Difference between revisions of "Talk:OpenSwan"
m (→XAUTH) |
(No difference)
|
Latest revision as of 11:22, 8 March 2007
XAUTH
Add details of XAUTH authentication. This is supposedly possible by adding xauth=yes to ipsec.conf. However, I've not got it to work yet.
With the config entry:
conn iketest
left=172.16.3.18
leftsubnet=172.16.3.0/24
right=%any
authby=secret
xauth=yes
auto=add
We get the following message logged in syslog when we try ike-scan --trans=5,1,65001,2 (65001 is XAUTH authentication method):
"iketest"[1] 192.168.124.3 #1: policy does not allow Extended Authentication (XAUTH) of initiator (we are responder). Attribute OAKLEY_AUTHENTICATION_METHOD
