[Openswan Users] Re: SonicWALL weirdness...

Francesco Peeters Francesco at FamPeeters.com
Fri Mar 10 07:02:50 CET 2006


On Fri, March 10, 2006 6:17, Paul Wouters said:
> On Thu, 9 Mar 2006, Francesco Peeters wrote:
>> The Windoze machin (my wife's) running Global VPN Client *does* cache
>> the
>> XAuth data during the session (ie until taken down manually) and keeps
>> working nicely, as it automatically re-authenticates using cached data.
>> It
>> is IMHO only a tiny concession on the security side for a huge
>> improvement
>> in the user-friendliness department...
>
> Sure. the proper way to implement this is through a GUI app. Where the app
> just 'ipsec auto --up conname' before the keylife expires. The app can
> then
> cache the user/password.

I agree, that would be nice

>
> If anyone wishes to write such an app, we will happilly bundle it in
> contrib/
> or even package it as a sub package (that requires X)

I am very busy right now, but once I get some time on my hands, I may
attempt to build one...

Hmm, let's see:
I think that - to make it workable - it should support a --noX option at
the least, so that it would work for X and CLI users alike...
It should be able to parse the ipsec config file at least to offer a
choice of connections, and maybe - but not necessarily from the start -
even be able to write configurations based on GUI selections.

After that, an import/export/wizard for easily setting up both sides in a
compatible manner would be another nice feature, especially if that
included some interop choices, like the SonicWALL. (Cisco has it's own
specialized client out there, so that would not seem to be the right path
to follow, I think, but that should only be a bridge to cross once it's
reached. Suggestions for other 'wizards' would only become viable by then
as well, I think)

> Alternatively, if someone wishes to sponsor writing such an application,
> contact me off-list.

Cannot afford sponsoring right now, so my only possible contribution would
be building it myself, but not right now...   ;-p

-- 
Francesco Peeters
----
GPG Key = AA69 E7C6 1D8A F148 160C  D5C4 9943 6E38 D5E3 7704
If your program doesn't recognize my signature, please visit
http://www.CAcert.org/index.php?id=3 to retrieve the Root CA certificate.


More information about the Users mailing list