<div dir="ltr">Seems really odd, I tried it on RHEL7 as well with the same issue.. passwd file is indeed marked correctly - I changed to using crypt() passwords and it worked immediately! Thanks, I guess crypt should be fine for XAUTH, and this way I can at least finish my setup for now. If anything is needed from me to further troubleshoot let me know and I can check on one of my now 5 VMs set up for this issue :)<div class="gmail_extra">
<br clear="all"><div><div dir="ltr"><table align="left" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse:collapse;color:rgb(0,0,0);font-family:'Times New Roman';font-size:medium"><tbody><tr>
<td valign="top" style="padding:9px 0px 7px;color:rgb(65,64,65);font-family:Arial;font-size:11px;line-height:14px"><p style="margin:1em 0px;padding:0px;font-size:12px;line-height:16px"><strong>Pontus Wiberg</strong><br>Operations Lead</p>
<a href="http://universumglobal.com/" alt="Universum" style="word-wrap:break-word;color:rgb(14,151,193);text-decoration:none" target="_blank">universumglobal.com</a> <br><hr color="#f1612a" align="left" height="1" style="height:1px;max-height:1px;border:none;margin-top:12px;float:left;clear:both;width:366px">
</td></tr><tr><td><img align="left" alt="Universum" title="Universum" src="http://emailsignatures.universumglobal.com/gem-signature-20140108.png" border="0" width="180" height="29" style="border:0px;outline:none;max-width:184px;width:184px;height:30px;max-height:30px;vertical-align:bottom;padding-bottom:0px;padding-left:0px;display:inline!important"></td>
</tr><tr><td> </td></tr></tbody></table></div></div>
<br><br><div class="gmail_quote">On 21 August 2014 22:48, Paul Wouters <span dir="ltr"><<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="">On Thu, 21 Aug 2014, Pontus Wiberg wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
FYI did a new setup on a Ubuntu server with no additional software but Libreswan and the requirements, a clean setup,<br>
clean ipsec.conf, getting the same error. The password is incorrectly handled by Libreswan or some dependency somewhere,<br>
same error as I've had on Openswan too. <br>
Is there anything I can do to help narrow this down? <br>
<br>
****parse ISAKMP ModeCfg attribute:<br>
| ModeCfg attr type: 16521??<br>
| length/value: 8 <-- username is correct and 8 chars<br>
| ****parse ISAKMP ModeCfg attribute:<br>
| ModeCfg attr type: 16522??<br>
| length/value: 12 <-- password is correct and 12 chars<br>
| complete state transition with STF_IGNORE<br>
| * processed 0 messages from cryptographic helpers<br>
| next event EVENT_DPD in 15 seconds for #1<br>
| next event EVENT_DPD in 15 seconds for #1<br>
XAUTH: User testuser: Attempting to login<br>
XAUTH: passwd file authentication being called to authenticate user testuser<br>
XAUTH: password file (/etc/ipsec.d/passwd) open.<br>
| XAUTH: found user(testuser/testuser) pass($apr1$RXWgYKAc$**********<u></u>*/) connid(roadwarrior/<u></u>roadwarrior)<br>
| XAUTH: checking user(testuser:roadwarrior) pass (null) vs $apr1$RXWgYKAc$***********/ <-- password is now: (null)<br>
XAUTH: nope<br>
XAUTH: User testuser: Authentication Failed: Incorrect Username or Password<br>
</blockquote>
<br></div>
It's odd. I cannot reproduce this:<br>
<br>
XAUTH: User use3: Attempting to login<br>
XAUTH: passwd file authentication being called to authenticate user use3<div class=""><br>
XAUTH: password file (/etc/ipsec.d/passwd) open.<br></div>
| XAUTH: found user(road/use3) pass($apr1$898RP...$<u></u>9gJFVFuZIvsD0dTGADcv10) connid(xauth-road-eastnet/<u></u>modecfg-road-eastnet-psk)<br>
| XAUTH: found user(use1/use3) pass(xOzlFlqtwJIu2) connid(xauth-road-eastnet/<u></u>modecfg-road-eastnet-psk)<br>
| XAUTH: found user(use2/use3) pass(xOzlFlqtwJIu2) connid(xauth-road-eastnet-psk/<u></u>modecfg-road-eastnet-psk)<br>
| XAUTH: found user(use3/use3) pass(xOzlFlqtwJIu2) connid(modecfg-road-eastnet-<u></u>psk/modecfg-road-eastnet-psk)<br>
| XAUTH: checking user(use3:modecfg-road-<u></u>eastnet-psk) pass xOzlFlqtwJIu2 vs xOzlFlqtwJIu2<br>
XAUTH: User use3: Authentication Successful<br>
<br>
Is your /etc/ipsec.d/passwd marked with the proper connection ?<br>
<br>
Note that Matt might be right about the crypt() call, although it is<br>
odd. But you can try using htpasswd -d to generate crypt() passwords.<span class="HOEnZb"><font color="#888888"><br>
<br>
Paul<br>
</font></span></blockquote></div><br></div></div>