[Openswan Users] Re: SonicWALL weirdness...

Paul Wouters paul at xelerance.com
Fri Mar 10 06:17:42 CET 2006

On Thu, 9 Mar 2006, Francesco Peeters wrote:

[ xauth user/password caching ]

> Those are valid points, and I agree with the for the most part, but I
> would like to be able to cache the information for as long as the
> connection is not taken down manually...

> Right now I am forced to use a long key time (8h) for a type of connection
> that would usually have a much shorter keying time, just to keep it
> workable with my linux laptop.

I was going to suggest that as a solution, ues :)

> The Windoze machin (my wife's) running Global VPN Client *does* cache the
> XAuth data during the session (ie until taken down manually) and keeps
> working nicely, as it automatically re-authenticates using cached data. It
> is IMHO only a tiny concession on the security side for a huge improvement
> in the user-friendliness department...

Sure. the proper way to implement this is through a GUI app. Where the app
just 'ipsec auto --up conname' before the keylife expires. The app can then
cache the user/password.

If anyone wishes to write such an app, we will happilly bundle it in contrib/
or even package it as a sub package (that requires X)
Alternatively, if someone wishes to sponsor writing such an application,
contact me off-list.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list