[Swan] XAUTH oddity

[Nels Lindquist]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I was working on trying to set up A/D integrated RADIUS
authentication for XAUTH on our production gateway; pure pam
systemauth authentication was working fine.  However, at a certain
point (without making any changes to libreswan config) the XAUTH
connections stopped working entirely, and I haven't been able to
resolve the issue.

All other tunnels (including L2TP roadwarriors) continue to work fine,
but all incoming XAUTH connections fail at the point when the request
for XAUTH credentials is made:

Mar 16 11:24:07 yeggate pluto[21352]: "xauth-rsa"[1] 184.151.222.0
#15: XAUTH: Sending Username/Password request (XAUTH_R0)

No response is received from the client (Shrew Soft VPN on Windows 7).

I've restarted clients, restarted ipsec, deleted and re-added
connection definitions, etc. all to no avail.  The clients are able to
connect to two other test setups on different networks with no
difficulty, and I can find no relevant differences configuration-wise.
 I tried setting xauthby to "alwaysok" but the behaviour is the same.

I'm leaning toward some odd kernel state which might be resolved by a
reboot, but it's our production gateway and that will be problematic.
 In the event anyone has any other ideas, I'm game to try them...

LibreSWAN 3.19 running on CentOS 6, by the way.

- ----
Nels Lindquist
<nlindq at maei.ca>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAljKy9EACgkQh6z5POoOLgSKJACfd42Rd0ihNjyqNH8s2q98Ys6V
AqMAn2OdCQ0roHobGKyyhptDtOK9QZy/
=TJOT
-----END PGP SIGNATURE-----