[strongSwan] XAuth Vendor ID

Andreas Steffen andreas.steffen at strongswan.org
Mon Mar 7 07:47:46 CET 2011

Hi Brian,

strongSwan never sends XAUTH proposals on its own if you don't
explicitly define

  authby=xauthrsasig or authby=xauthpsk

the default being authby=rsasig.

But if you think that your peer is disturbed by the XAUTH
Vendor ID, you can suppress it by compiling strongSwan with
the option

  ./configure  --disable-xauth-vid

Best regards


On 07.03.2011 03:40, Brian Zhao - 赵宪鹏 wrote:
> Hi All,
> I have met a problem when use strongswan connect to another VPN device.
> Because strongswan will send a packet which contain contains
> draft-beaulieu-ike-xauth-02.txt information in phase 1, this information
> will cause other side check XAuth match and feedback an error message
> “NO-PROPOSAL-CHOSEN”. So I want to check you, it is strongswan’s problem
> or other side’s problem? Does the other side should just ignore this
> XAuth Vendor ID? I think this XAuth Vendor ID should not carry because I
> have not used XAuth. But the other side also should don’t care
> this(indeed most of VPN device did, only a few will check XAuth  when
> receive packet contain draft-beaulieu-ike-xauth-02.txt)
> Could any one can give me some suggestion or information about this?
> Thanks very much!
> ===================
> Best regards,
> msn:brian_zhao1987 at hotmail.com

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list