[strongSwan] Help with UNITY_SAVE_PASSWD attribute

Chris Zelenak netshade at gmail.com
Mon Nov 28 05:31:26 CET 2011


Hi,

I've been trying to send down the UNITY_SAVE_PASSWD attrib (28673) to an
iPhone client to allow local client storage of the Xauth password. ( iPhone
client connecting w/ IPSEC XAuth + Cert, server compiled w/ cisco quirks )
 I initially tried by loading the attr plugin and having the following
block in my strongswan.conf:

pluto {
   plugins {
     attr {
       28672 = "pluto"
       28673 = 1
     }
   }
}

Both the 28672 ( UNITY_BANNER ) and 28673 ( UNITY_SAVE_PASSWD ) don't get
picked up in the isakmp mode config sent back to the client - the server
never sends them.  ( I tried UNITY_BANNER just to debug if the attr plugin
would pick it up at all ) Just to see if I could force it, I ended up
inserting the following into src/pluto/modecfg.c :

        if (want_unity_banner)
        {
                ca = modecfg_attribute_create(UNITY_BANNER,

chunk_create(DEFAULT_UNITY_BANNER,

strlen(DEFAULT_UNITY_BANNER)));
                ca_list->insert_last(ca_list, ca);
        }
+        ca = modecfg_attribute_create_tv(UNITY_SAVE_PASSWD, 1);
+        ca_list->insert_last(ca_list, ca);

Now the data /does/ get sent down, but the iPhone client doesn't seem to be
acting on the UNITY_SAVE_PASSWD value - subsequent reconnection attempts
still prompt me for a password. From what I've been able to tell looking
around, 1 is the correct value to send down, but I dunno...

If anyone could help me out in figuring out why:

A) the attr plugin doesn't seem to be working
and
B) if I'm sending down the value incorrectly in my hack inside modecfg.c

it would be much appreciated.

Thanks,

Chris Zelenak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111127/f146fb18/attachment.html>


More information about the Users mailing list