[strongSwan] Help with UNITY_SAVE_PASSWD attribute

Tobias Brunner tobias at strongswan.org
Mon Nov 28 23:01:31 CET 2011


Hi Chris,

> With this config, w/ and w/o UNITY_SAVE_PASSWD, I get prompted for XAuth
> credentials on each VPN connect. The VPN connection is added through a
> .mobileconfig file, using VPN on demand on the iOS side.

Ah, I didn't know this feature and I never actually used Apple's
configuration utility.  My tests were with a configuration created
directly on the phone (which has no option to configure VPN on demand).
 Anyway, it seems the client behaves differently if the config is
created on the phone than if it is created with the configuration
utility.  I found a (german) tutorial describing how to configure a VPN
connection using said tool, which also offers a solution to store the
XAuth password [1].  It roughly translates to this:  "Instead of
transferring the config with the configuration utility directly to the
phone, export it as file and import that file via email on the phone.
(That's probably something you already did as the export results in a
.mobileconfig file).  Before sending the config to the phone, edit the
XML file, search for the XAuthName entry and add the following two lines
after it:

  <key>XAuthPassword</key>
  <string>yourpassword</string>

As opening the patched .mobileconfig file in the configuration utility
would remove the added lines, the file has to be transferred to the
phone via email."

I did not try this, so I'm not sure if it works.  Of course, this also
doesn't answer the question why UNITY_SAVE_PASSWD does not work, or if
it is even supported by iOS.

Regards,
Tobias

[1] http://www.apfeltalk.de/forum/tutorial-vpn-demand-t335026.html




More information about the Users mailing list