[strongSwan] Help with UNITY_SAVE_PASSWD attribute

Chris Zelenak netshade at gmail.com
Mon Nov 28 19:23:26 CET 2011


Tobias,

This is with an iPhone 4S on iOS 5.0.1 - just in case this is an issue w/
my VPN config, I'm including my setup below:

config setup
charonstart=no
 plutostart=yes
plutodebug=all
plutostderrlog=/var/log/pluto.log
 nat_traversal=yes

conn iphone
modeconfig=pull
type=tunnel
 installpolicy=yes
auto=add
keyexchange=ikev1
        ike=aes128-md5-modp1024
        esp=aes128-md5
        forceencaps=yes
dpdaction=clear
authby=xauthrsasig
 xauth=server
pfs=no
leftcert=<server cert>
        leftid="C=US, ST=IN, L=Indianapolis, O=blah, CN=<server hostname>"
left=<server hostname>
leftsourceip=10.0.1.1
 leftsubnet=0.0.0.0/0
right=%any
rightid="C=US, ST=IN, L=Indianapolis, O=blah, CN=<client cn>"
 rightsourceip=10.0.1.2/8
rightcert=<client cert>

( with the qualification that there's a lot in this config that I got to
work through hacky trial and error, and that I most definitely do not
understand every option in this config )

With this config, w/ and w/o UNITY_SAVE_PASSWD, I get prompted for XAuth
credentials on each VPN connect. The VPN connection is added through a
.mobileconfig file, using VPN on demand on the iOS side.

Chris Zelenak

On Mon, Nov 28, 2011 at 1:08 PM, Tobias Brunner <tobias at strongswan.org>wrote:

> Hi Chris,
>
> which iOS version do you use on your device?  Because I just tried how
> the VPN client behaves on an iPhone 3GS with iOS 5.0.1.  And well, I can
> save the password even without sending UNITY_SAVE_PASSWD (I did not try
> what happens if I do, actually).
>
> > https://discussions.apple.com/thread/2390965?start=0&tstart=0
>
> Since this thread was started quite a while ago and refers to iOS 3.x up
> to 4.0 I guess Apple changed their client's behavior in the mean time.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20111128/d8b97fa0/attachment.html>


More information about the Users mailing list