[Openswan Users] Renegotiation failure
Francesco Peeters
Francesco at FamPeeters.com
Mon Mar 20 08:31:05 CET 2006
On Fri, March 17, 2006 17:44, Snitgen, John said:
> Hello,
> I am using the line 'ipsec whack --name IPSecTest --xauthname <username>
> --xauthpass <password> --initiate' to bring up my IPsec tunnel and
> authenticate against a Radius server. I am getting this message when it
> attempts renegotiation:
>
> "XAUTH username requested, but no file descriptor available for prompt"
>
> Is there a fix for this?
>
> I'm running Linux 2.6.14.4, Openswan 2.4.4.
>
> TIA,
> John
Short answer:No
Long answer:
I am seeing the same issue (using IPsec on WiFi with SonicWALL) and
basically the developers' consensus seems to be that, because it is an
additional security level, OpenSWAN should *not* cache that data.
The 'correct workaround' would be a (GUI) client application that caches
the xauthdata and restarts the tunnel shortly before the old one expires.
There'd either need to be someone to write it - after which they'll
include it in the toolset - or a bounty for writing it.
I'd love to write such a GUI client (don't have the cash for a bounty) but
currently haven't got time to do so...
For the original thread and more details, check the mailman 'archives' for
the thread on SonicWALL weirdness earlier this month...
--
Francesco Peeters
----
GPG Key = AA69 E7C6 1D8A F148 160C D5C4 9943 6E38 D5E3 7704
If your program doesn't recognize my signature, please visit
http://www.CAcert.org/index.php?id=3 to retrieve the Root CA certificate.
More information about the Users
mailing list