Hybrid RSA + Xauth fails with no Xauth secret found

Started by fromageblue, October 21, 2019, 12:21:39 AM

Previous topic - Next topic
I have an IPsec mobile client setup with Hybrid RSA + Xauth with a LDAP backend. I tested the LDAP backend authentication with the "System: Access: Tester" page, no issues, LDAP works.

However, when I try to connect to my vpn, I keep getting an "XAuth authentication of 'myuser' failed" error message. I looked at my LDAP server's logs and I don't even see any connection attempts from OpnSense.
I tried switching to using the local database with a local user instead of LDAP, same error.

I tried the same IPsec configuration with LDAP backend, but instead of Hybrid RSA + Xauth, I used Mutual PSK + Xauth and that worked. Authentication successful and I see the connection from OpnSense in my LDAP logs.

So why does it work with a Mutual PSK + Xauth setup, but fails with a Hybrid RSA + Xauth.

The only error messages on OpnSense are:
XAuth authentication of 'myuser' failed
no XAuth secret found for 'server' - 'myuser'