[Swan] Fwd: Cisco XAUTH configuration rightid phase 1 fails
Andrew Campbell
andrewc at vayoka.com
Wed Jun 12 13:12:30 EEST 2013
Hi Paul,
Works! pure genius!
Is there a way to ignore the remote peer ID sent from the Cisco router?
Most people would be unaware of that value, just thinking how to explain it
to a customer compare to using VPNC.
The next error in the pipe,
041 "tunnel0-0" #2: tunnel0-0 prompt for Username:
040 "tunnel0-0" #2: tunnel0-0 prompt for Password:
002 "tunnel0-0" #2: XAUTH: Answering XAUTH challenge with user='
customer.domain'
002 "tunnel0-0" #2: transition from state STATE_XAUTH_I0 to state
STATE_XAUTH_I1
004 "tunnel0-0" #2: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
002 "tunnel0-0" #2: extra debugging enabled for connection:
raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo
037 "tunnel0-0" #2: encountered fatal error in state STATE_XAUTH_I1
I will have a go at fixing that tomorrow.
Thanks again for your help!
Andrew
On Wed, Jun 12, 2013 at 6:54 PM, Paul Wouters <pwouters at redhat.com> wrote:
> On Tue, 11 Jun 2013, Andrew Campbell wrote:
>
> root at ipsec:/etc# cat ipsec.conf
>> conn cisco
>> authby=secret
>> leftid="@customer.domain"
>> rightid="@IPsec_1.cisco.com"
>>
>
> root at ipsec:/etc# cat ipsec.secrets
>> @customer.domain 1xx.5x.5x.1xx : PSK "customer1234"
>>
>
> If you specify left/right IDs with PSK, you should ensure the IDs
> are used in the PSK line, eg:
>
> @customer.domain @IPsec_1.cisco.com : PSK "customer1234"
>
> Although I would have expected it to say, "no secret found", and not "no
> connection found". Please let me know if this resolves it for you. If
> not, please get me a run with plutodebug=all.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130612/2abd300d/attachment.html>
More information about the Swan
mailing list