-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anything else I can provide for troubleshooting? Pluto logs, etc.? Any suggestions?
- ---- Nels Lindquist <[email protected]> On 2017/03/16 11:30 AM, Nels Lindquist wrote: > So I was working on trying to set up A/D integrated RADIUS > authentication for XAUTH on our production gateway; pure pam > systemauth authentication was working fine. However, at a certain > point (without making any changes to libreswan config) the XAUTH > connections stopped working entirely, and I haven't been able to > resolve the issue. > > All other tunnels (including L2TP roadwarriors) continue to work > fine, but all incoming XAUTH connections fail at the point when the > request for XAUTH credentials is made: > > Mar 16 11:24:07 yeggate pluto[21352]: "xauth-rsa"[1] 184.151.222.0 > #15: XAUTH: Sending Username/Password request (XAUTH_R0) > > No response is received from the client (Shrew Soft VPN on Windows > 7). > > I've restarted clients, restarted ipsec, deleted and re-added > connection definitions, etc. all to no avail. The clients are able > to connect to two other test setups on different networks with no > difficulty, and I can find no relevant differences > configuration-wise. I tried setting xauthby to "alwaysok" but the > behaviour is the same. > > I'm leaning toward some odd kernel state which might be resolved by > a reboot, but it's our production gateway and that will be > problematic. In the event anyone has any other ideas, I'm game to > try them... > > LibreSWAN 3.19 running on CentOS 6, by the way. > > ---- Nels Lindquist <[email protected]> > _______________________________________________ Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAljRYY0ACgkQh6z5POoOLgQBZgCfa9BwFARLN76BpZXF3gUu0buk uToAn1r6vmYVlIX8pSbApo4/Ul5oyNiw =jOXk -----END PGP SIGNATURE----- _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
