[strongSwan] xauth-pam and ip address

Tobias Brunner tobias at strongswan.org
Mon Jul 17 13:18:17 CEST 2017

Hi Mike,

> (The problem)
> /var/log/secure
> 2017-07-14T18:13:46.537632+00:00 transit-pvd-tunnel-2 charon:
> pam_console(ipsec:session): getpwnam failed for
> 2017-07-14T18:13:46.537793+00:00 transit-pvd-tunnel-2 charon:
> pam_unix(ipsec:session): session closed for user

I don't think that's directly related to the error here:

> 2017-07-14T18:23:19.681129+00:00 transit-pvd-tunnel-2 charon: 06[IKE]
> XAuth pam_authenticate for 'losapio' failed: Authentication failure
> 2017-07-14T18:23:19.681588+00:00 transit-pvd-tunnel-2 charon: 06[IKE]
> XAuth authentication of 'losapio' failed

As the log message says this is logged because pam_authenticate()
failed.  At that point the user name that's logged is used, together
with the received password.  So either of these things are incorrect (or
your PAM setup).

The error above might be logged when the IKE_SA is destroyed with a call
to pam_close_session().  As the XAuth user name has never been set (no
successful authentication) the previous identity will be used here,
which is the client's IP address used during the PSK authentication.


More information about the Users mailing list