[strongSwan] XAuth Vendor ID

Brian Zhao - 赵宪鹏 Brian.Zhao at zyxel.cn
Mon Mar 7 08:26:56 CET 2011 

Hi Andreas,

Loop group.

Thank you very much!
I am using strongswan-4.2.8, defined authby=secret, I don't know why it will contain this XAUTH. Maybe on later version will OK.
I also have some confuses, if I compiling with --disable-xauth-vid, does it means I also disable the XAUTH function? Then I configure authby=xauthpsk will cannot work well? If yes why we need XAUTH-vendor-id? 


Thanks!

Brian

-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
Sent: 2011年3月7日 14:48
To: Brian Zhao - 赵宪鹏
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] XAuth Vendor ID

Hi Brian,

strongSwan never sends XAUTH proposals on its own if you don't
explicitly define

  authby=xauthrsasig or authby=xauthpsk

the default being authby=rsasig.

But if you think that your peer is disturbed by the XAUTH
Vendor ID, you can suppress it by compiling strongSwan with
the option

  ./configure  --disable-xauth-vid

Best regards

Andreas

On 07.03.2011 03:40, Brian Zhao - 赵宪鹏 wrote:
> Hi All,
> 
> I have met a problem when use strongswan connect to another VPN device.
> Because strongswan will send a packet which contain contains
> draft-beaulieu-ike-xauth-02.txt information in phase 1, this information
> will cause other side check XAuth match and feedback an error message
> “NO-PROPOSAL-CHOSEN”. So I want to check you, it is strongswan’s problem
> or other side’s problem? Does the other side should just ignore this
> XAuth Vendor ID? I think this XAuth Vendor ID should not carry because I
> have not used XAuth. But the other side also should don’t care
> this(indeed most of VPN device did, only a few will check XAuth  when
> receive packet contain draft-beaulieu-ike-xauth-02.txt)
> 
> Could any one can give me some suggestion or information about this?
> 
> Thanks very much!
> 
> ===================
> 
> Best regards,
> 
> msn:brian_zhao1987 at hotmail.com

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list