<div dir="ltr">Hi Paul,<div><br></div><div>I am still getting stuck at "<span style="font-family:arial,sans-serif;font-size:13px">encountered fatal error in state STATE_XAUTH_I1".</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></div><div><font face="arial, sans-serif">Tried a combination of configuration options, but with pretty much the same result.</font></div><div><font face="arial, sans-serif"><br></font></div><div><font face="arial, sans-serif">Anything you can suggest?</font></div>
<div><br></div><div class="gmail_extra">Kind Regards,</div><div class="gmail_extra"><br></div><div class="gmail_extra">Andrew<br><br><div class="gmail_quote">On Wed, Jun 12, 2013 at 8:12 PM, Andrew Campbell <span dir="ltr"><<a href="mailto:andrewc@vayoka.com" target="_blank">andrewc@vayoka.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Paul,<div><br></div><div>Works! pure genius!</div><div><br></div><div>Is there a way to ignore the remote peer ID sent from the Cisco router? </div>
<div><br></div><div>Most people would be unaware of that value, just thinking how to explain it to a customer compare to using VPNC.</div>
<div><br></div><div>The next error in the pipe,</div><div><br></div><div><div>041 "tunnel0-0" #2: tunnel0-0 prompt for Username:</div><div>040 "tunnel0-0" #2: tunnel0-0 prompt for Password:</div><div>
002 "tunnel0-0" #2: XAUTH: Answering XAUTH challenge with user='<span style="font-family:arial,sans-serif;font-size:13px">customer.domain</span>'</div>
<div>002 "tunnel0-0" #2: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1</div><div>004 "tunnel0-0" #2: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set</div><div>002 "tunnel0-0" #2: extra debugging enabled for connection: raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo</div>
<div>037 "tunnel0-0" #2: encountered fatal error in state STATE_XAUTH_I1</div></div><div><br></div><div>I will have a go at fixing that tomorrow.</div><div><br></div><div>Thanks again for your help!</div><span class="HOEnZb"><font color="#888888"><div>
<br>
</div><div>Andrew</div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jun 12, 2013 at 6:54 PM, Paul Wouters <span dir="ltr"><<a href="mailto:pwouters@redhat.com" target="_blank">pwouters@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On Tue, 11 Jun 2013, Andrew Campbell wrote:<br>
<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>
root@ipsec:/etc# cat ipsec.conf<br>
conn cisco<br></div>
authby=secret<br>
leftid="@customer.domain"<br>
rightid="@<a href="http://IPsec_1.cisco.com" target="_blank">IPsec_1.cisco.com</a>"<br>
</blockquote><div>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
root@ipsec:/etc# cat ipsec.secrets <br>
@customer.domain 1xx.5x.5x.1xx : PSK "customer1234"<br>
</blockquote>
<br></div>
If you specify left/right IDs with PSK, you should ensure the IDs<br>
are used in the PSK line, eg:<br>
<br>
@customer.domain @<a href="http://IPsec_1.cisco.com" target="_blank">IPsec_1.cisco.com</a> : PSK "customer1234"<br>
<br>
Although I would have expected it to say, "no secret found", and not "no<br>
connection found". Please let me know if this resolves it for you. If<br>
not, please get me a run with plutodebug=all.<span><font color="#888888"><br>
<br>
Paul<br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div>