Modify

Opened 6 years ago

Last modified 4 years ago

#10291 new enhancement

racoon xauth from local file

Reported by: birnenschnitzel Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: ipsec-tools xauth Cc:

Description

Hello,

in the last weeks I created some documentation about OpenWrt and IPsec VPN with ipsec-tools. The next article in this series will be a roadwarrior configuration using hybrid authentication (RSA or PSK with xauth). Sadly there exists no easy way to implement a user database that could be controlled by UCI mechanisms. racoon only supports /etc/passwd or external authentication mechanisms (LDAP, ...).

I have attached a patch to this message that can be implemented into ipsec-tools so that racoon is able to verify user and password against a plain text file. This file can be generated upon startup from a UCI config file. It was tested in a native linux x86 environment.

The patch works as follows:

  • racoon has to be set to system authentication.
  • if /var/racoon/xauthuser.txt exists its contents will interpreted as a list of users and passwords. Access is granted if user/password combination is found. If not, authentication process is aborted. /etc/passwd is not evaluated.
  • if the file does not exist the normal system authentication takes place.

Being very uncertain of how to cross compile ipsec-tools with this patch for my DIR-825 (ar71xx) I want to ask, if someone could help me out. Either giving hints or providing a precompiled package with my patch.

Thanks in advance.

Attachments (1)

diff-xauth.patch (1.0 KB) - added by birnenschnitzel 6 years ago.
racoon patch

Download all attachments as: .zip

Change History (2)

Changed 6 years ago by birnenschnitzel

racoon patch

comment:1 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.