No subject
Tue Feb 12 10:16:04 CET 2008
page 13, seems that Nortel client sopports AES from version 4.91. I
have tryed to emulate this new version in vpnc, but nothing changed.
Best Regards,
Antonio Borneo
On Sat, Dec 13, 2008 at 5:24 PM, Antonio Borneo
<borneo.antonio at gmail.com> wrote:
> Ciao Mike,
> sorry for taking so long time to answer your mail.
> I'm very busy with my job, and the kind of test required for your case
> needs a "quite" day.
>
> On my new "second-hand" Contivity server I set the same configuration
> you report, and I got surprised.
> It seems there is something tricky with ESP.
> If the only ESP I enable has SHA1 integrity, then this goes directly
> as IPCOMP, compressed mode, that vpnc does not support yet.
> If I enable one of the ESP with MD5 integrity mode, then comes out a
> bunch of modes supported by vpnc.
> Looks like SHA1 is used for IPCOMP, and MD5 is used for uncompressed tunnel.
> It is still not fully clear to me.
>
> From your mail, I understand you are really luky, since your sysadmin
> let you look inside the configuration of Nortel server.
> You could please him to enable "ESP - Triple DES with MD5 Integrity".
> This should make vpnc working.
>
> Other possibility, less immediate:
> - implementing AH, or
> - implementing IPCOMP / LZS.
> At my knowledge, nobody is working at them.
>
> Ciao
> Antonio Borneo
>
> On Mon, Nov 24, 2008 at 11:31 PM, Michael Gofman <gofman.mike at gmail.com> wrote:
>>
>> As far as I understood AH stage is during Authentication only.
>> And other people have used it successfully, is that not true?
>>
>> Is ESP 256-bit supported?
>> Is there anything in the trace, that was with the original message, that
>> could help determine that that is what the server was asking for, rather
>> then AH ?
>>
>> Thank you.
>>
>>
>> On Wed, Nov 19, 2008 at 2:23 PM, Michael Gofman <gofman.mike at gmail.com>
>> wrote:
>>>
>>> I checked with the VPN admin and apparently ESP mode is in fact enabled
>>> Here is the list of things that are enabled on the Nortel VPN concentrator
>>> side:
>>>
>>> - ESP - 256-bit AES with SHA1 Integrity: Enabled
>>> - ESP - 128-bit AES with SHA1 Integrity: Disabled
>>> - ESP - Triple DES with SHA1 Integrity: Disabled
>>> - ESP - Triple DES with MD5 Integrity: Disabled
>>> - AH - Authentication Only (HMAC-SHA1): Enabled
>>> - AH - Authentication Only (HMAC-MD5): Enabled
>>>
>>> I'm guessing VPNC does not currently support 256 bit AES is that correct?
>>> I think we should at the very least produce a meaningful error message.
>>> Antonio (or anyone else who's willing to code any of this) , let me know
>>> if you'd like me to provide any traces or wireshark captures.
>>> Thank you.
>>>
>>> On Mon, Nov 10, 2008 at 1:18 AM, Antonio Borneo <borneo.antonio at gmail.com>
>>> wrote:
>>>>
>>>> Hi Mike,
>>>> I dig deeper in the attachment of your previous mail.
>>>> The reason you get "quick mode response rejected" is because your
>>>> server offers only the following IPSEC mode:
>>>> - ISAKMP_IPSEC_PROTO_IPSEC_AH
>>>> - ISAKMP_IPSEC_PROTO_IPCOMP
>>>> while current version of vpnc only supports
>>>> ISAKMP_IPSEC_PROTO_IPSEC_ESP, so vpnc ends up with
>>>> ISAKMP_N_BAD_PROPOSAL_SYNTAX
>>>>
>>>> I'm not an expert on IPSEC, but I expect some coding is required.
>>>> I do not think it's possible to push the server to switch to ESP mode.
