[Swan] Fwd: Cisco XAUTH configuration rightid phase 1 fails

Andrew Campbell andrewc at vayoka.com
Thu Jun 20 08:29:45 EEST 2013 

Hi Paul,

I am still getting stuck at "encountered fatal error in state
STATE_XAUTH_I1".

Tried a combination of configuration options, but with pretty much the same
result.

Anything you can suggest?

Kind Regards,

Andrew

On Wed, Jun 12, 2013 at 8:12 PM, Andrew Campbell <andrewc at vayoka.com> wrote:

> Hi Paul,
>
> Works! pure genius!
>
> Is there a way to ignore the remote peer ID sent from the Cisco router?
>
> Most people would be unaware of that value, just thinking how to explain
> it to a customer compare to using VPNC.
>
> The next error in the pipe,
>
> 041 "tunnel0-0" #2: tunnel0-0 prompt for Username:
> 040 "tunnel0-0" #2: tunnel0-0 prompt for Password:
> 002 "tunnel0-0" #2: XAUTH: Answering XAUTH challenge with user='
> customer.domain'
> 002 "tunnel0-0" #2: transition from state STATE_XAUTH_I0 to state
> STATE_XAUTH_I1
> 004 "tunnel0-0" #2: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set
> 002 "tunnel0-0" #2: extra debugging enabled for connection:
> raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo
> 037 "tunnel0-0" #2: encountered fatal error in state STATE_XAUTH_I1
>
> I will have a go at fixing that tomorrow.
>
> Thanks again for your help!
>
> Andrew
>
>
> On Wed, Jun 12, 2013 at 6:54 PM, Paul Wouters <pwouters at redhat.com> wrote:
>
>> On Tue, 11 Jun 2013, Andrew Campbell wrote:
>>
>>  root at ipsec:/etc# cat ipsec.conf
>>> conn cisco
>>>   authby=secret
>>>   leftid="@customer.domain"
>>>   rightid="@IPsec_1.cisco.com"
>>>
>>
>>  root at ipsec:/etc# cat ipsec.secrets
>>> @customer.domain 1xx.5x.5x.1xx : PSK "customer1234"
>>>
>>
>> If you specify left/right IDs with PSK, you should ensure the IDs
>> are used in the PSK line, eg:
>>
>> @customer.domain @IPsec_1.cisco.com : PSK "customer1234"
>>
>> Although I would have expected it to say, "no secret found", and not "no
>> connection found". Please let me know if this resolves it for you. If
>> not, please get me a run with plutodebug=all.
>>
>> Paul
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130620/a81a1802/attachment.html>

More information about the Swan mailing list