According to /etc/strongswan.conf, which includes all the *conf files in /etc/strongswan.d/charon/ I *should* be loading up the contents of /etc/strongswan.d/charon/xauth-pam.conf which are root@vpn:/etc/strongswan.d/charon# more xauth-pam.conf xauth-pam {
# Whether to load the plugin. Can also be an integer to increase the # priority of this plugin. load = yes # PAM service to be used for authentication. pam_service = login # Open/close a PAM session for each active IKE_SA. session = no # If an email address is received as an XAuth username, trim it to just the # username part. trim_email = yes } However, ipsec statusall gives me loaded plugins: charon test-vectors ldap aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-mschapv2 eap-radius xauth-generic addrblock No xauth-pam :-/ Which unless I'm mistaken (possible!) is why I get Sep 16 14:44:46 c09-44 charon: 08[IKE] activating XAUTH task Sep 16 14:44:46 c09-44 charon: 08[CFG] no XAuth method found for 'pam' in a hybrid rsa configuration when i try to use rightauth=xauth-pam as described here https://wiki.strongswan.org/projects/strongswan/wiki/XAuthPam How do I get strongswan to load this module in? This page https://wiki.strongswan.org/projects/strongswan/wiki/PluginList kind of suggests I'd have to recompile strongswan. I'm really hoping I don't have to! _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users