>>>>
>>>> Best Regards,
>>>> Antonio Borneo
>>>>
>>>> On Mon, Nov 10, 2008 at 1:54 AM, Mike Gofman <gofman.mike at gmail.com>
>>>> wrote:
>>>> > Hello Antonio.
>>>> > I tried the tags you proposed and basically got the same response.
>>>> > ./vpnc: quick mode response rejected [2]:
>>>> >
>>>> >
>>>> > Does that mean that my VPN connection requires a firewall, or ithere
>>>> > something I need to do with myy routing tables(got that from CISCO VPNC
>>>> > forum)
>>>> >
>>>> >
>>>> > Antonio Borneo wrote:
>>>> >>
>>>> >> Ciao Mike,
>>>> >> pay attention on this detail:
>>>> >> when you select username authentication, the couple
>>>> >> "username"-"password" have to be filled in the fields "IPSec
>>>> >> ID"-"IPSec secret". Practically, the handshake uses username/password
>>>> >> in place of group-ID and group-secret.
>>>> >> Try:
>>>> >> sudo ./vpnc --vendor nortel --nortel-auth-mode username
>>>> >> --pfs dh5 --local-port 1001 --debug 3
>>>> >> --gateway mygateway --id testuser
>>>> >> and you will be prompted for the password.
>>>> >>
>>>> >> Best Regards,
>>>> >> Antonio Borneo
>>>> >>
>>>> >> On Sun, Nov 9, 2008 at 3:13 AM, Mike Gofman <gofman.mike at gmail.com>
>>>> >> wrote:
>>>> >>
>>>> >>>
>>>> >>> Woo hoo.
>>>> >>> For the first time I'm getting meaningful error messages:
>>>> >>> After applying the patch and executing vpnc with the following
>>>> >>> parameters:
>>>> >>> sudo ./vpnc --gateway mygateway --nortel-auth-mode username
>>>> >>> --username
>>>> >>> testuser --domain mydomain --vendor nortel --pfs dh5 --local-port
>>>> >>> 1001
>>>> >>> --debug 3
>>>> >>>
>>>> >>> First off if I entered the wrong password I get a
>>>> >>> ./vpnc: hash comparison failed: (ISAKMP_N_AUTHENTICATION_FAILED)(24)
>>>> >>> check group password!
>>>> >>> Which means that it actually got far enough to check my password.
>>>> >>>
>>>> >>> But wuth the right password I get the following (starting at
>>>> >>> phase2):
>>>> >>>
>>>> >>> S6 do_phase2
>>>> >>> [2008-11-08 14:11:36]
>>>> >>>
>>>> >>>
>>>> >>> receiving: <========================
>>>> >>> [2008-11-08 14:11:36]
>>>> >>> BEGIN_PARSE
>>>> >>> Recieved Packet Len: 284
>>>> >>> i_cookie: b745ec80 7ac4fa09
>>>> >>> r_cookie: 29ff92b7 e2ee6c53
>>>> >>> payload: 08 (ISAKMP_PAYLOAD_HASH)
>>>> >>> isakmp_version: 10
>>>> >>> exchange_type: 20 (ISAKMP_EXCHANGE_IKE_QUICK)
>>>> >>> flags: 01
>>>> >>> message_id: b3edea28
>>>> >>> len: 0000011c
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>>>> >>> next_type: 01 (ISAKMP_PAYLOAD_SA)
>>>> >>> length: 0018
>>>> >>> ke.data:
>>>> >>> 566765c5 5a21fee4 14d6f4c7 379d0e78 65f524c0
>>>> >>> DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 01 (ISAKMP_PAYLOAD_SA)
>>>> >>> next_type: 0a (ISAKMP_PAYLOAD_NONCE)
>>>> >>> length: 00b2
>>>> >>> sa.doi: 00000001 (ISAKMP_DOI_IPSEC)
>>>> >>> sa.situation: 00000001 (ISAKMP_IPSEC_SIT_IDENTITY_ONLY)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
