Mailing List Archive

Good day again,

I got the Group passphrase by analyzing the client's memory - but now
I'm stuck at phase2: ./vpnc: response was invalid [1]:
(ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)

Some captured packages:
S4.5 AM_packet3
[2014-07-17 16:15:55]
size = 36, blksz = 8, padding = 4

sending: ========================>
BEGIN_PARSE
Received Packet Len: 68
i_cookie: d807d703 d4a5f8ce
r_cookie: 97ef4b9a 9cb95f46
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 04 (ISAKMP_EXCHANGE_AGGRESSIVE)
flags: 01
message_id: 00000000
len: 00000044

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0b (ISAKMP_PAYLOAD_N)
length: 0018
ke.data:
61193407 01282b18 cdb044bc 9855c3a5 586b020b
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 000c
n.doi: 00000001 (ISAKMP_DOI_IPSEC)
n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
n.spi_length: 00
n.type: 6002 (ISAKMP_N_IPSEC_INITIAL_CONTACT)
n.spi:
n.data:
DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
initial_iv: 8c3929c2 a9caa8fb


receiving: <========================
[2014-07-17 16:15:55]

S4.6 cleanup
[2014-07-17 16:15:55]

S5 do_phase2_xauth [1]
[2014-07-17 16:15:55]

S5.1 xauth_request
[2014-07-17 16:15:55]

S5.2 notice_check
[2014-07-17 16:15:55]
BEGIN_PARSE
Received Packet Len: 76
i_cookie: d807d703 d4a5f8ce
r_cookie: 97ef4b9a 9cb95f46
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
flags: 01
message_id: c35fdb76
len: 0000004c

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
length: 0018
ke.data:
a892ab13 9851d4e3 1a567540 3d97a688 d7b44ed3
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0014
modecfg.type: 01 (ISAKMP_MODECFG_CFG_REQUEST)
modecfg.id: 8261
t.attributes.type: 000d (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET)
t.attributes.u.attr_16: 0000
t.attributes.type: 000e (ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES)
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 000f (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_SUBNET)
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
hashlen: 20
u.hash.length: 20
expected_hash:
a892ab13 9851d4e3 1a567540 3d97a688 d7b44ed3
h->u.hash.data:
a892ab13 9851d4e3 1a567540 3d97a688 d7b44ed3

S5.3 type-is-xauth check
[2014-07-17 16:15:55]

S5.4 xauth type check
[2014-07-17 16:15:55]

S5.5 do xauth reply
[2014-07-17 16:15:55]
size = 62, blksz = 8, padding = 2

sending: ========================>
BEGIN_PARSE
Received Packet Len: 92
i_cookie: d807d703 d4a5f8ce
r_cookie: 97ef4b9a 9cb95f46
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
flags: 01
message_id: c35fdb76
len: 0000005c

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
length: 0018
ke.data:
0f284186 d4c19eb0 c8035995 1e7836f3 25b40d68
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0026
modecfg.type: 02 (ISAKMP_MODECFG_CFG_REPLY)
modecfg.id: 8261
t.attributes.type: 000d (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET)
t.attributes.u.attr_16: 0005
t.attributes.type: 000e (ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES)
(not dumping xauth data length)
(not dumping xauth data)
t.attributes.type: 0010 (ISAKMP_XAUTH_02_ATTRIB_PASSCODE)
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 0000
PARSE_OK


receiving: <========================
[2014-07-17 16:15:57]

S5.2 notice_check
[2014-07-17 16:15:57]
BEGIN_PARSE
Received Packet Len: 68
i_cookie: d807d703 d4a5f8ce
r_cookie: 97ef4b9a 9cb95f46
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: 0126db32
len: 00000044

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0b (ISAKMP_PAYLOAD_N)
length: 0018
ke.data:
a962cf80 86bc142f 7c567439 076b9787 3986ee97
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0010
n.doi: 00000001 (ISAKMP_DOI_IPSEC)
n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
n.spi_length: 00
n.type: 0018 (ISAKMP_N_AUTHENTICATION_FAILED)
n.spi:
n.data: 00000008
DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK
hashlen: 20
u.hash.length: 20
expected_hash:
a962cf80 86bc142f 7c567439 076b9787 3986ee97
h->u.hash.data:
a962cf80 86bc142f 7c567439 076b9787 3986ee97
received notice of type (ISAKMP_N_AUTHENTICATION_FAILED)(24), giving up

