Re: [strongSwan] xauth-pam

Mon, 09 Feb 2015 07:15:06 -0800 

Am 09.02.2015 um 15:42 schrieb Thomas Will:

hello list,

i switched from eap ikev2 to ikev1 xauth-pam and got this? :-(


root@quark:/etc# tail -f /var/log/syslog | egrep -C 2  "fail|erro"
Feb 9 15:35:31 quark charon: 00[LIB] plugin 'xauth-generic': loaded successfully Feb 9 15:35:31 quark charon: 00[DMN] xauth-pam plugin requires CAP_AUDIT_WRITE capability Feb 9 15:35:31 quark charon: 00[LIB] plugin 'xauth-pam': failed to load - xauth_pam_plugin_create returned NULL Feb 9 15:35:31 quark charon: 00[LIB] plugin 'addrblock': loaded successfully 
Feb  9 15:35:31 quark charon: 00[KNL] known interfaces and IP addresses:


-----


ipsec.secrets

10.10.10.10 %any : PSK sysadm
----
ipsec.conf
conn xauth
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev1
        left=10.10.10.10
        leftsubnet=192.168.240.0/21
        leftid=10.10.10.10
        leftauth=psk
        leftfirewall=yes
        right=%any
        rightauth=psk
        rightauth2=xauth-pam
        auto=add
-----

strongswan.conf

charon {
        load_modular = yes
        dh_exponent_ansi_x9_42 = no
        plugins {
                include strongswan.d/charon/*.conf
        }
}
include strongswan.d/*.conf

dpkg -l | grep strongswan | grep ii
ii libstrongswan 5.1.2-0ubuntu2.2 amd64 strongSwan utility and crypto library ii strongswan 5.1.2-0ubuntu2 all IPsec VPN solution metapackage ii strongswan-ike 5.1.2-0ubuntu2.2 amd64 strongSwan Internet Key Exchange (v2) daemon ii strongswan-plugin-openssl 5.1.2-0ubuntu2.2 amd64 strongSwan plugin for OpenSSL ii strongswan-plugin-xauth-generic 5.1.2-0ubuntu2.2 amd64 strongSwan plugin for the generic XAuth backend ii strongswan-plugin-xauth-pam 5.1.2-0ubuntu2.2 amd64 strongSwan plugin for XAuth backend using PAM ii strongswan-starter 5.1.2-0ubuntu2.2 amd64 strongSwan daemon starter and configuration file parser 






i found the problem ... it was apparmor ...

--
thomas will
- xinux e.K.- networking - security - consulting - training   -
- novell certified linux professional - lpi level 2 certified -
- fon 06332 44040  - fax 06332 899227  - mobil 0170 52 18 548  -
- 66482 zweibruecken - wichernstr. 18  - http://www.xinux.de  -
- Amtsgericht  -  Registergericht  -  Zweibruecken - HRA 1518 -

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to