>>>> >>> next_type: 02 (ISAKMP_PAYLOAD_P)
>>>> >>> length: 0044
>>>> >>> p.number: 01
>>>> >>> p.prot_id: 02 (ISAKMP_IPSEC_PROTO_IPSEC_AH)
>>>> >>> p.spi_size: 04
>>>> >>> length: 02
>>>> >>> p.spi: 9b03847f
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>> next_type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>> length: 001c
>>>> >>> t.number: 01
>>>> >>> t.id: 03 (ISAKMP_IPSEC_AH_SHA)
>>>> >>> t.attributes.type: 0005 (ISAKMP_IPSEC_ATTRIB_AUTH_ALG)
>>>> >>> t.attributes.u.attr_16: 0002 (IPSEC_AUTH_HMAC_SHA)
>>>> >>> t.attributes.type: 0004 (ISAKMP_IPSEC_ATTRIB_ENCAP_MODE)
>>>> >>> t.attributes.u.attr_16: 0001 (IPSEC_ENCAP_TUNNEL)
>>>> >>> t.attributes.type: 0001 (ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE)
>>>> >>> t.attributes.u.attr_16: 0001 (IPSEC_LIFE_SECONDS)
>>>> >>> t.attributes.type: 0002 (ISAKMP_IPSEC_ATTRIB_SA_LIFE_DURATION)
>>>> >>> t.attributes.u.lots.length: 0004
>>>> >>> t.attributes.u.lots.data: 00007080
>>>> >>> DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>> next_type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> length: 001c
>>>> >>> t.number: 02
>>>> >>> t.id: 02 (ISAKMP_IPSEC_AH_MD5)
>>>> >>> t.attributes.type: 0005 (ISAKMP_IPSEC_ATTRIB_AUTH_ALG)
>>>> >>> t.attributes.u.attr_16: 0001 (IPSEC_AUTH_HMAC_MD5)
>>>> >>> t.attributes.type: 0004 (ISAKMP_IPSEC_ATTRIB_ENCAP_MODE)
>>>> >>> t.attributes.u.attr_16: 0001 (IPSEC_ENCAP_TUNNEL)
>>>> >>> t.attributes.type: 0001 (ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE)
>>>> >>> t.attributes.u.attr_16: 0001 (IPSEC_LIFE_SECONDS)
>>>> >>> t.attributes.type: 0002 (ISAKMP_IPSEC_ATTRIB_SA_LIFE_DURATION)
>>>> >>> t.attributes.u.lots.length: 0004
>>>> >>> t.attributes.u.lots.data: 00007080
>>>> >>> DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> DONE PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
>>>> >>> next_type: 02 (ISAKMP_PAYLOAD_P)
>>>> >>> length: 001e
>>>> >>> p.number: 01
>>>> >>> p.prot_id: 04 (ISAKMP_IPSEC_PROTO_IPCOMP)
>>>> >>> p.spi_size: 02
>>>> >>> length: 01
>>>> >>> p.spi: ed36
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>> next_type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> length: 0014
>>>> >>> t.number: 01
>>>> >>> t.id: 03 (ISAKMP_IPSEC_IPCOMP_LZS)
>>>> >>> t.attributes.type: 0001
>>>> >>> t.attributes.u.attr_16: 0001
>>>> >>> t.attributes.type: 0002
>>>> >>> t.attributes.u.lots.length: 0004
>>>> >>> t.attributes.u.lots.data: 00007080
>>>> >>> DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> DONE PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
>>>> >>> next_type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> length: 0044
>>>> >>> p.number: 02
>>>> >>> p.prot_id: 02 (ISAKMP_IPSEC_PROTO_IPSEC_AH)
>>>> >>> p.spi_size: 04
>>>> >>> length: 02
>>>> >>> p.spi: 9b03847f
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>> next_type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>> length: 001c
>>>> >>> t.number: 01
>>>> >>> t.id: 03 (ISAKMP_IPSEC_AH_SHA)
