[strongSwan] xauth-pam

Thomas Will thomas.will at xinux.de
Mon Feb 9 15:42:52 CET 2015


hello list,

i switched from eap ikev2 to ikev1 xauth-pam and got this? :-(


root at quark:/etc# tail -f /var/log/syslog | egrep -C 2  "fail|erro"
Feb  9 15:35:31 quark charon: 00[LIB] plugin 'xauth-generic': loaded 
successfully
Feb  9 15:35:31 quark charon: 00[DMN] xauth-pam plugin requires 
CAP_AUDIT_WRITE capability
Feb  9 15:35:31 quark charon: 00[LIB] plugin 'xauth-pam': failed to load 
- xauth_pam_plugin_create returned NULL
Feb  9 15:35:31 quark charon: 00[LIB] plugin 'addrblock': loaded 
successfully
Feb  9 15:35:31 quark charon: 00[KNL] known interfaces and IP addresses:


-----


ipsec.secrets

10.10.10.10 %any : PSK sysadm
----
ipsec.conf
conn xauth
         ikelifetime=60m
         keylife=20m
         rekeymargin=3m
         keyingtries=1
         keyexchange=ikev1
         left=10.10.10.10
         leftsubnet=192.168.240.0/21
         leftid=10.10.10.10
         leftauth=psk
         leftfirewall=yes
         right=%any
         rightauth=psk
         rightauth2=xauth-pam
         auto=add
-----

strongswan.conf

charon {
         load_modular = yes
         dh_exponent_ansi_x9_42 = no
         plugins {
                 include strongswan.d/charon/*.conf
         }
}
include strongswan.d/*.conf

dpkg -l | grep strongswan | grep ii
ii  libstrongswan 5.1.2-0ubuntu2.2              amd64        strongSwan 
utility and crypto library
ii  strongswan 5.1.2-0ubuntu2                all          IPsec VPN 
solution metapackage
ii  strongswan-ike 5.1.2-0ubuntu2.2              amd64        strongSwan 
Internet Key Exchange (v2) daemon
ii  strongswan-plugin-openssl 5.1.2-0ubuntu2.2              amd64        
strongSwan plugin for OpenSSL
ii  strongswan-plugin-xauth-generic 5.1.2-0ubuntu2.2              
amd64        strongSwan plugin for the generic XAuth backend
ii  strongswan-plugin-xauth-pam 5.1.2-0ubuntu2.2              
amd64        strongSwan plugin for XAuth backend using PAM
ii  strongswan-starter 5.1.2-0ubuntu2.2              amd64        
strongSwan daemon starter and configuration file parser





-- 
thomas will
- xinux e.K.- networking - security - consulting - training   -
- novell certified linux professional - lpi level 2 certified -
- fon 06332 44040  - fax 06332 899227  - mobil 0170 52 18 548  -
- 66482 zweibruecken - wichernstr. 18  - http://www.xinux.de  -
- Amtsgericht  -  Registergericht  -  Zweibruecken - HRA 1518 -



More information about the Users mailing list