[Swan] Trying to set up libreswan with PAM and Google-authenticator for Mac Clients
Joe Shockman
shockman at gmail.com
Fri Nov 20 21:59:01 UTC 2015
I can't seem to get xauthby=pam working. I recompiled libreswan with PAM
support. The VPN server *does* work when I set it up to use chap so I know
the server is largely set up right.
I'm following instructions from Libreswan Docs
<https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH>
With
the variation of using shared secret instead of RSA signature (Can't find
instructions on how to enable RSA sig on the Mac client, I do have an
internal CA though, so could use certificate if it's required for xauth)
Not a lot of useful info in the logs
Server:
received Vendor ID payload [FRAGMENTATION 80000000]
Client:
racoon[25999]: CHKPH1THERE: no established ph1 handler found
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151120/eb0b8b73/attachment.html>
More information about the Swan
mailing list