>>>> >>> t.attributes.type: 0005 (ISAKMP_IPSEC_ATTRIB_AUTH_ALG)
>>>> >>> t.attributes.u.attr_16: 0002 (IPSEC_AUTH_HMAC_SHA)
>>>> >>> t.attributes.type: 0004 (ISAKMP_IPSEC_ATTRIB_ENCAP_MODE)
>>>> >>> t.attributes.u.attr_16: 0001 (IPSEC_ENCAP_TUNNEL)
>>>> >>> t.attributes.type: 0001 (ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE)
>>>> >>> t.attributes.u.attr_16: 0001 (IPSEC_LIFE_SECONDS)
>>>> >>> t.attributes.type: 0002 (ISAKMP_IPSEC_ATTRIB_SA_LIFE_DURATION)
>>>> >>> t.attributes.u.lots.length: 0004
>>>> >>> t.attributes.u.lots.data: 00007080
>>>> >>> DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>> next_type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> length: 001c
>>>> >>> t.number: 02
>>>> >>> t.id: 02 (ISAKMP_IPSEC_AH_MD5)
>>>> >>> t.attributes.type: 0005 (ISAKMP_IPSEC_ATTRIB_AUTH_ALG)
>>>> >>> t.attributes.u.attr_16: 0001 (IPSEC_AUTH_HMAC_MD5)
>>>> >>> t.attributes.type: 0004 (ISAKMP_IPSEC_ATTRIB_ENCAP_MODE)
>>>> >>> t.attributes.u.attr_16: 0001 (IPSEC_ENCAP_TUNNEL)
>>>> >>> t.attributes.type: 0001 (ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE)
>>>> >>> t.attributes.u.attr_16: 0001 (IPSEC_LIFE_SECONDS)
>>>> >>> t.attributes.type: 0002 (ISAKMP_IPSEC_ATTRIB_SA_LIFE_DURATION)
>>>> >>> t.attributes.u.lots.length: 0004
>>>> >>> t.attributes.u.lots.data: 00007080
>>>> >>> DONE PARSING PAYLOAD type: 03 (ISAKMP_PAYLOAD_T)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> DONE PARSING PAYLOAD type: 02 (ISAKMP_PAYLOAD_P)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> DONE PARSING PAYLOAD type: 01 (ISAKMP_PAYLOAD_SA)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 0a (ISAKMP_PAYLOAD_NONCE)
>>>> >>> next_type: 05 (ISAKMP_PAYLOAD_ID)
>>>> >>> length: 0018
>>>> >>> ke.data:
>>>> >>> 5873111b 8f941d58 2de37c7a 04ccdfde 8d2da65c
>>>> >>> DONE PARSING PAYLOAD type: 0a (ISAKMP_PAYLOAD_NONCE)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)
>>>> >>> next_type: 05 (ISAKMP_PAYLOAD_ID)
>>>> >>> length: 0010
>>>> >>> id.type: 07 (ISAKMP_IPSEC_ID_IPV4_ADDR_RANGE)
>>>> >>> id.protocol: 00
>>>> >>> id.port: 0000
>>>> >>> id.data: 00000000 ffffffff
>>>> >>> DONE PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)
>>>> >>> next_type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> length: 000c
>>>> >>> id.type: 01 (ISAKMP_IPSEC_ID_IPV4_ADDR)
>>>> >>> id.protocol: 00
>>>> >>> id.port: 0000
>>>> >>> id.data: 0a680655
>>>> >>> DONE PARSING PAYLOAD type: 05 (ISAKMP_PAYLOAD_ID)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> extra data: 0000
>>>> >>> PARSE_OK
>>>> >>> hashlen: 20
>>>> >>> u.hash.length: 20
>>>> >>> expected_hash:
>>>> >>> 566765c5 5a21fee4 14d6f4c7 379d0e78 65f524c0
>>>> >>> h->u.hash.data:
>>>> >>> 566765c5 5a21fee4 14d6f4c7 379d0e78 65f524c0
>>>> >>>
>>>> >>> do_phase2: S7.5 QM_packet2 check reject offer
>>>> >>> [2008-11-08 14:11:36]
>>>> >>>
>>>> >>> do_phase2: S7.6 QM_packet2 check and process proposal
>>>> >>> [2008-11-08 14:11:36]
