[Swan] Trying to set up libreswan with PAM and Google-authenticator for Mac Clients

Joe Shockman shockman at gmail.com
Fri Nov 20 21:59:01 UTC 2015

I can't seem to get xauthby=pam working. I recompiled libreswan with PAM
support. The VPN server *does* work when I set it up to use chap so I know
the server is largely set up right.

I'm following instructions from Libreswan Docs
the variation of using shared secret instead of RSA signature (Can't find
instructions on how to enable RSA sig on the Mac client, I do have an
internal CA though, so could use certificate if it's required for xauth)

Not a lot of useful info in the logs


received Vendor ID payload [FRAGMENTATION 80000000]


racoon[25999]: CHKPH1THERE: no established ph1 handler found
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151120/eb0b8b73/attachment.html>

More information about the Swan mailing list