than just that one gateway, I
believe, and I think we may identified a couple of problems, some of
which may be tripping you up.  I'm seeing the exact same symptoms you
are seeing.  I suspect that if we solve one we can solve the other.  In
my case, I do already have another client tool that works against my
gateway so I am able to sniff what it's looking for.  That other client
is "vpnc" which may or may not work for you, I don't know.  The working
client is somewhat Cisco specific and has some limitations, like only
supporting one vpn connection at a time.

Since you don't have a working client on Linux, there's nothing you can
sniff for purely on that one system unless you can try and sniff the
startup of a working windows connection.  The first packet returned by
the gateway back to a working client would tell you what proposal it's
willing to accept.  But, so far, even that's not working for me yet,
either.  You would have to use something like Wireshark to pull apart
the protocol for the proposal information.

Using XAUTH usually means you are using some extended information like a
SecureID token or you have a combination of group name and group
password in addition to a user name and user password.  In my case, I've
got a little of both.  Not sure about what you have to enter.

Regards,
Mike
> 
> El , "Michael H. Warfield" <mhw at wittsend.com> escribió:
> > On Sun, 2010-02-21 at 10:07 +0000, srbarrios at gmail.com wrote:
> > 
> > > I do not understand why Michael write his question in this thread,
> > 
> > > with an specified problem for an specified gateway of
> Lucent-Alcatel
> > 
> > > and his client only for Windows, because his question is
> completely
> > 
> > > different with my question and the problem in this thread...
> > 
> > > Anyway, thanks, but my problem is here, and I can't work in Linux.
> > 
> > 
> > 
> > I'm confused by what you're saying here.  Are you saying my "client
> only
> > 
> > for Windows" or your "client only for Windows" or whose "client only
> for
> > 
> > Windows".  I work purely in Linux.  If you're in Windows with a
> client
> > 
> > accessing a Lucent-Alcatel vpn gateway, then I'm really confused how
> > 
> > this involves OpenSWAN.
> > 
> > 
> > 
> > This thread and two or three other threads like it seem to center
> around
> > 
> > a common problem with XAuth and aggressive mode in OpenSWAN, which
> is
> > 
> > what I'm looking into right now for my own purposes and for a whole
> team
> > 
> > I work with and I thought I might be able to shed some light on your
> > 
> > problem and those others with which I see a common theme.  If you're
> not
> > 
> > on Linux, how are you using OpenSWAN?  Somehow I missed the
> "Windows"
> > 
> > part of this earlier in the thread entirely.
> > 
> > 
> > 
> > Mike
> > 
> > --
> > 
> > Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
> > 
> >   /\/\|=mhw=|\/\/          | (678) 463-0932 |
>  http://www.wittsend.com/mhw/
> > 
> >   NIC whois: MHW9          | An optimist believes we live in the
> best of all
> > 
> >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure
> of it!
> >

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20100221/816411e5/attachment.bin 


More information about the Users mailing list