-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So I was working on trying to set up A/D integrated RADIUS authentication for XAUTH on our production gateway; pure pam systemauth authentication was working fine. However, at a certain point (without making any changes to libreswan config) the XAUTH connections stopped working entirely, and I haven't been able to resolve the issue.
All other tunnels (including L2TP roadwarriors) continue to work fine, but all incoming XAUTH connections fail at the point when the request for XAUTH credentials is made: Mar 16 11:24:07 yeggate pluto[21352]: "xauth-rsa"[1] 184.151.222.0 #15: XAUTH: Sending Username/Password request (XAUTH_R0) No response is received from the client (Shrew Soft VPN on Windows 7). I've restarted clients, restarted ipsec, deleted and re-added connection definitions, etc. all to no avail. The clients are able to connect to two other test setups on different networks with no difficulty, and I can find no relevant differences configuration-wise. I tried setting xauthby to "alwaysok" but the behaviour is the same. I'm leaning toward some odd kernel state which might be resolved by a reboot, but it's our production gateway and that will be problematic. In the event anyone has any other ideas, I'm game to try them... LibreSWAN 3.19 running on CentOS 6, by the way. - ---- Nels Lindquist <[email protected]> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAljKy9EACgkQh6z5POoOLgSKJACfd42Rd0ihNjyqNH8s2q98Ys6V AqMAn2OdCQ0roHobGKyyhptDtOK9QZy/ =TJOT -----END PGP SIGNATURE----- _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
