Error: "Failed to connect to the Authentication Gateway"

  • 3623304
  • 01-Oct-2007
  • 16-Mar-2012

Environment

Novell BorderManager 3.8
BM38SP4.EXE applied
VPN Client 3.8.9
VPN Client 3.8.10
NMAS Authentication

Situation

Error: "Failed to connect to the Authentication Gateway"
Unable to open SYS:\_netware\vpn\PRESHAR.KEY! errno= 1 seen in the server side IKE log file.
Error: Pre-shared key not configured for C2S seen in the csaudit log file on the server.
Problem only shows for a couple of VPN clients per day and once you try to connect at a later time it works fine.

Resolution

Fixed with latest VPN client

Status

Reported to Engineering

Additional Information

In the client side IKE log file can be seen that NMAS authentication is selected "Negotiating for an NMAS user"

In the server side IKE log file the following entries are seen:
30.3.2006 10:58:16 Start IKE-SA 93723DE0 - Responder,src=x.x.x.x,dst=x.x.x.x,TotSA=100
30.3.2006 10:58:16 AUTH ALG IS 3
30.3.2006 10:58:16 Peer requesting Pre shared authentication method Accept
30.3.2006 10:58:16 IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=28800
30.3.2006 10:58:16 Unable to open SYS:\_netware\vpn\PRESHAR.KEY! errno= 1
30.3.2006 10:58:16 Processed SA-PAYLOAD unsuccessful - Unable to get the pre-shared key, dst=x.x.x.x.
30.3.2006 10:58:16 Error processing the first MM packet - Unable to get the pre-shared key
30.3.2006 10:58:16 IKE-SA 93723DE0 is Deleted,I-COOKIE=369B9BBA,R-COOKIE=F5B2A502,dst=x.x.x.x

In the csaudit log file on the server the following is seen for this connection:
VPN -- Thu Mar 30 10:58:16 2006
Error: Pre-shared key not configured for C2S
VPN -- Thu Mar 30 10:58:16 2006
Failed to create IKE SA - Unable to get the pre-shared key cookies
my-his : F5B2A502097DABA0-369B9BBAD044B9EE dst: x.x.x.x src: x.x.x.x

So the request on the VPN server side is treated as a request to do Pre shared key authentication while it was initiated at the VPN client as an NMAS authentication request.

Formerly known as TID# 10100860

Feedback service temporarily unavailable. For content questions or problems, please contact Support.