[Swan] XAUTH oddity
Paul Wouters
paul at nohats.ca
Fri Mar 24 03:29:57 UTC 2017
On Tue, 21 Mar 2017, Nels Lindquist wrote:
>> All other tunnels (including L2TP roadwarriors) continue to work
>> fine, but all incoming XAUTH connections fail at the point when the
>> request for XAUTH credentials is made:
>>
>> Mar 16 11:24:07 yeggate pluto[21352]: "xauth-rsa"[1] 184.151.222.0
>> #15: XAUTH: Sending Username/Password request (XAUTH_R0)
>>
>> No response is received from the client (Shrew Soft VPN on Windows
>> 7).
>>
>> I've restarted clients, restarted ipsec, deleted and re-added
>> connection definitions, etc. all to no avail. The clients are able
>> to connect to two other test setups on different networks with no
>> difficulty, and I can find no relevant differences
>> configuration-wise. I tried setting xauthby to "alwaysok" but the
>> behaviour is the same.
We have seen something like this in the past when we would send two
packets during XAUTH that were too close together and could get
re-ordered, confusing the other end. But in 3.14 we added a small
delay that would prevent this re-ordering. If there is still a
timing issue, then perhaps you have different plutodebug= settings
between the network that works and the one that does not?
Otherwise, I wouldn't know either what's going on.
Paul
More information about the Swan
mailing list