[Openswan Users] Renegotiation failure

Francesco Peeters Francesco at FamPeeters.com
Mon Mar 20 08:31:05 CET 2006

On Fri, March 17, 2006 17:44, Snitgen, John said:
> Hello,
> I am using the line 'ipsec whack --name IPSecTest --xauthname <username>
> --xauthpass <password> --initiate' to bring up my IPsec tunnel and
> authenticate against a Radius server.  I am getting this message when it
> attempts renegotiation:
> "XAUTH username requested, but no file descriptor available for prompt"
> Is there a fix for this?
> I'm running Linux, Openswan 2.4.4.
> TIA,
> John

Short answer:No

Long answer:
I am seeing the same issue (using IPsec on WiFi with SonicWALL) and
basically the developers' consensus seems to be that, because it is an
additional security level, OpenSWAN should *not* cache that data.
The 'correct workaround'  would be a (GUI) client application that caches
the xauthdata and restarts the tunnel shortly before the old one expires.
There'd either need to be someone to write it - after which they'll
include it in the toolset - or a bounty for writing it.

I'd love to write such a GUI client (don't have the cash for a bounty) but
currently haven't got time to do so...

For the original thread and more details, check the mailman 'archives' for
the thread on SonicWALL weirdness earlier this month...

Francesco Peeters
GPG Key = AA69 E7C6 1D8A F148 160C  D5C4 9943 6E38 D5E3 7704
If your program doesn't recognize my signature, please visit
http://www.CAcert.org/index.php?id=3 to retrieve the Root CA certificate.

More information about the Users mailing list