[Openswan Users] Re: SonicWALL weirdness...
paul at xelerance.com
Fri Mar 10 06:17:42 CET 2006
On Thu, 9 Mar 2006, Francesco Peeters wrote:
[ xauth user/password caching ]
> Those are valid points, and I agree with the for the most part, but I
> would like to be able to cache the information for as long as the
> connection is not taken down manually...
> Right now I am forced to use a long key time (8h) for a type of connection
> that would usually have a much shorter keying time, just to keep it
> workable with my linux laptop.
I was going to suggest that as a solution, ues :)
> The Windoze machin (my wife's) running Global VPN Client *does* cache the
> XAuth data during the session (ie until taken down manually) and keeps
> working nicely, as it automatically re-authenticates using cached data. It
> is IMHO only a tiny concession on the security side for a huge improvement
> in the user-friendliness department...
Sure. the proper way to implement this is through a GUI app. Where the app
just 'ipsec auto --up conname' before the keylife expires. The app can then
cache the user/password.
If anyone wishes to write such an app, we will happilly bundle it in contrib/
or even package it as a sub package (that requires X)
Alternatively, if someone wishes to sponsor writing such an application,
contact me off-list.
Building and integrating Virtual Private Networks with Openswan:
More information about the Users