[strongSwan] XAuth Vendor ID

Andreas Steffen andreas.steffen at strongswan.org
Mon Mar 7 08:56:17 CET 2011 

---disable-xauth-vid will not disable strongSwan's XAUTH
capability. The option just suppresses the sending of
the Vendor ID.

Regards

Andreas

 On 07.03.2011 08:26, Brian Zhao - 赵宪鹏 wrote:
> Hi Andreas,
> 
> Loop group.
> 
> Thank you very much! I am using strongswan-4.2.8, defined
> authby=secret, I don't know why it will contain this XAUTH. Maybe on
> later version will OK. I also have some confuses, if I compiling with
> --disable-xauth-vid, does it means I also disable the XAUTH function?
> Then I configure authby=xauthpsk will cannot work well? If yes why we
> need XAUTH-vendor-id?
> 
> 
> Thanks!
> 
> Brian
> 
> -----Original Message----- From: Andreas Steffen
> [mailto:andreas.steffen at strongswan.org] Sent: 2011年3月7日 14:48 To:
> Brian Zhao - 赵宪鹏 Cc: users at lists.strongswan.org Subject: Re:
> [strongSwan] XAuth Vendor ID
> 
> Hi Brian,
> 
> strongSwan never sends XAUTH proposals on its own if you don't 
> explicitly define
> 
> authby=xauthrsasig or authby=xauthpsk
> 
> the default being authby=rsasig.
> 
> But if you think that your peer is disturbed by the XAUTH Vendor ID,
> you can suppress it by compiling strongSwan with the option
> 
> ./configure  --disable-xauth-vid
> 
> Best regards
> 
> Andreas
> 
> On 07.03.2011 03:40, Brian Zhao - 赵宪鹏 wrote:
>> Hi All,
>> 
>> I have met a problem when use strongswan connect to another VPN
>> device. Because strongswan will send a packet which contain
>> contains draft-beaulieu-ike-xauth-02.txt information in phase 1,
>> this information will cause other side check XAuth match and
>> feedback an error message “NO-PROPOSAL-CHOSEN”. So I want to check
>> you, it is strongswan’s problem or other side’s problem? Does the
>> other side should just ignore this XAuth Vendor ID? I think this
>> XAuth Vendor ID should not carry because I have not used XAuth. But
>> the other side also should don’t care this(indeed most of VPN
>> device did, only a few will check XAuth  when receive packet
>> contain draft-beaulieu-ike-xauth-02.txt)
>> 
>> Could any one can give me some suggestion or information about
>> this?
>> 
>> Thanks very much!
>> 
>> ===================
>> 
>> Best regards,
>> 
>> msn:brian_zhao1987 at hotmail.com
> 
> ======================================================================
>
> 
Andreas Steffen                         andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution!
> www.strongswan.org Institute for Internet Technologies and
> Applications University of Applied Sciences Rapperswil CH-8640
> Rapperswil (Switzerland) 
> ===========================================================[ITA-HSR]==


--
> 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list