Actually, I am trying to evaluate Nortel Client with our VPN gateway that supports XAuth. Following are the two observations I have seen so far:
Firstly, I am seeing that Contivity Client is sending me the authentication method as pre-shared key instead of expected xauth-presharedkey even though I have selected Authentication option as "Username and Password authentication" on Client. How to configure client to make it send xauth-presharedkey as authentication method.
Secondly, if I try with the preshared key authentication method in the Aggressive mode message sent by the client, the Gateway's response is not being accepted by Nortel Client even though I took care of the pre-shared key as prf(passphrase, username) as mentioned in this mail and the draft <http://www.globecom.net/ietf/draft/draft-mamros-pskeyext-00.html>
Some non-standard attributes are also being sent by the Client. Does the client expects them back ?
Any help would be appreciated
From: Ken Bantoft [mailto:email@example.com]
Sent: Friday, June 20, 2003 4:45 AM
To: Vohra, Meenakshi
Cc: firstname.lastname@example.org; email@example.com
Subject: [Users] Re: [sfs-dev] Nortel Contivity Client with XAuth
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 19 Jun 2003, Vohra, Meenakshi wrote:
> Hello Everyone,
> I am trying to evaluate the Nortel's Contivity Client evaluation copy with
> my gateway. After discovering the user name being sent as hash by Nortel
> client which I am able to resolve I am also seeing the client sending
> authentication method as pre-shared key. I want to test the client with
> XAuth so was wondering if someone could suggest me how to configure
> xauth-preshared-key as authentication method on the Nortel Client. So far I
> am using Authentication option as Username and password Authentication on
> Nortel Client.
I don't quite understand what you're trying to do here... but FreeS/WAN
doesn't support XAUTH, so if you're trying inter-op, it won't work.
Ken Bantoft Super FreeS/WAN Maintainer
PGP Key: finger firstname.lastname@example.org
"It is dangerous to be right when the government is wrong."
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
Users mailing list