[Openswan dev] Re: openswan 3DES+SHA1+XAUTH

[Paul Wouters]

On Fri, 10 Dec 2004, Bas Huisman wrote:

> conn GroupVPN
>        left=%defaultroute
>        right=x.x.x.x
>        rightsubnet=0.0.0.0/32
>        auto=start
>        auth=esp
>        authby=secret
>        esp=3des-sha1-96
>        pfs=no
>        xauth=yes
>
> I am fiddeling with:
>
> #       leftxauthclient=yes
> #       rightxauthserver=yes

Why do you have pfs=no?
Also does safenet perhaps want aggr_mode=yes?

But you should try to not use xauth=yes but leftxauthserver=yes

> # When doing XAUTH, include PAM support as well, requires HAVE_THREADS
> # true as well
> USE_XAUTHPAM?=false

So you have HAVE_THREADS=true ?

> On the user-mailing list someone said I can't use auto=start with xauth
> autentication because pluto needs a user+pass from whack (by hand)

That is for being an xauth client. I think it is not needed for xauth server.

Remember, xauth is all very new. There might be bugs.

Paul
-- 
    Math is case-sensitive
                             --- Ian Goldberg