S5.3 type-is-xauth check
[2014-07-17 16:15:57]


---!!!!!!!!! entering phase2_fatal !!!!!!!!!---


size = 36, blksz = 8, padding = 4

sending: ========================>
BEGIN_PARSE
Received Packet Len: 68
i_cookie: d807d703 d4a5f8ce
r_cookie: 97ef4b9a 9cb95f46
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: 2a096aa7
len: 00000044

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0b (ISAKMP_PAYLOAD_N)
length: 0018
ke.data:
ac36bc12 3029339b 102dbb0b 6a660913 325eaaa9
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 000c
n.doi: 00000001 (ISAKMP_DOI_IPSEC)
n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
n.spi_length: 00
n.type: 0007 (ISAKMP_N_INVALID_EXCHANGE_TYPE)
n.spi:
n.data:
DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK

S7.11 send isakmp termination message
[2014-07-17 16:15:57]
size = 52, blksz = 8, padding = 4



What can I do?

Best regards,
Michael Fritscher


Am 17.07.2014 15:16, schrieb Michael Fritscher:
> Good day,
>
> I'm trying to connect to a cooperate Nortel VPN. For that, I'm using
> http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel .
>
> For this I examined the NvcProfiles_A.dat, which is as following:
>
> [VPN]
> AllowSavePassword=True
> AuthType=ResponseOnlyHW
> CertificateAltNameType=None
> CertificateName=
> Description=VPN-Name
> DestServer=1.2.3.4
> DestPort=
> DialupEntry=
> EntityName=
> EntityPass=
> EntityPass2=
> FailoverList=
> FailoverProfile=
> GroupID=vpnGroupID
> GroupPass=<hexrepresentation:
> 11:80:22:80:33:80:44:80:55:80:66:80:77:80:88:80>
> KeepAliveType=ActiveKeepalives
> LoginServiceName=
> PostLaunchArguments=
> PostLaunchFileName=
> PreLaunchArguments=
> PreLaunchFileName=
> PreLaunchTimeOut=10
> ProfileName=VPN-Connection
> ProxyExceptions=
> ProxyPort=
> ProxyServer=
> TunnelType=IPSec
> UsePasscode=False
> UseProxyServer=None
> UseSecondPassword=False
> UseSoftwareToken=False
>
> It is using a RSASecurID aka 2 Factor Authorisation aka Password+Pin.
>
> I translated this into
> IPSec gateway 1.2.3.4
> IPSec ID vpnGroupID
> IPSec obfuscated secret 11802280...8880
> IPSec secret <asc(11)><asc(22)>...<asc(88)>
> Xauth username myUsername
> Vendor nortel
> IKE Authmode PIN-token
> NAT Traversal Mode nortel-udp
> Debug 99
>
> it seems to be obfuscating other than obfuscated secret espects (I
> assume that is for cisco?)
>
> If I try the cleartext-variant, I get
> ./vpnc: hash comparison failed: (ISAKMP_N_AUTHENTICATION_FAILED)(24)
> check group password! I tried also simply copying the binary string into
> the config, and <asc(11)<asc(80)>...<asc(88)><asc(80)>
>
> The Nvc.exe has the version 10.1.52.0, it was last changed on 11.12.2008
> 9:30.
>
> So, the question is: What is the right way to extract the group password
> out of the config?
>
> Best regards,
> Michael Fritscher
>
>
>
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel@unix-ag.uni-kl.de
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
>


--
ZfT - Zentrum für Telematik e.V.
Michael Fritscher
Allesgrundweg 12
97218 Gerbrunn
Tel: +49 (931) 3 29 29 54 - 21
Fax: +49 (931) 3 29 29 54 - 11
Email: michael.fritscher@telematik-zentrum.de
Web: http://www.telematik-zentrum.de

Vorstand:
Prof. Dr. Klaus Schilling, Hans-Joachim Leistner
Sitz: Gerbrunn
USt.-ID Nr.: DE 257 244 580, Steuer-Nr.: 257/111/70203
Amtsgericht Würzburg, Vereinsregister-Nr.: VR 200 167

I believe you are stuck on the same problem as I have.

