[strongSwan] Help with UNITY_SAVE_PASSWD attribute
netshade at gmail.com
Mon Nov 28 05:31:26 CET 2011
I've been trying to send down the UNITY_SAVE_PASSWD attrib (28673) to an
iPhone client to allow local client storage of the Xauth password. ( iPhone
client connecting w/ IPSEC XAuth + Cert, server compiled w/ cisco quirks )
I initially tried by loading the attr plugin and having the following
block in my strongswan.conf:
28672 = "pluto"
28673 = 1
Both the 28672 ( UNITY_BANNER ) and 28673 ( UNITY_SAVE_PASSWD ) don't get
picked up in the isakmp mode config sent back to the client - the server
never sends them. ( I tried UNITY_BANNER just to debug if the attr plugin
would pick it up at all ) Just to see if I could force it, I ended up
inserting the following into src/pluto/modecfg.c :
ca = modecfg_attribute_create(UNITY_BANNER,
+ ca = modecfg_attribute_create_tv(UNITY_SAVE_PASSWD, 1);
+ ca_list->insert_last(ca_list, ca);
Now the data /does/ get sent down, but the iPhone client doesn't seem to be
acting on the UNITY_SAVE_PASSWD value - subsequent reconnection attempts
still prompt me for a password. From what I've been able to tell looking
around, 1 is the correct value to send down, but I dunno...
If anyone could help me out in figuring out why:
A) the attr plugin doesn't seem to be working
B) if I'm sending down the value incorrectly in my hack inside modecfg.c
it would be much appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users