[Openswan Users] Re: SonicWALL weirdness...
Paul Wouters
paul at xelerance.com
Wed Mar 8 16:51:20 CET 2006
On Wed, 8 Mar 2006, Francesco Peeters wrote:
> > What happens if you just do: ipsec auto --up group ?
> >
>
> OK, onlu tested it once so far, but:
> ipsec auto --down group
> ipsec auto --up group
> successfully restored the vpn connection this time... So far so good!
> I think the important bit - at least when using above commands - is that
> the XAuth info is not being cached:
That is correct. Openswan does not cache the username/password. Otherwise,
what would be the point of XAUTH? It is an additional user/password
credential. This is also the reason auto=start does not work. XAUTH connections
need to be loaded with auto=add and manually started with ipsec auto --up so
you can type in your username and password.
XAUTH connections can also not rekey. Any client that seems to rekey is really
setting up a new tunnel (eg clients on windows) and caching the user/password.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list