[Openswan dev]

Paul Wouters paul at xelerance.com
Thu Oct 6 03:50:38 CEST 2005

On Wed, 5 Oct 2005, Mariusz Woloszyn wrote:

> I'd like to announce the OpenSClient project which purpose is to enable 
> CheckPoint Hybrid Authentication mode support in OpenSwan allowing for
> Username/Password (or two factor, like SecureID) authenticated VPNs among 
> CheckPoint and Linux. Please see following page for more details:
> http://emsi.it.pl/auto/opensclient

Thank you, I've added this as http://bugs.xelerance.com/view.php?id=461

> The project is based upon Criss Poon findings and OpenSwan patch (see thread: 
> http://lists.openswan.org/pipermail/dev/2004-May/000327.html) which has been 
> ported to OpenSwan 2.4 and a simple HOWTO explaining how to use it and 
> configure to connect.

Having added a howto is very good too!

> It's far from beeing perfect so any suggestions are welcome. There are also 
> many issues to address like the reauthentication problem and so on so don't 
> expect it to be ultimate solution ;)

As far as I understood XAUTH connections in general have this problem and
should never rekey.

> Another question is whether it's possible to implement this functionality 
> (this way or another) in mainstream OpenSwan?

It's been added to our queue for reviewing. Did you happen to run the UML
testsuite over a patched openswan to see what things your patch might have

One thing that worries me a bit is that the patch seems to touch

We would also most like would like to have this capability #ifdef'ed, so
that a Makefile.inc variable determines whether or not to build with
Hybrid Mode support. That would also limit any potential problems caused
by this patch.


More information about the Dev mailing list