[strongSwan] XAuth Vendor ID
Andreas Steffen
andreas.steffen at strongswan.org
Mon Mar 7 07:47:46 CET 2011
Hi Brian,
strongSwan never sends XAUTH proposals on its own if you don't
explicitly define
authby=xauthrsasig or authby=xauthpsk
the default being authby=rsasig.
But if you think that your peer is disturbed by the XAUTH
Vendor ID, you can suppress it by compiling strongSwan with
the option
./configure --disable-xauth-vid
Best regards
Andreas
On 07.03.2011 03:40, Brian Zhao - 赵宪鹏 wrote:
> Hi All,
>
> I have met a problem when use strongswan connect to another VPN device.
> Because strongswan will send a packet which contain contains
> draft-beaulieu-ike-xauth-02.txt information in phase 1, this information
> will cause other side check XAuth match and feedback an error message
> “NO-PROPOSAL-CHOSEN”. So I want to check you, it is strongswan’s problem
> or other side’s problem? Does the other side should just ignore this
> XAuth Vendor ID? I think this XAuth Vendor ID should not carry because I
> have not used XAuth. But the other side also should don’t care
> this(indeed most of VPN device did, only a few will check XAuth when
> receive packet contain draft-beaulieu-ike-xauth-02.txt)
>
> Could any one can give me some suggestion or information about this?
>
> Thanks very much!
>
> ===================
>
> Best regards,
>
> msn:brian_zhao1987 at hotmail.com
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list