VPNC currently only supports up to dh5 IKE.

The VPN I am attempting to connect to uses dh8 IKE, which you can see
as the IKE value in the Avaya/Nortel Contivity client.

It seems unlikely IMO that dh8 IKE will ever be implemented in vpnc,
given the limited development activity.

https://tools.ietf.org/id/draft-ietf-ipsec-ike-ecp-groups-02.txt

So far, my only workaround has been to run the Windows client under
Virtualbox. It does work, but inconvenient.

John

On Thu, Jul 17, 2014 at 10:18 AM, Michael Fritscher
<michael.fritscher@telematik-zentrum.de> wrote:
> Good day again,
>
> I got the Group passphrase by analyzing the client's memory - but now I'm
> stuck at phase2: ./vpnc: response was invalid [1]:
> (ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)
>
> Some captured packages:
> S4.5 AM_packet3
> [2014-07-17 16:15:55]
> size = 36, blksz = 8, padding = 4
>
> sending: ========================>
> BEGIN_PARSE
> Received Packet Len: 68
> i_cookie: d807d703 d4a5f8ce
> r_cookie: 97ef4b9a 9cb95f46
> payload: 08 (ISAKMP_PAYLOAD_HASH)
> isakmp_version: 10
> exchange_type: 04 (ISAKMP_EXCHANGE_AGGRESSIVE)
> flags: 01
> message_id: 00000000
> len: 00000044
>
> PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
> next_type: 0b (ISAKMP_PAYLOAD_N)
> length: 0018
> ke.data:
> 61193407 01282b18 cdb044bc 9855c3a5 586b020b
> DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>
> PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
> next_type: 00 (ISAKMP_PAYLOAD_NONE)
> length: 000c
> n.doi: 00000001 (ISAKMP_DOI_IPSEC)
> n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
> n.spi_length: 00
> n.type: 6002 (ISAKMP_N_IPSEC_INITIAL_CONTACT)
> n.spi:
> n.data:
> DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
>
> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
> extra data: 00000000
> PARSE_OK
> initial_iv: 8c3929c2 a9caa8fb
>
>
> receiving: <========================
> [2014-07-17 16:15:55]
>
> S4.6 cleanup
> [2014-07-17 16:15:55]
>
> S5 do_phase2_xauth [1]
> [2014-07-17 16:15:55]
>
> S5.1 xauth_request
> [2014-07-17 16:15:55]
>
> S5.2 notice_check
> [2014-07-17 16:15:55]
> BEGIN_PARSE
> Received Packet Len: 76
> i_cookie: d807d703 d4a5f8ce
> r_cookie: 97ef4b9a 9cb95f46
> payload: 08 (ISAKMP_PAYLOAD_HASH)
> isakmp_version: 10
> exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
> flags: 01
> message_id: c35fdb76
> len: 0000004c
>
> PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
> next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
> length: 0018
> ke.data:
> a892ab13 9851d4e3 1a567540 3d97a688 d7b44ed3
> DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>
> PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
> next_type: 00 (ISAKMP_PAYLOAD_NONE)
> length: 0014
> modecfg.type: 01 (ISAKMP_MODECFG_CFG_REQUEST)
> modecfg.id: 8261
> t.attributes.type: 000d (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET)
> t.attributes.u.attr_16: 0000
> t.attributes.type: 000e (ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES)
> t.attributes.u.lots.length: 0000
> t.attributes.u.lots.data:
> t.attributes.type: 000f (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_SUBNET)
> t.attributes.u.lots.length: 0000
> t.attributes.u.lots.data:
> DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
>
> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
> extra data: 00000000
> PARSE_OK
> hashlen: 20
> u.hash.length: 20
> expected_hash:
> a892ab13 9851d4e3 1a567540 3d97a688 d7b44ed3
