[Openswan Users] XAUTH not receiving/computing password

Patrick Naubert patrickn at xelerance.com
Fri Jul 4 07:50:44 EDT 2014

Rescued from the Spam bucket.  Please remember to subscribe to the mailing list before posting to it.

From: Pontus Wiberg <pontus.wiberg at universumglobal.com>
Subject: XAUTH not receiving/computing password
Date: July 4, 2014 at 7:24:03 AM EDT
To: users at lists.openswan.org

Hi all,

I have an annoying problem with openswan, I had it working with PAM authentication and the same setup before but that causes other issues so I'm setting up with MD5 and an /etc/ipsec.d/passwd file. Recompiled to not use PAM.

My issue right now is that it looks like the server is not getting the password from the client, or rather it does get the XAUTH-USER-PASSWORD attribute with the correct length, but something seems to happen along the way which leads it to compare pass (null) vs. the md5 hash.. obviously this doesn't work. 

Log snippet with crypt debug below. The client I'm using is Shrewsoft VPN, and this is the same client and profile that worked well with PAM authentication.

"roadwarrior"[10] x.x.x.x #9: XAUTH:  Unsupported XAUTH parameter XAUTH-TYPE received.
| ****parse ISAKMP ModeCfg attribute:
|    ModeCfg attr type: XAUTH-USER-NAME
|    length/value: 5
| ****parse ISAKMP ModeCfg attribute:
|    ModeCfg attr type: XAUTH-USER-PASSWORD
|    length/value: 7
"roadwarrior"[10] x.x.x.x #9: XAUTH: User test1: Attempting to login
"roadwarrior"[10] x.x.x.x #9: XAUTH: md5 authentication being called to authenticate user test1
"roadwarrior"[10] x.x.x.x #9: XAUTH: password file (/etc/ipsec.d/passwd) open.
| XAUTH: found user(test1/test1) pass($apr1$twNTPIIY$eCzSOpIs56hyMQyuhtyEz1) connid(roadwarrior/roadwarrior)
| XAUTH: checking user(test1:roadwarrior) pass (null) vs $apr1$twNTPIIY$eCzSOpIs56hyMQyuhtyEz1
"roadwarrior"[10] x.x.x.x #9: XAUTH: nope
"roadwarrior"[10] x.x.x.x #9: XAUTH: User test1: Authentication Failed: Incorrect Username or Password

Is there anyone who has any clue on what is happening here, and why?

Thanks in advance!
Pontus Wiberg
Operations Lead



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140704/25be94b7/attachment.html>

More information about the Users mailing list