[Vpn-help] MODECFG messages and Linksys router
Matthew Grooms
mgrooms at shrew.net
Mon Oct 30 10:29:51 CST 2006
Andrew A Rowley wrote:
> Hi,
>
> I am trying to get this working with a Linksys WAG54GX2 router, which appears to use openswan. I have configured this to use Mutual PSKs, and the Phase 1 appears to work fine in both aggressive and main modes. However, the router stops with a message:
> "received MODECFG message when in state STATE_AGGR_R2, and we aren't xauth client"
>
> I have not selected XAUTH mode, so I am wondering why the client might be sending such messages, and if I can disable the sending of these messages to allow it to progress into IP Sec SA configuration.
>
Andrew,
Thanks for trying out the client. I would appear that the linksys
router does not support modecfg for dynamic client configuration.
Unfortunately, the configuration options related to modecfg are
scattered throughout the Site Configuration interface. I need to add a
global option that disables all modecfg options for situations like
this. For the time being, you will need to manually *disable* the
following options which cause the modecfg exchange to be skipped ...
Client Login Banner
WINS Obtain Automatically
DNS Obtain Automatically
Obtain Split DNS Automatically
Phase2 PFS Excange Auto
Policy Obtain Remote Network Topology
... If you configure VPN Trace for debug level output, you should be
able to see the step where the client determines the modecfg attribute
set submitted to the server. What you want to see is the following
output ...
ii : determining required modecfg attributes
ii : isakmp config is not required
... which means it has determined that the modecfg step is not necessary.
Thanks again for your interest and please let me know if you have any
more questions.
-Matthew
More information about the vpn-help
mailing list