[Swan] Question about xauthby=file

Paul Wouters paul at nohats.ca
Wed Nov 25 19:46:56 UTC 2015


On Wed, 25 Nov 2015, Joe Shockman wrote:

> I'm using this doc and I can't get xauthby=file to work
> https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH
> 
> I think I'm just failing to understand how xauth is supposed to work.
> Can anyone send an example of a working config? ( ipsec.conf + xl2tpd.conf )

There are a few tests, this is one example:

https://github.com/libreswan/libreswan/tree/master/testing/pluto/xauth-pluto-04

> Does xauth require rsa sigs or certs? Or does it also support using a shared secret? (that seems way simpler, and
> sufficiently secure)

The XAUTH method is independant of the auth method. So you can use PSK,
X.509 certs or raw RSA.

Paul


More information about the Swan mailing list