Gecko [ 122.154.134.11 ]

Name	Size	Permission
examples	[ DIR ]	drwxr-xr-x
opportunistic-v1.historic	[ DIR ]	drwxr-xr-x
CHANGES	44.74 KB	-rw-r--r--
CHANGES.freeswan.pluto	39.58 KB	-rw-r--r--
CHANGES.openswan	71.93 KB	-rw-r--r--
COPYING	17.57 KB	-rw-r--r--
CREDITS	867 B	-rw-r--r--
CREDITS.freeswan	2.88 KB	-rw-r--r--
CREDITS.openswan	2.38 KB	-rw-r--r--
LICENSE	1023 B	-rw-r--r--
PlutoFlow.png	35.25 KB	-rw-r--r--
PlutoFlow.svg	25.92 KB	-rw-r--r--
ProgrammingConventions.txt	5.3 KB	-rw-r--r--
README	7.42 KB	-rw-r--r--
README.IANA-PEN	214 B	-rw-r--r--
README.KLIPS	5.84 KB	-rw-r--r--
README.OCF	39 B	-rw-r--r--
README.XAUTH	2.71 KB	-rw-r--r--
README.labeledipsec	146 B	-rw-r--r--
README.nss	10.38 KB	-rw-r--r--
README.rfcs	6.97 KB	-rw-r--r--
README.x509	61 B	-rw-r--r--
ipsec.html	57.27 KB	-rw-r--r--
ipsecsaref.png	159.75 KB	-rw-r--r--
l2tp-overhead.txt	93 B	-rw-r--r--
libreswan-sysctl.conf	525 B	-rw-r--r--
nss-howto.txt	4.05 KB	-rw-r--r--
pluto-internals.txt	14.47 KB	-rw-r--r--
win2k-notes.txt	3.09 KB	-rw-r--r--
windows-cross-compile.txt	3.91 KB	-rw-r--r--

Code Editor : README.XAUTH

XAUTH Server Support

Based on FlexS/WAN code from Colubris Networks (www.colubris.com)
Ported to Openswan by Xelerance (www.xelerance.com)

Sponsored by Astaro AG (www.astaro.com)
Ported to OpenSwan by Sean Mathews Nu Tech Software (www.nutech.com)
   Also added MD5/DES password file support and reworked the PAM code.

XAUTH server code rewritten for Openswan 2.1.0 to permit both client
and server side code. Many changes, most visible to user.

Threading fixed by Philippe Vouters in Libreswan

Addresspool support added by Antony Antony in Libreswan

Installation:

1.  If you want to be able to yse PAM to authenticate XAUTH users, you need
    to also set USE_XAUTHPAM=true in Makefile.inc.

2.  Build & Install as normal.
3.  If you compiled with PAM then 'make install' will install the
    /etc/pam.d/pluto policy file for pam authentication.

5.  If you choose the password file then create /etc/ipsec.d/passwd
    with the following format.

userid:password:conname

comments are allowed by putting a '#' as the first character of any
    line. You can allow a user access to any connection class in ipsec.conf
    by leaving the last field of the password file blank or '*', or set this
    field to the connection name in your ipsec.conf that you wish this person
    to have access.

Note:
    The crypt() call is used for passwords. This means you can have DES,
    MD5, SHA1 and SHA256 hashed passwords. In FIPS mode, DES and MD5 will
    not be available, so it is recommended not to use those.
    Some of these can be generated by any typical htpasswd utility.
    If you need to use DES, use htpasswd -d instead of htpasswd -m

Configuration:

One way to use XAUTH is to have a single shared secret (PSK) for
all road warriors.  This is not the best, but it does work.

Configure as normal in /etc/ipsec.secrets  - eg:

0.0.0.0 1.2.3.4	: PSK "a secret for the xauth users"

On your conn block, simply add "{left|right}xauthserver=yes"
to enable XAUTH, and "{right|left}xauthclient=yes" for the client side.

Client Configurations - these assume you already have a working
non-XAUTH connection setup.  These are tested and known to work.

SSH Sentinel 1.4.1

Note: 1.4.0 has a bug where it will only propose Single DES,
even if Single DES is disabled.  Please upgrade to 1.4.1

1.	On the Rule Properties page, enabled Extended Authentication.
2.	Click [Settings], and check "Use authentication method types"
3.	Optionally set it to save your login information.

SafeNet SoftRemote LT 10.0

1.	In Security Policy Editor, open your connection.
2.	Expand Authentication (Phase 1)
3.	Click on Proposal, and set the Authentication Method to
	"Pre-Shared Key; Extended Authentication"

Note: SoftRemote does not let you save your Username and Password.

${this.title}

Code Editor : README.XAUTH