[strongSwan] xauth-pam

Thomas Will thomas.will at xinux.de
Mon Feb 9 16:13:54 CET 2015 

Am 09.02.2015 um 15:42 schrieb Thomas Will:
> hello list,
>
> i switched from eap ikev2 to ikev1 xauth-pam and got this? :-(
>
>
> root at quark:/etc# tail -f /var/log/syslog | egrep -C 2  "fail|erro"
> Feb  9 15:35:31 quark charon: 00[LIB] plugin 'xauth-generic': loaded 
> successfully
> Feb  9 15:35:31 quark charon: 00[DMN] xauth-pam plugin requires 
> CAP_AUDIT_WRITE capability
> Feb  9 15:35:31 quark charon: 00[LIB] plugin 'xauth-pam': failed to 
> load - xauth_pam_plugin_create returned NULL
> Feb  9 15:35:31 quark charon: 00[LIB] plugin 'addrblock': loaded 
> successfully
> Feb  9 15:35:31 quark charon: 00[KNL] known interfaces and IP addresses:
>
>
> -----
>
>
> ipsec.secrets
>
> 10.10.10.10 %any : PSK sysadm
> ----
> ipsec.conf
> conn xauth
>         ikelifetime=60m
>         keylife=20m
>         rekeymargin=3m
>         keyingtries=1
>         keyexchange=ikev1
>         left=10.10.10.10
>         leftsubnet=192.168.240.0/21
>         leftid=10.10.10.10
>         leftauth=psk
>         leftfirewall=yes
>         right=%any
>         rightauth=psk
>         rightauth2=xauth-pam
>         auto=add
> -----
>
> strongswan.conf
>
> charon {
>         load_modular = yes
>         dh_exponent_ansi_x9_42 = no
>         plugins {
>                 include strongswan.d/charon/*.conf
>         }
> }
> include strongswan.d/*.conf
>
> dpkg -l | grep strongswan | grep ii
> ii  libstrongswan 5.1.2-0ubuntu2.2              amd64 strongSwan 
> utility and crypto library
> ii  strongswan 5.1.2-0ubuntu2                all          IPsec VPN 
> solution metapackage
> ii  strongswan-ike 5.1.2-0ubuntu2.2              amd64 strongSwan 
> Internet Key Exchange (v2) daemon
> ii  strongswan-plugin-openssl 5.1.2-0ubuntu2.2 amd64        strongSwan 
> plugin for OpenSSL
> ii  strongswan-plugin-xauth-generic 5.1.2-0ubuntu2.2 amd64        
> strongSwan plugin for the generic XAuth backend
> ii  strongswan-plugin-xauth-pam 5.1.2-0ubuntu2.2 amd64        
> strongSwan plugin for XAuth backend using PAM
> ii  strongswan-starter 5.1.2-0ubuntu2.2              amd64 strongSwan 
> daemon starter and configuration file parser
>
>
>
>
>
i found the problem ... it was apparmor ...

-- 
thomas will
- xinux e.K.- networking - security - consulting - training   -
- novell certified linux professional - lpi level 2 certified -
- fon 06332 44040  - fax 06332 899227  - mobil 0170 52 18 548  -
- 66482 zweibruecken - wichernstr. 18  - http://www.xinux.de  -
- Amtsgericht  -  Registergericht  -  Zweibruecken - HRA 1518 -

More information about the Users mailing list