>>>> >>>
>>>> >>>
>>>> >>> ---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
>>>> >>>
>>>> >>>
>>>> >>> size = 36, blksz = 8, padding = 4
>>>> >>>
>>>> >>> sending: ========================>
>>>> >>> BEGIN_PARSE
>>>> >>> Recieved Packet Len: 68
>>>> >>> i_cookie: b745ec80 7ac4fa09
>>>> >>> r_cookie: 29ff92b7 e2ee6c53
>>>> >>> payload: 08 (ISAKMP_PAYLOAD_HASH)
>>>> >>> isakmp_version: 10
>>>> >>> exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
>>>> >>> flags: 01
>>>> >>> message_id: 3f450401
>>>> >>> len: 00000044
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>>>> >>> next_type: 0b (ISAKMP_PAYLOAD_N)
>>>> >>> length: 0018
>>>> >>> ke.data:
>>>> >>> aa699248 7ba933bd 1ce37ddd 949f9cd2 760493cd
>>>> >>> DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
>>>> >>> next_type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> length: 000c
>>>> >>> n.doi: 00000001 (ISAKMP_DOI_IPSEC)
>>>> >>> n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
>>>> >>> n.spi_length: 00
>>>> >>> n.type: 000f (ISAKMP_N_BAD_PROPOSAL_SYNTAX)
>>>> >>> n.spi:
>>>> >>> n.data:
>>>> >>> DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> extra data: 00000000
>>>> >>> PARSE_OK
>>>> >>> size = 52, blksz = 8, padding = 4
>>>> >>>
>>>> >>> sending: ========================>
>>>> >>> BEGIN_PARSE
>>>> >>> Recieved Packet Len: 84
>>>> >>> i_cookie: b745ec80 7ac4fa09
>>>> >>> r_cookie: 29ff92b7 e2ee6c53
>>>> >>> payload: 08 (ISAKMP_PAYLOAD_HASH)
>>>> >>> isakmp_version: 10
>>>> >>> exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
>>>> >>> flags: 01
>>>> >>> message_id: fde60155
>>>> >>> len: 00000054
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>>>> >>> next_type: 0c (ISAKMP_PAYLOAD_D)
>>>> >>> length: 0018
>>>> >>> ke.data:
>>>> >>> d166c8c5 752a3207 19efcf7c 222d0ae8 d8891ac1
>>>> >>> DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
>>>> >>> next_type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> length: 001c
>>>> >>> d.doi: 00000001 (ISAKMP_DOI_IPSEC)
>>>> >>> d.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
>>>> >>> d.spi_length: 10
>>>> >>> d.num_spi: 0001
>>>> >>> d.spi: b745ec80 7ac4fa09 29ff92b7 e2ee6c53
>>>> >>> DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
>>>> >>>
>>>> >>> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
>>>> >>> extra data: 00000000
>>>> >>> PARSE_OK
>>>> >>> ./vpnc: quick mode response rejected [2]:
>>>> >>> (ISAKMP_N_BAD_PROPOSAL_SYNTAX)(15)
>>>> >>>
>>>> >>> Antonio Borneo wrote:
>>>> >>>
>>>> >>>>
>>>> >>>> Hi,
>>>> >>>> in attachment a preliminary patch that supports
>>>> >>>> a) "User Name and Password Authentication" (from François' patch)
>>>> >>>> b) "Group Password Authentication"
>>>> >>>> c) "Response Only Token" (default)
>>>> >>>> d) "Response Only Token" with split PIN and Token fields
>>>> >>>>
>>>> >>>> I invite you to test it.
>>>> >>>> I have only tested b), since it is the only account I have.
