[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [sfs-dev] Nortel Contivity Client with XAuth (Key-ID)

Title: Re: [sfs-dev] Nortel Contivity Client with XAuth (Key-ID)

Actually, I am trying to evaluate Nortel Client with our VPN gateway that supports XAuth. Following are the two observations I have seen so far:

Firstly, I am seeing that Contivity Client is sending me the authentication method as pre-shared key instead of expected xauth-presharedkey even though I have selected Authentication option as "Username and Password authentication" on Client. How to configure client to make it send xauth-presharedkey as authentication method.

Secondly, if I try with the preshared key authentication method in the Aggressive mode message sent by the client, the Gateway's response is not being accepted by Nortel Client even though I took care of the pre-shared key as prf(passphrase, username) as mentioned in this mail and the draft <http://www.globecom.net/ietf/draft/draft-mamros-pskeyext-00.html>

Some non-standard attributes are also being sent by the Client. Does the client expects them back ?

Any help would be appreciated
- Meenakshi

-----Original Message-----
From: Ken Bantoft [mailto:ken@freeswan.ca]
Sent: Friday, June 20, 2003 4:45 AM
To: Vohra, Meenakshi
Cc: users@lists.freeswan.org; sfs-dev@freeswan.ca
Subject: [Users] Re: [sfs-dev] Nortel Contivity Client with XAuth


On Thu, 19 Jun 2003, Vohra, Meenakshi wrote:

> Hello Everyone,
> I am trying to evaluate the Nortel's Contivity Client evaluation copy with
> my gateway. After discovering the user name being sent as hash by Nortel
> client which I am able to resolve I am also seeing the client sending
> authentication method as pre-shared key. I want to test the client with
> XAuth so was wondering if someone could suggest me how to configure
> xauth-preshared-key as authentication method on the Nortel Client. So far I
> am using Authentication option as Username and password Authentication on
> Nortel Client.

I don't quite understand what you're trying to do here... but FreeS/WAN
doesn't support XAUTH, so if you're trying inter-op, it won't work.

- --
Ken Bantoft                Super FreeS/WAN Maintainer
ken@freeswan.ca            http://www.freeswan.ca
                           PGP Key: finger ken@bantoft.org
"It is dangerous to be right when the government is wrong."
                                -- Voltaire

Version: 2.6.3ia
Charset: noconv


Users mailing list