[Openswan Users] MODECFG

[Marcus Leech]

I noticed that in the MODECFG code, client-side address allocation is 
only done
  if you have the XAUTH_PAM code loaded.  Why is that?

Also, is it possible to use MODECFG, but still authenticate the end-user
  with certificates?

It seems to me that the get_internal_addresses() code could reasonably 
have other
  allocation strategies than going through PAM, like DHCP, or a 
configuration
  file containing an "address pool".