Obviously the GroupPassword is crypted in a cisco way. What happens
if you enter it manually once? Does it get stored permanently?

There is also a way to decrypt the enc_GroupPwd by using
cisco-decrypt.php[1] in case you only got the pcf-file and are not
aware of the password.


[1]
http://www.thecampusgeeks.com/tools/cisco-VPN-decrypt/cisco-decrypt.php

Stefan

Hi Garett,

The username and password authentication mechanism is called Xauth, but
I don't see a way to distinguish between PSK or PSK + Xauth from the
information contained in the PCF file. To make things more complicated,
the authentication type needs to be sent along with the phase1 proposal
which happens before Xauth negotiation. In other words, it can't really
be auto detected by "listening" for an Xauth request without deviating
from the specification.

The bottom line is that you will need to set your authentication method
to Mutual PSK instead of Mutual PSK + Xauth when username / password is
not required.

Hope this helps,

-Matthew

Hi Guys,



When I connect using my company's PCF file and using Cisco software, I just
click 'connect.' It doesn't require me to insert any user/password.



But, when I import the PCF into Shrew Soft VPN Client (2.1.5 rc4) and click
connect, it asks for a username/password. I can't click connect without
inserting something into both of those fields. If I try to put in a bogus
user/password, it attempts to connect but will timeout with:



-

pre-shared key configured

bringing up tunnel ...

negotiation timout occurred

-



Anyone know what I need to do so that I can connect without a user/pass just
like Cisco does?



I've attached the PCF below. Thanks!



[main]

Description=Something

Host=******

AuthType=1

GroupName=********

GroupPwd=

enc_GroupPwd=******

EnableISPConnect=0

ISPConnectType=0

ISPConnect=hhhhh

ISPPhonebook=****\something.pbk

ISPCommand=

Username=

SaveUserPassword=0

UserPassword=

enc_UserPassword=

NTDomain=

EnableBackup=0

BackupServer=

EnableMSLogon=1

MSLogonType=0

EnableNat=1

TunnelingMode=0

TcpTunnelingPort=10000

CertStore=0

CertName=

CertPath=

CertSubjectName=

CertSerialHash=00000000000000000000000000000000

SendCertChain=0

PeerTimeout=90

EnableLocalLAN=1

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091005/6140c200/attachment-0001.html>

Obviously the GroupPassword is crypted in a cisco way. What happens
if you enter it manually once? Does it get stored permanently?

There is also a way to decrypt the enc_GroupPwd by using
cisco-decrypt.php[1] in case you only got the pcf-file and are not
aware of the password.


[1]
http://www.thecampusgeeks.com/tools/cisco-VPN-decrypt/cisco-decrypt.php

Stefan

Hi Garett,

The username and password authentication mechanism is called Xauth, but
I don't see a way to distinguish between PSK or PSK + Xauth from the
information contained in the PCF file. To make things more complicated,
the authentication type needs to be sent along with the phase1 proposal
which happens before Xauth negotiation. In other words, it can't really
be auto detected by "listening" for an Xauth request without deviating
from the specification.

The bottom line is that you will need to set your authentication method
to Mutual PSK instead of Mutual PSK + Xauth when username / password is
not required.

Hope this helps,

-Matthew

Hi Guys,



When I connect using my company's PCF file and using Cisco software, I just
click 'connect.' It doesn't require me to insert any user/password.



But, when I import the PCF into Shrew Soft VPN Client (2.1.5 rc4) and click
connect, it asks for a username/password. I can't click connect without
inserting something into both of those fields. If I try to put in a bogus
user/password, it attempts to connect but will timeout with:



-

pre-shared key configured

bringing up tunnel ...

negotiation timout occurred

-



Anyone know what I need to do so that I can connect without a user/pass just
like Cisco does?



I've attached the PCF below. Thanks!



[main]

Description=Something

Host=******

AuthType=1

GroupName=********

GroupPwd=

enc_GroupPwd=******

EnableISPConnect=0

ISPConnectType=0

ISPConnect=hhhhh

ISPPhonebook=****\something.pbk

ISPCommand=

Username=

SaveUserPassword=0

UserPassword=

enc_UserPassword=

NTDomain=

EnableBackup=0

BackupServer=

EnableMSLogon=1

MSLogonType=0

EnableNat=1

TunnelingMode=0

TcpTunnelingPort=10000

CertStore=0

CertName=

CertPath=

CertSubjectName=

CertSerialHash=00000000000000000000000000000000

SendCertChain=0

PeerTimeout=90

EnableLocalLAN=1

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20091005/6140c200/attachment-0002.html>

Obviously the GroupPassword is crypted in a cisco way. What happens
if you enter it manually once? Does it get stored permanently?

There is also a way to decrypt the enc_GroupPwd by using
cisco-decrypt.php[1] in case you only got the pcf-file and are not
aware of the password.


[1]
http://www.thecampusgeeks.com/tools/cisco-VPN-decrypt/cisco-decrypt.php

Stefan

Hi Garett,

The username and password authentication mechanism is called Xauth, but
I don't see a way to distinguish between PSK or PSK + Xauth from the
information contained in the PCF file. To make things more complicated,
the authentication type needs to be sent along with the phase1 proposal
which happens before Xauth negotiation. In other words, it can't really
be auto detected by "listening" for an Xauth request without deviating
from the specification.

The bottom line is that you will need to set your authentication method
to Mutual PSK instead of Mutual PSK + Xauth when username / password is
not required.

Hope this helps,

-Matthew