From: M. N. <joa...@in...> - 2006-09-18 16:50:56
|
Seg, 2006-09-18 =E0s 16:24 +0200, Jon Bright escreveu: > With just the remote side's IP: > Sep 18 15:53:18 localhost racoon: ERROR: couldn't find the pskey. > > With just the XAuthLogin: > Sep 18 16:15:53 localhost racoon: ERROR: couldn't find the pskey. > > With just GroupVPN: > Sep 18 16:17:59 localhost racoon: ERROR: couldn't find the pskey. > > With just the MAC (entered as a string, 0006B10253A8): > Sep 18 16:19:46 localhost racoon: DEBUG: the psk found. > ... > Sep 18 16:19:46 localhost racoon: ERROR: HASH mismatched >=20 >=20 > What's confusing to me is why it's looking for the MAC, when my config=20 > includes the xauth_login directive - surely, it should be looking for=20 > the XAuthLogin in that case? >=20 This is the correct behaviour. xauth is a secondary authentication. You set up phase 1 with pre shared keys (PSK) or certificates, then you do xauth (login/password), and then you get the ipsec connection. password and the PSK are usually different (usual setups have the PSK shared between several users, with a specific combination of user/password for each user). Do you have this data (login, password and PSK)? If the remote says it's ID is the MAC, then racoon searches the PSK by the ID provided and then by its IP address. What's happening is that the PSK you're putting on the psk.txt file is not correct. Are you sure you're not using the password instead of the PSK? Cumprimentos, Jo=E3o Miguel Neves |