XAUTH rekey fails with "no file descriptor available for prompt"
Ronald.Moesbergen at bkvision.nl
Sat Feb 5 13:24:08 CET 2005
I have a VPN tunnel to a Cisco 3000 using XAUTH. The connection works
fine, but when it's time to rekey (after one hour), the following shows
Feb 4 11:28:54 #15: sent AI2, ISAKMP SA established
Feb 4 11:28:54 #15: XAUTH: Bad Message: Enter Username and Password.
Feb 4 11:28:54 #15: XAUTH username requested, but no file descriptor
available for prompt
Feb 4 11:28:54 #15: sending encrypted notification
CERTIFICATE_UNAVAILABLE to x.x.x.x:500
Feb 4 11:29:04 #14: IPsec SA expired (LATEST!)
As you can see openswan needs the XAUTH username and password again, but
it tries to get it by prompting for it, which of course fails because
it's running in the background and there's no terminal (and no human)
available. I start this connection with the following command:
ipsec whack --initiate --name cisco --xauthname username --xauthpass
I'm using CVS-HEAD from last Thursday. Is there an option I should use
to make openswan remember the password so it can reuse it?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users