XAuth How to?
-
I'm ready willing and able to RTFM; but we can't find any docs or comments anywhere.
We happily have Shrew connecting to pfSense 2.0 RC3 with psk. However, we would like to add a password requirement simply to better secure the laptop with the Shrew profile saved.
We have simply changed the "Authentication Method" in phase 1 from "Mutual PSK" to "Mutual PSK + Xauth". Our assumption (and perhaps our error) is that "System" for Xauth simply means "query the local password file for a match with some user defined in the user manager." However, none of the authentications which work for the web GUI appear to be acceptable to raccoon. The log says "login failed for user".
Thanks for your time.
-
Setup a mobil vpn today with shrew. It seems that a edit -> save of phase 1 is needed after creating a user.
-
Thanks for the quick reply.
The users we are authenticating with are all in group "admins." Doesn't that provide blanket permissions? We added the specific "VPN IPSec XAuth" permission (seems like a good idea); but we still have a bad auth failure.
On a "why not?" whim we changed the client ID string used in Phase 1 to match the username provided for Xauth. That didn't help either. Still failing with bad auth.