paul at xelerance.com
Thu Oct 6 03:50:38 CEST 2005
On Wed, 5 Oct 2005, Mariusz Woloszyn wrote:
> I'd like to announce the OpenSClient project which purpose is to enable
> CheckPoint Hybrid Authentication mode support in OpenSwan allowing for
> Username/Password (or two factor, like SecureID) authenticated VPNs among
> CheckPoint and Linux. Please see following page for more details:
Thank you, I've added this as http://bugs.xelerance.com/view.php?id=461
> The project is based upon Criss Poon findings and OpenSwan patch (see thread:
> http://lists.openswan.org/pipermail/dev/2004-May/000327.html) which has been
> ported to OpenSwan 2.4 and a simple HOWTO explaining how to use it and
> configure to connect.
Having added a howto is very good too!
> It's far from beeing perfect so any suggestions are welcome. There are also
> many issues to address like the reauthentication problem and so on so don't
> expect it to be ultimate solution ;)
As far as I understood XAUTH connections in general have this problem and
should never rekey.
> Another question is whether it's possible to implement this functionality
> (this way or another) in mainstream OpenSwan?
It's been added to our queue for reviewing. Did you happen to run the UML
testsuite over a patched openswan to see what things your patch might have
One thing that worries me a bit is that the patch seems to touch
We would also most like would like to have this capability #ifdef'ed, so
that a Makefile.inc variable determines whether or not to build with
Hybrid Mode support. That would also limit any potential problems caused
by this patch.
More information about the Dev