> h->u.hash.data:
> a892ab13 9851d4e3 1a567540 3d97a688 d7b44ed3
>
> S5.3 type-is-xauth check
> [2014-07-17 16:15:55]
>
> S5.4 xauth type check
> [2014-07-17 16:15:55]
>
> S5.5 do xauth reply
> [2014-07-17 16:15:55]
> size = 62, blksz = 8, padding = 2
>
> sending: ========================>
> BEGIN_PARSE
> Received Packet Len: 92
> i_cookie: d807d703 d4a5f8ce
> r_cookie: 97ef4b9a 9cb95f46
> payload: 08 (ISAKMP_PAYLOAD_HASH)
> isakmp_version: 10
> exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
> flags: 01
> message_id: c35fdb76
> len: 0000005c
>
> PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
> next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
> length: 0018
> ke.data:
> 0f284186 d4c19eb0 c8035995 1e7836f3 25b40d68
> DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>
> PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
> next_type: 00 (ISAKMP_PAYLOAD_NONE)
> length: 0026
> modecfg.type: 02 (ISAKMP_MODECFG_CFG_REPLY)
> modecfg.id: 8261
> t.attributes.type: 000d (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET)
> t.attributes.u.attr_16: 0005
> t.attributes.type: 000e (ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES)
> (not dumping xauth data length)
> (not dumping xauth data)
> t.attributes.type: 0010 (ISAKMP_XAUTH_02_ATTRIB_PASSCODE)
> (not dumping xauth data length)
> (not dumping xauth data)
> DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
>
> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
> extra data: 0000
> PARSE_OK
>
>
> receiving: <========================
> [2014-07-17 16:15:57]
>
> S5.2 notice_check
> [2014-07-17 16:15:57]
> BEGIN_PARSE
> Received Packet Len: 68
> i_cookie: d807d703 d4a5f8ce
> r_cookie: 97ef4b9a 9cb95f46
> payload: 08 (ISAKMP_PAYLOAD_HASH)
> isakmp_version: 10
> exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
> flags: 01
> message_id: 0126db32
> len: 00000044
>
> PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
> next_type: 0b (ISAKMP_PAYLOAD_N)
> length: 0018
> ke.data:
> a962cf80 86bc142f 7c567439 076b9787 3986ee97
> DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>
> PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
> next_type: 00 (ISAKMP_PAYLOAD_NONE)
> length: 0010
> n.doi: 00000001 (ISAKMP_DOI_IPSEC)
> n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
> n.spi_length: 00
> n.type: 0018 (ISAKMP_N_AUTHENTICATION_FAILED)
> n.spi:
> n.data: 00000008
> DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
>
> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
> PARSE_OK
> hashlen: 20
> u.hash.length: 20
> expected_hash:
> a962cf80 86bc142f 7c567439 076b9787 3986ee97
> h->u.hash.data:
> a962cf80 86bc142f 7c567439 076b9787 3986ee97
> received notice of type (ISAKMP_N_AUTHENTICATION_FAILED)(24), giving up
>
> S5.3 type-is-xauth check
> [2014-07-17 16:15:57]
>
>
> ---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
>
>
> size = 36, blksz = 8, padding = 4
>
> sending: ========================>
> BEGIN_PARSE
> Received Packet Len: 68
> i_cookie: d807d703 d4a5f8ce
> r_cookie: 97ef4b9a 9cb95f46
> payload: 08 (ISAKMP_PAYLOAD_HASH)
> isakmp_version: 10
> exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
> flags: 01
> message_id: 2a096aa7
> len: 00000044
>
> PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
> next_type: 0b (ISAKMP_PAYLOAD_N)
> length: 0018
> ke.data:
> ac36bc12 3029339b 102dbb0b 6a660913 325eaaa9
> DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>
> PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
> next_type: 00 (ISAKMP_PAYLOAD_NONE)
> length: 000c
> n.doi: 00000001 (ISAKMP_DOI_IPSEC)
> n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
> n.spi_length: 00
> n.type: 0007 (ISAKMP_N_INVALID_EXCHANGE_TYPE)
> n.spi:
> n.data:
> DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
>
> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
> extra data: 00000000
> PARSE_OK
>
> S7.11 send isakmp termination message
> [2014-07-17 16:15:57]
> size = 52, blksz = 8, padding = 4
>
>
>
> What can I do?
>
> Best regards,
> Michael Fritscher
>
>
> Am 17.07.2014 15:16, schrieb Michael Fritscher:
>>
>> Good day,
>>
>> I'm trying to connect to a cooperate Nortel VPN. For that, I'm using
>> http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel .
>>
>> For this I examined the NvcProfiles_A.dat, which is as following:
>>
>> [VPN]
>> AllowSavePassword=True
>> AuthType=ResponseOnlyHW
>> CertificateAltNameType=None
>> CertificateName=
>> Description=VPN-Name
>> DestServer=1.2.3.4
>> DestPort=
>> DialupEntry=
>> EntityName=
>> EntityPass=
>> EntityPass2=
>> FailoverList=
>> FailoverProfile=
>> GroupID=vpnGroupID
>> GroupPass=<hexrepresentation:
>> 11:80:22:80:33:80:44:80:55:80:66:80:77:80:88:80>
>> KeepAliveType=ActiveKeepalives
>> LoginServiceName=
>> PostLaunchArguments=
>> PostLaunchFileName=
>> PreLaunchArguments=
>> PreLaunchFileName=
>> PreLaunchTimeOut=10
>> ProfileName=VPN-Connection
>> ProxyExceptions=
>> ProxyPort=
>> ProxyServer=
>> TunnelType=IPSec
>> UsePasscode=False
>> UseProxyServer=None
>> UseSecondPassword=False
>> UseSoftwareToken=False
>>
>> It is using a RSASecurID aka 2 Factor Authorisation aka Password+Pin.
>>
>> I translated this into
>> IPSec gateway 1.2.3.4
>> IPSec ID vpnGroupID
>> IPSec obfuscated secret 11802280...8880
>> IPSec secret <asc(11)><asc(22)>...<asc(88)>
>> Xauth username myUsername
>> Vendor nortel
>> IKE Authmode PIN-token
>> NAT Traversal Mode nortel-udp
>> Debug 99
>>
>> it seems to be obfuscating other than obfuscated secret espects (I
>> assume that is for cisco?)
>>
>> If I try the cleartext-variant, I get
>> ./vpnc: hash comparison failed: (ISAKMP_N_AUTHENTICATION_FAILED)(24)
>> check group password! I tried also simply copying the binary string into
>> the config, and <asc(11)<asc(80)>...<asc(88)><asc(80)>
>>
>> The Nvc.exe has the version 10.1.52.0, it was last changed on 11.12.2008
>> 9:30.
>>
>> So, the question is: What is the right way to extract the group password
>> out of the config?
>>
>> Best regards,
>> Michael Fritscher
>>
>>
>>
>> _______________________________________________
>> vpnc-devel mailing list
>> vpnc-devel@unix-ag.uni-kl.de
>> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
>> http://www.unix-ag.uni-kl.de/~massar/vpnc/
>>
>
>
> --
> ZfT - Zentrum für Telematik e.V.
> Michael Fritscher
> Allesgrundweg 12
> 97218 Gerbrunn
> Tel: +49 (931) 3 29 29 54 - 21
> Fax: +49 (931) 3 29 29 54 - 11
> Email: michael.fritscher@telematik-zentrum.de
> Web: http://www.telematik-zentrum.de
>
> Vorstand:
> Prof. Dr. Klaus Schilling, Hans-Joachim Leistner
> Sitz: Gerbrunn
> USt.-ID Nr.: DE 257 244 580, Steuer-Nr.: 257/111/70203
> Amtsgericht Würzburg, Vereinsregister-Nr.: VR 200 167
>
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel@unix-ag.uni-kl.de
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
>

_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/