#63 xauth suppresses usage of user_fqdn

0.6 branch
closed
nobody
5
2009-01-16
2007-05-21
No

Hello,

I am using racoon 0.6.5 and I am having some troubles
when connecting to a "NETGEAR ProSafe VPN Firewall FVX538":

When using a pre-shared key, user_fqdn as client ID and
xauth, then racoon sends its IPv4 address as ID
instead of using the supplied user_fqdn.

Commenting out the xauth configuration line makes
racoon use the user_fqdn as ID.

Unfortunately, I cannot configure my VPN router to
accept IPv4 as client ID, because the clients do
not have known IP addresses ( -> road warriors).

Is there anything wrong in the configuration or
is this a bug in racoon?

Kind regards,

J. Uhrmann

Here is the configuration:

remote 1.2.3.4
{
exchange_mode aggressive;

nonce_size 16;
my_identifier user_fqdn "myIdentifier";

# "my_identifier" only works if the next line is commented out
xauth_login "username";

# The router is valid, if the IP is correct
peers_identifier address 1.2.3.4;

nat_traversal on;
dpd_delay 60;

proposal_check obey;
initial_contact on;

proposal
{
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
}
}

sainfo anonymous
{
pfs_group modp1024;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}

Here is the debug output with that configuration:

--- snip ---
2007-05-21 16:37:47: DEBUG: get pfkey ACQUIRE message
2007-05-21 16:37:47: DEBUG: suitable outbound SP found: 0.0.0.0/0[0] 192.168.80.0/24[0] proto=any dir=out.
2007-05-21 16:37:47: DEBUG: sub:0xbfc89bfc: 192.168.80.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2007-05-21 16:37:47: DEBUG: db :0x80c9708: 192.168.80.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2007-05-21 16:37:47: DEBUG: suitable inbound SP found: 192.168.80.0/24[0] 0.0.0.0/0[0] proto=any dir=in.
2007-05-21 16:37:47: DEBUG: new acquire 0.0.0.0/0[0] 192.168.80.0/24[0] proto=any dir=out
2007-05-21 16:37:47: DEBUG: anonymous sainfo selected.
2007-05-21 16:37:47: DEBUG: (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-05-21 16:37:47: DEBUG: (trns_id=3DES encklen=0 authtype=hmac-sha)
2007-05-21 16:37:47: DEBUG: configuration found for YYYYYYYYYYYYY.
2007-05-21 16:37:47: INFO: IPsec-SA request for 137.193.240.199 queued due to no phase1 found.
2007-05-21 16:37:47: DEBUG: ===
2007-05-21 16:37:47: INFO: initiate new phase 1 negotiation: XXXXXXXXX[500]<=>YYYYYYYYYYY[500]
2007-05-21 16:37:47: INFO: begin Aggressive mode.
2007-05-21 16:37:47: DEBUG: new cookie:
fc437c6d46bd2dae
2007-05-21 16:37:47: DEBUG: use ID type of IPv4_address
2007-05-21 16:37:47: DEBUG: compute DH's private.
2007-05-21 16:37:47: DEBUG:

--- snap ----

Here the same part with "xauth ..." commented out:

--- snip ---

2007-05-21 16:40:07: DEBUG: get pfkey ACQUIRE message
2007-05-21 16:40:07: DEBUG: suitable outbound SP found: 0.0.0.0/0[0] 192.168.80.0/24[0] proto=any dir=out.
2007-05-21 16:40:07: DEBUG: sub:0xbfe75dec: 192.168.80.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2007-05-21 16:40:07: DEBUG: db :0x80c9708: 192.168.80.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2007-05-21 16:40:07: DEBUG: suitable inbound SP found: 192.168.80.0/24[0] 0.0.0.0/0[0] proto=any dir=in.
2007-05-21 16:40:07: DEBUG: new acquire 0.0.0.0/0[0] 192.168.80.0/24[0] proto=any dir=out
2007-05-21 16:40:07: DEBUG: anonymous sainfo selected.
2007-05-21 16:40:07: DEBUG: (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-05-21 16:40:07: DEBUG: (trns_id=3DES encklen=0 authtype=hmac-sha)
2007-05-21 16:40:07: DEBUG: configuration found for YYYYYYYYYYYYYY.
2007-05-21 16:40:07: INFO: IPsec-SA request for 137.193.240.199 queued due to no phase1 found.
2007-05-21 16:40:07: DEBUG: ===
2007-05-21 16:40:07: INFO: initiate new phase 1 negotiation: XXXXXXXXX[500]<=>YYYYYYYYYY[500]
2007-05-21 16:40:07: INFO: begin Aggressive mode.
2007-05-21 16:40:07: DEBUG: new cookie:
515d936b352a573a
2007-05-21 16:40:07: DEBUG: use ID type of User_FQDN
2007-05-21 16:40:07: DEBUG: compute DH's private.
2007-05-21 16:40:07: DEBUG:

--- snap ---

Discussion

  • Timo Teras

    Timo Teras - 2009-01-16
    • status: open --> closed
     
  • Timo Teras

    Timo Teras - 2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks