[strongSwan] XAuth with interactive authentication?

Martin Willi martin at strongswan.org
Tue Sep 23 10:57:01 CEST 2014

Hi Alexander,

> Is it possible to use XAuth not with secrets file, but with 
> interactive credentials request from user? Is there any interfaces for 
> that?

I assume you refer to the client that initiates a connection?

When using an ipsec.conf configuration, you may use the "ipsec stroke
user-creds" commands to set a username/password for a connection before
initiating it.

For a more interactive prompt, you may consider using charon-cmd [1],
which by default prompts for XAuth or EAP credentials. Other client
specific frontends, such as the NetworkManager plugin or our OS X
client, do this in a similar way.

>  Maybe something planned in VICI?

You can configure credentials at any time using vici, and also clear
them (all). A credential request mechanism, where the daemon asks a
connected vici client for an XAuth password, is currently not



More information about the Users mailing list