[Vpn-help] Netscreen problem with External Authentication (securid)
Anders Westin
anders_wessa at telia.com
Fri Sep 11 07:19:38 CDT 2009
Hi Matthew
Thanks for the attention on this issue.
The external authentication worked perfectly (after some struggling
with Phase 2 policy i successfully mange to get the tunnel to work)
Do you want some
logs from this test?
thanks again
/Anders
----Ursprungligt meddelande----
Från: mgrooms at shrew.net
Datum: 2009-09-09 07:19
Till: "Anders Westin"<anders_wessa at telia.com>
Kopia: <vpn-help at lists.shrew.net>
Ärende: Re: [Vpn-help] Netscreen problem with External Authentication
(securid)
Anders Westin wrote:
> Problem to Authentication with xauth and netscreen and "External
> Authentication"
>
Hi Anders,
This problem has been reported in the past. The PASSCODE attribute was
not handled and I thought it would be a lot of work to implement.
After
reviewing the Xauth RFC draft, it turned out to be a lot simpler that
I
had initially anticipated.
> 09/09/03 15:48:26 <- : recv IKE packet xxx.xxx.144.23:500 -> xxx.
xxx.
> 144.2:500 ( 76 bytes )
> 09/09/03 15:48:26 DB : phase1 found
> 09/09/03 15:48:26 ii : processing config packet ( 76 bytes )
> 09/09/03 15:48:26 DB : config found
> 09/09/03 15:48:26 == : new config iv ( 8 bytes )
> 09/09/03 15:48:26 =< : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
> 09/09/03 15:48:26 =< : message c49e1de2
> 09/09/03 15:48:26 =< : decrypt iv ( 8 bytes )
> 09/09/03 15:48:26 == : decrypt packet ( 76 bytes )
> 09/09/03 15:48:26 <= : trimmed packet padding ( 4 bytes )
> 09/09/03 15:48:26 <= : stored iv ( 8 bytes )
> 09/09/03 15:48:26 << : hash payload
> 09/09/03 15:48:26 << : attribute payload
> 09/09/03 15:48:26 == : configure hash_i ( computed ) ( 20 bytes )
> 09/09/03 15:48:26 == : configure hash_c ( computed ) ( 20 bytes )
> 09/09/03 15:48:26 ii : configure hash verified
> 09/09/03 15:48:26 !! : warning, unhandled xauth attribute 16523
> 09/09/03 15:48:26 ii : received xauth request -
Can you please give the following build a try. If it works, I'll add
the
changes to 2.1.5 before release. Its kind of a hack, but its only a
few
lines worth of hack :)
http://www.shrew.net/download/vpn/vpn-client-2.2.0-passcode-1.exe
Thanks,
-Matthew
More information about the vpn-help
mailing list