[Openswan Users] Re: SonicWALL weirdness...

Paul Wouters paul at xelerance.com
Wed Mar 8 16:51:20 CET 2006

On Wed, 8 Mar 2006, Francesco Peeters wrote:

> > What happens if you just do: ipsec auto --up group ?
> >
> OK, onlu tested it once so far, but:
> ipsec auto --down group
> ipsec auto --up group
> successfully restored the vpn connection this time... So far so good!

> I think the important bit - at least when using above commands - is that
> the XAuth info is not being cached:

That is correct. Openswan does not cache the username/password. Otherwise,
what would be the point of XAUTH? It is an additional user/password
credential. This is also the reason auto=start does not work. XAUTH connections
need to be loaded with auto=add and manually started with ipsec auto --up so
you can type in your username and password.
XAUTH connections can also not rekey. Any client that seems to rekey is really
setting up a new tunnel (eg clients on windows) and caching the user/password.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list