>>>> >>>> Case c) is the mode usually supported by vpnc-nortel. I have applyed
>>>> >>>> the patch I attached before, on which I have received no feedback.
>>>> >>>> This is the default mode, for backward compatibility with your old
>>>> >>>> config file.
>>>> >>>>
>>>> >>>> To select one of the different modes, use the command line option
>>>> >>>> --nortel-auth-mode
>>>> >>>> <username/cert/token/PIN-token/token-SW/gpassword>
>>>> >>>> These are the same modes available in Nortel client 6.01 for
>>>> >>>> Windows.
>>>> >>>> The options "cert" and "token-SW" are not implemented.
>>>> >>>> Older Nortel clients implement also "Challenge Response Token". I
>>>> >>>> have
>>>> >>>> received no feedback if someone is using it. Should be included?
>>>> >>>>
>>>> >>>> I'm not really satisfied about the option set. There is overlapping
>>>> >>>> with option --auth-mode and, in case of "Challenge Response Token",
>>>> >>>> also with --xauth-inter.
>>>> >>>> I did not changed anything, around them, to avoid any code
>>>> >>>> corruption
>>>> >>>> with Cisco branch.
>>>> >>>> Any suggestion for better integration with Cisco code is welcome.
>>>> >>>>
>>>> >>>> Best Regards,
>>>> >>>> Antonio Borneo
>>>> >>>>
>>>> >>>> On Mon, Nov 3, 2008 at 11:19 AM, Antonio Borneo
>>>> >>>> <borneo.antonio at gmail.com> wrote:
>>>> >>>>
>>>> >>>>
>>>> >>>>>
>>>> >>>>> Hi,
>>>> >>>>> using info from François and other contributors to this list, I'm
>>>> >>>>> going to add in vpnc-nortel the support for:
>>>> >>>>> - "User Name and Password Authentication" (from François)
>>>> >>>>> - "Group Password Authentication" (currently used by me and
>>>> >>>>> François)
>>>> >>>>> - add to existing "Response Only Token" the option of separate
>>>> >>>>> "PIN"
>>>> >>>>> and "Token"
>>>> >>>>>
>>>> >>>>> Anyone can confirm if the following options are currently working?
>>>> >>>>> - "Digital Certificate Authentication"
>>>> >>>>> - "Challenge Response Token"
>>>> >>>>>
>>>> >>>>> I have no access to a "Response Only Token" server, so I need your
>>>> >>>>> help to test the attached patch. It should allow better integration
>>>> >>>>> with the new authentication modes.
>>>> >>>>> It is a small modification to the existing code; should work
>>>> >>>>> without
>>>> >>>>> any problem.
>>>> >>>>>
>>>> >>>>> Everyone able to connect to a "Response Only Token" server with
>>>> >>>>> vpnc-nortel as it is today in svn, could test the patch.
>>>> >>>>> The patch is against vpnc-nortel version 352 but can be applied to
>>>> >>>>> older code, doesn't really matter.
>>>> >>>>>
>>>> >>>>> Thank you.
>>>> >>>>> Best Regards
>>>> >>>>> Antonio Borneo
>>>> >>>>>
>>>> >>>>>
>>>> >>>>>
>>>> >>>>> ------------------------------------------------------------------------
>>>> >>>>>
>>>> >>>>> _______________________________________________
>>>> >>>>> vpnc-devel mailing list
>>>> >>>>> vpnc-devel at unix-ag.uni-kl.de
>>>> >>>>> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
>>>> >>>>> http://www.unix-ag.uni-kl.de/~massar/vpnc/
>>>> >>>>>
>>>> >>>
>>>> >>> _______________________________________________
>>>> >>> vpnc-devel mailing list
>>>> >>> vpnc-devel at unix-ag.uni-kl.de
>>>> >>> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
>>>> >>> http://www.unix-ag.uni-kl.de/~massar/vpnc/
>>>> >>>
>>>> >>>
>>>> >
>>>> >
>>>
>>
>>
>
More information about the vpnc-devel
mailing list