[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [sfs-dev] Nortel Contivity Client with XAuth (Key-ID)



Title: Re: [sfs-dev] Nortel Contivity Client with XAuth (Key-ID)

Actually, I am trying to evaluate Nortel Client with our VPN gateway that supports XAuth. Following are the two observations I have seen so far:

Firstly, I am seeing that Contivity Client is sending me the authentication method as pre-shared key instead of expected xauth-presharedkey even though I have selected Authentication option as "Username and Password authentication" on Client. How to configure client to make it send xauth-presharedkey as authentication method.

Secondly, if I try with the preshared key authentication method in the Aggressive mode message sent by the client, the Gateway's response is not being accepted by Nortel Client even though I took care of the pre-shared key as prf(passphrase, username) as mentioned in this mail and the draft <http://www.globecom.net/ietf/draft/draft-mamros-pskeyext-00.html>

Some non-standard attributes are also being sent by the Client. Does the client expects them back ?

Any help would be appreciated
Thanks,
- Meenakshi

-----Original Message-----
From: Ken Bantoft [mailto:ken@freeswan.ca]
Sent: Friday, June 20, 2003 4:45 AM
To: Vohra, Meenakshi
Cc: users@lists.freeswan.org; sfs-dev@freeswan.ca
Subject: [Users] Re: [sfs-dev] Nortel Contivity Client with XAuth
(Key-ID)


-----BEGIN PGP SIGNED MESSAGE-----


On Thu, 19 Jun 2003, Vohra, Meenakshi wrote:

> Hello Everyone,
>
> I am trying to evaluate the Nortel's Contivity Client evaluation copy with
> my gateway. After discovering the user name being sent as hash by Nortel
> client which I am able to resolve I am also seeing the client sending
> authentication method as pre-shared key. I want to test the client with
> XAuth so was wondering if someone could suggest me how to configure
> xauth-preshared-key as authentication method on the Nortel Client. So far I
> am using Authentication option as Username and password Authentication on
> Nortel Client.

I don't quite understand what you're trying to do here... but FreeS/WAN
doesn't support XAUTH, so if you're trying inter-op, it won't work.



- --
Ken Bantoft                Super FreeS/WAN Maintainer
ken@freeswan.ca            http://www.freeswan.ca
                           PGP Key: finger ken@bantoft.org
"It is dangerous to be right when the government is wrong."
                                -- Voltaire

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPvLzvFiWUusaxGxpAQGpJAP/dFAWQSKzKj5qgZfQwbwnG7EIQKt9pQkQ
6vnk5lf7uqcVVi0bhuZSS2mAAkHjVMA/6mjrnFZt73Kv8EfhJN3fiXEpoSCmMVNU
9v2/bhqSnHLkz9wqT+Ai0G5LzeRxzveCxKbAB3Jw71gRcbMs62uU0fgKPjqBOogm
Ds9fLtY38JE=
=vV5e
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users