[Vpn-help] shrewsoft <-> openswan not working with PSK+XAUTH

Matthew Grooms mgrooms at shrew.net
Thu May 8 11:12:45 CDT 2008


hiren joshi wrote:
> Hello,
> 
> I am not able to establish a connection with following configuration:
> 
> Client: ShrewSoft 2.0.3
> Server: Openswan-2.4.8
> Auth Method: PSK+XAUTH
> 
> Analyzing the log I found:
> 
> Openswan do not send value of XAUTH_TYPE attribute as per: 
> http://www.vpnc.org/ietf-xauth/draft-beaulieu-ike-xauth-02.txt. Which 
> says -
> 
> XAUTH-TYPE - The type of extended authentication requested whose
>    values are described in the next section.  This is an optional
>    attribute for the ISAKMP_CFG_REQUEST and ISAKMP_CFG_REPLY messages.
>    If the XAUTH-TYPE is not present, then it is assumed to be Generic.
> 
> 
> However, Shrewsoft vpn client expects the value of XAUTH_TYPE attribute 
> (see below log).
> Perhaps it is following: 
> http://tools.ietf.org/html/draft-ietf-ipsec-isakmp-xauth-03. Which says -
> 
> XAUTH_TYPE - The type of extended authentication requested whose
>      values are described in the next section.  This is a mandatory
>      attribute for the ISAKMP_CFG_REQUEST and ISAKMP_CFG_REPLY
>      messages.
> 
> Shrewsoft Vpn Client Log:
> 
> !! : missing required xauth type attribute
> 
> Is there any workaround/patch available?
> 

Hiren,

Thanks for trying out the Shrew Soft Client. There is no solution for 
this particular problem that I know of. Providing a work around in the 
Shrew Soft Client should be a trivial matter. I have added this to my 
TODO list and a patch will be included in the next 2.1.0 beta release. I 
will send you a notice when the package is available for testing early 
next week.

Very good problem analysis BTW :)

Thanks again,

-Matthew



More information about the vpn-help mailing list