[Vpn-help] shrewsoft <-> openswan not working with PSK+XAUTH
Matthew Grooms
mgrooms at shrew.net
Thu May 8 11:12:45 CDT 2008
hiren joshi wrote:
> Hello,
>
> I am not able to establish a connection with following configuration:
>
> Client: ShrewSoft 2.0.3
> Server: Openswan-2.4.8
> Auth Method: PSK+XAUTH
>
> Analyzing the log I found:
>
> Openswan do not send value of XAUTH_TYPE attribute as per:
> http://www.vpnc.org/ietf-xauth/draft-beaulieu-ike-xauth-02.txt. Which
> says -
>
> XAUTH-TYPE - The type of extended authentication requested whose
> values are described in the next section. This is an optional
> attribute for the ISAKMP_CFG_REQUEST and ISAKMP_CFG_REPLY messages.
> If the XAUTH-TYPE is not present, then it is assumed to be Generic.
>
>
> However, Shrewsoft vpn client expects the value of XAUTH_TYPE attribute
> (see below log).
> Perhaps it is following:
> http://tools.ietf.org/html/draft-ietf-ipsec-isakmp-xauth-03. Which says -
>
> XAUTH_TYPE - The type of extended authentication requested whose
> values are described in the next section. This is a mandatory
> attribute for the ISAKMP_CFG_REQUEST and ISAKMP_CFG_REPLY
> messages.
>
> Shrewsoft Vpn Client Log:
>
> !! : missing required xauth type attribute
>
> Is there any workaround/patch available?
>
Hiren,
Thanks for trying out the Shrew Soft Client. There is no solution for
this particular problem that I know of. Providing a work around in the
Shrew Soft Client should be a trivial matter. I have added this to my
TODO list and a patch will be included in the next 2.1.0 beta release. I
will send you a notice when the package is available for testing early
next week.
Very good problem analysis BTW :)
Thanks again,
-Matthew
More information about the vpn-help
mailing list