[Swan] XAUTH oddity
Nels Lindquist
nlindq at maei.ca
Tue Mar 21 17:23:25 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anything else I can provide for troubleshooting? Pluto logs, etc.?
Any suggestions?
- ----
Nels Lindquist
<nlindq at maei.ca>
On 2017/03/16 11:30 AM, Nels Lindquist wrote:
> So I was working on trying to set up A/D integrated RADIUS
> authentication for XAUTH on our production gateway; pure pam
> systemauth authentication was working fine. However, at a certain
> point (without making any changes to libreswan config) the XAUTH
> connections stopped working entirely, and I haven't been able to
> resolve the issue.
>
> All other tunnels (including L2TP roadwarriors) continue to work
> fine, but all incoming XAUTH connections fail at the point when the
> request for XAUTH credentials is made:
>
> Mar 16 11:24:07 yeggate pluto[21352]: "xauth-rsa"[1] 184.151.222.0
> #15: XAUTH: Sending Username/Password request (XAUTH_R0)
>
> No response is received from the client (Shrew Soft VPN on Windows
> 7).
>
> I've restarted clients, restarted ipsec, deleted and re-added
> connection definitions, etc. all to no avail. The clients are able
> to connect to two other test setups on different networks with no
> difficulty, and I can find no relevant differences
> configuration-wise. I tried setting xauthby to "alwaysok" but the
> behaviour is the same.
>
> I'm leaning toward some odd kernel state which might be resolved by
> a reboot, but it's our production gateway and that will be
> problematic. In the event anyone has any other ideas, I'm game to
> try them...
>
> LibreSWAN 3.19 running on CentOS 6, by the way.
>
> ---- Nels Lindquist <nlindq at maei.ca>
> _______________________________________________ Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAljRYY0ACgkQh6z5POoOLgQBZgCfa9BwFARLN76BpZXF3gUu0buk
uToAn1r6vmYVlIX8pSbApo4/Ul5oyNiw
=jOXk
-----END PGP SIGNATURE-----
More information about the Swan
mailing list