[strongSwan] Help with UNITY_SAVE_PASSWD attribute

Klaus Darilion klaus.mailinglists at pernau.at
Mon Nov 28 23:46:29 CET 2011 

Hi Chris!

Sorry for hijacking your thread - I recently setup strongSwan 
(4.4.1-5.2) and connecting with my iPhone works fine, but only on the 
first login. Further logins will fail and I have to restart strongSwan.

I wonder if I am the only person with this problem or if you experience 
similar problems too.

If you do not have this problem, which strongSwan version are you using?

Thanks
Klaus


On 28.11.2011 05:31, Chris Zelenak wrote:
> Hi,
>
> I've been trying to send down the UNITY_SAVE_PASSWD attrib (28673) to an
> iPhone client to allow local client storage of the Xauth password. (
> iPhone client connecting w/ IPSEC XAuth + Cert, server compiled w/ cisco
> quirks )  I initially tried by loading the attr plugin and having the
> following block in my strongswan.conf:
>
> pluto {
>     plugins {
>       attr {
>         28672 = "pluto"
>         28673 = 1
>       }
>     }
> }
>
> Both the 28672 ( UNITY_BANNER ) and 28673 ( UNITY_SAVE_PASSWD ) don't
> get picked up in the isakmp mode config sent back to the client - the
> server never sends them.  ( I tried UNITY_BANNER just to debug if the
> attr plugin would pick it up at all ) Just to see if I could force it, I
> ended up inserting the following into src/pluto/modecfg.c :
>
>          if (want_unity_banner)
>          {
>                  ca = modecfg_attribute_create(UNITY_BANNER,
>
>    chunk_create(DEFAULT_UNITY_BANNER,
>
>    strlen(DEFAULT_UNITY_BANNER)));
>                  ca_list->insert_last(ca_list, ca);
>          }
> +        ca = modecfg_attribute_create_tv(UNITY_SAVE_PASSWD, 1);
> +        ca_list->insert_last(ca_list, ca);
>
> Now the data /does/ get sent down, but the iPhone client doesn't seem to
> be acting on the UNITY_SAVE_PASSWD value - subsequent reconnection
> attempts still prompt me for a password. From what I've been able to
> tell looking around, 1 is the correct value to send down, but I dunno...
>
> If anyone could help me out in figuring out why:
>
> A) the attr plugin doesn't seem to be working
> and
> B) if I'm sending down the value incorrectly in my hack inside modecfg.c
>
> it would be much appreciated.
>
> Thanks,
>
> Chris Zelenak
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list