[strongSwan] Help with UNITY_SAVE_PASSWD attribute
Chris Zelenak
netshade at gmail.com
Mon Nov 28 05:31:26 CET 2011
Hi,
I've been trying to send down the UNITY_SAVE_PASSWD attrib (28673) to an
iPhone client to allow local client storage of the Xauth password. ( iPhone
client connecting w/ IPSEC XAuth + Cert, server compiled w/ cisco quirks )
I initially tried by loading the attr plugin and having the following
block in my strongswan.conf:
pluto {
plugins {
attr {
28672 = "pluto"
28673 = 1
}
}
}
Both the 28672 ( UNITY_BANNER ) and 28673 ( UNITY_SAVE_PASSWD ) don't get
picked up in the isakmp mode config sent back to the client - the server
never sends them. ( I tried UNITY_BANNER just to debug if the attr plugin
would pick it up at all ) Just to see if I could force it, I ended up
inserting the following into src/pluto/modecfg.c :
if (want_unity_banner)
{
ca = modecfg_attribute_create(UNITY_BANNER,
chunk_create(DEFAULT_UNITY_BANNER,
strlen(DEFAULT_UNITY_BANNER)));
ca_list->insert_last(ca_list, ca);
}
+ ca = modecfg_attribute_create_tv(UNITY_SAVE_PASSWD, 1);
+ ca_list->insert_last(ca_list, ca);
Now the data /does/ get sent down, but the iPhone client doesn't seem to be
acting on the UNITY_SAVE_PASSWD value - subsequent reconnection attempts
still prompt me for a password. From what I've been able to tell looking
around, 1 is the correct value to send down, but I dunno...
If anyone could help me out in figuring out why:
A) the attr plugin doesn't seem to be working
and
B) if I'm sending down the value incorrectly in my hack inside modecfg.c
it would be much appreciated.
Thanks,
Chris Zelenak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111127/f146fb18/attachment.html>
More information about the Users
mailing list