[Vpn-help] shrewsoft <-> openswan not working with PSK+XAUTH

hiren joshi joshihirenn at gmail.com
Thu May 8 07:00:32 CDT 2008


Hello,

I am not able to establish a connection with following configuration:

Client: ShrewSoft 2.0.3
Server: Openswan-2.4.8
Auth Method: PSK+XAUTH

Analyzing the log I found:

Openswan do not send value of XAUTH_TYPE attribute as per:
http://www.vpnc.org/ietf-xauth/draft-beaulieu-ike-xauth-02.txt. Which says -


XAUTH-TYPE - The type of extended authentication requested whose
   values are described in the next section.  This is an optional
   attribute for the ISAKMP_CFG_REQUEST and ISAKMP_CFG_REPLY messages.
   If the XAUTH-TYPE is not present, then it is assumed to be Generic.


However, Shrewsoft vpn client expects the value of XAUTH_TYPE attribute (see
below log).
Perhaps it is following:
http://tools.ietf.org/html/draft-ietf-ipsec-isakmp-xauth-03. Which says -

XAUTH_TYPE - The type of extended authentication requested whose
     values are described in the next section.  This is a mandatory
     attribute for the ISAKMP_CFG_REQUEST and ISAKMP_CFG_REPLY
     messages.

Shrewsoft Vpn Client Log:

!! : missing required xauth type attribute

Is there any workaround/patch available?

Thanks for your time.

-hiren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20080508/fee841b2/attachment-0001.html>


More information about the vpn-help mailing list