Hi Niels, the syntax of the XAUTH secret changed with 4.4.0 in order to allow 1) multiple XAUTH secrets for a single user, 2) an optional xauth_identity and 3) to align the IKEv1 XAUTH secret format with the IKEv2 EAP secret format.
strongSwan version < 4.4.0 : XAUTH <username> "<secret>" strongSwan version >= 4.4.0 [<servername>] <username> : XAUTH "<secret>" Please see our examples: http://www.strongswan.org/uml/testresults44/ikev1/xauth-rsa/ with IKEv1 user identities and http://www.strongswan.org/uml/testresults44/ikev1/xauth-id-rsa/ with an additional XAUTH user identity. Regards Andreas On 08/26/2010 08:15 AM, Niels Peen wrote: > Hi, > > After upgrading from 4.3.6 to 4.4.1 (on Debian) my ipsec.secrets is not read > properly anymore. > > My ipsec.secrets: > ---- > : RSA combined.key.pem > : XAUTH vpn "vpn" > ---- > > Output on 4.3.6: > ---- > 002 forgetting secrets > 002 loading secrets from "/etc/ipsec.secrets" > 002 loaded private key from 'combined.key.pem' > 002 loaded xauth credentials of user 'vpn' > ---- > > Output on 4.4.1: > ---- > 002 forgetting secrets > 002 loading secrets from "/etc/ipsec.secrets" > 002 loaded private key from 'combined.key.pem' > 002 loaded XAUTH secret for %any > 003 "/etc/ipsec.secrets" line 2: PSK data malformed (input does not begin > with format prefix): vpn > ---- > > I could not find any obvious changes in the changelog. Is there anything I'm > missing? > > Thanks, > Niels > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
