[Vpn-help] MODECFG messages and Linksys router

Matthew Grooms mgrooms at shrew.net
Mon Oct 30 10:29:51 CST 2006


Andrew A Rowley wrote:
> Hi,
> 
> I am trying to get this working with a Linksys WAG54GX2 router, which appears to use openswan.  I have configured this to use Mutual PSKs, and the Phase 1 appears to work fine in both aggressive and main modes.  However, the router stops with a message:
> "received MODECFG message when in state STATE_AGGR_R2, and we aren't xauth client"
> 
> I have not selected XAUTH mode, so I am wondering why the client might be sending such messages, and if I can disable the sending of these messages to allow it to progress into IP Sec SA configuration.
> 

Andrew,

	Thanks for trying out the client. I would appear that the linksys 
router does not support modecfg for dynamic client configuration. 
Unfortunately, the configuration options related to modecfg are 
scattered throughout the Site Configuration interface. I need to add a 
global option that disables all modecfg options for situations like 
this. For the time being, you will need to manually *disable* the 
following options which cause the modecfg exchange to be skipped ...

Client Login Banner
WINS Obtain Automatically
DNS Obtain Automatically
Obtain Split DNS Automatically
Phase2 PFS Excange Auto
Policy Obtain Remote Network Topology

... If you configure VPN Trace for debug level output, you should be 
able to see the step where the client determines the modecfg attribute 
set submitted to the server. What you want to see is the following 
output ...

ii : determining required modecfg attributes
ii : isakmp config is not required

... which means it has determined that the modecfg step is not necessary.

	Thanks again for your interest and please let me know if you have any 
more questions.

-Matthew



More information about the vpn-help mailing list