[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shrew-vpn-help
Subject:    [Vpn-help] Using PCF Import, but it requires User/Password to Connect?
From:       mgrooms () shrew ! net (Matthew Grooms)
Date:       2009-10-06 16:02:24
Message-ID: 4ACB6A10.6090503 () shrew ! net
[Download RAW message or body]

Garrett Gyssler wrote:
> Hi Guys,
> 
> When I connect using my company?s PCF file and using Cisco software, I 
> just click ?connect.? It doesn?t require me to insert any user/password.
> 
> But, when I import the PCF into Shrew Soft VPN Client (2.1.5 rc4) and 
> click connect, it asks for a username/password. I can?t click connect 
> without inserting something into both of those fields. If I try to put 
> in a bogus user/password, it attempts to connect but will timeout with:
> 

Hi Garett,

The username and password authentication mechanism is called Xauth, but 
I don't see a way to distinguish between PSK or PSK + Xauth from the 
information contained in the PCF file. To make things more complicated, 
the authentication type needs to be sent along with the phase1 proposal 
which happens before Xauth negotiation. In other words, it can't really 
be auto detected by "listening" for an Xauth request without deviating 
from the specification.

The bottom line is that you will need to set your authentication method 
to Mutual PSK instead of Mutual PSK + Xauth when username / password is 
not required.

Hope this helps,

-Matthew


[prev in list] [next in list] [prev in thread] [next in thread]