[Openswan Users] XAUTH rekey fails with "no file descriptor available for prompt"

Ronald Moesbergen Ronald.Moesbergen at bkvision.nl
Sat Feb 5 13:24:08 CET 2005


Hi,

 

I have a VPN tunnel to a Cisco 3000 using XAUTH. The connection works
fine, but when it's time to rekey (after one hour), the following shows
up:

 

Feb  4 11:28:54 #15: sent AI2, ISAKMP SA established

Feb  4 11:28:54 #15: XAUTH: Bad Message: Enter Username and Password.

Feb  4 11:28:54 #15: XAUTH username requested, but no file descriptor
available for prompt

Feb  4 11:28:54 #15: sending encrypted notification
CERTIFICATE_UNAVAILABLE to x.x.x.x:500

Feb  4 11:29:04 #14: IPsec SA expired (LATEST!)

 

As you can see openswan needs the XAUTH username and password again, but
it tries to get it by prompting for it, which of course fails because
it's running in the background and there's no terminal (and no human)
available. I start this connection with the following command:

 

ipsec whack --initiate --name cisco --xauthname username --xauthpass
password

 

I'm using CVS-HEAD from last Thursday. Is there an option I should use
to make openswan remember the password so it can reuse it? 

 

Thanks,

Ronald.

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050205/cc539e99/attachment.htm


More information about the Users mailing list