[Openswan dev]

Paul Wouters paul at xelerance.com
Thu Oct 6 03:50:38 CEST 2005


On Wed, 5 Oct 2005, Mariusz Woloszyn wrote:

> I'd like to announce the OpenSClient project which purpose is to enable 
> CheckPoint Hybrid Authentication mode support in OpenSwan allowing for
> Username/Password (or two factor, like SecureID) authenticated VPNs among 
> CheckPoint and Linux. Please see following page for more details:
> http://emsi.it.pl/auto/opensclient

Thank you, I've added this as http://bugs.xelerance.com/view.php?id=461

> The project is based upon Criss Poon findings and OpenSwan patch (see thread: 
> http://lists.openswan.org/pipermail/dev/2004-May/000327.html) which has been 
> ported to OpenSwan 2.4 and a simple HOWTO explaining how to use it and 
> configure to connect.

Having added a howto is very good too!

> It's far from beeing perfect so any suggestions are welcome. There are also 
> many issues to address like the reauthentication problem and so on so don't 
> expect it to be ultimate solution ;)

As far as I understood XAUTH connections in general have this problem and
should never rekey.

> Another question is whether it's possible to implement this functionality 
> (this way or another) in mainstream OpenSwan?

It's been added to our queue for reviewing. Did you happen to run the UML
testsuite over a patched openswan to see what things your patch might have
broken?

One thing that worries me a bit is that the patch seems to touch
INTERNAL_IP4_SUBNET.

We would also most like would like to have this capability #ifdef'ed, so
that a Makefile.inc variable determines whether or not to build with
Hybrid Mode support. That would also limit any potential problems caused
by this patch.

Paul


More information about the Dev mailing list