[strongSwan] Help with UNITY_SAVE_PASSWD attribute
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Nov 29 22:44:18 CET 2011
Just for the records: I solved my problems and re-connect work now. The
problem was solved by using strongSwan 4.6.1 (make; make install).
I failed with Debian's 4.4.1-5.1 (re-connect failed) and Debian's
4.5.2-1.2 (no connect at all).
Anybody tried making Debian packets of 4.6.1? I failed ...
Thanks
Klaus
On 29.11.2011 00:09, Chris Zelenak wrote:
> Klaus,
>
> I haven't experienced that problem myself - I'm using strongSwan 4.6.1
> compiled with the following:
>
> ./configure --enable-mysql --enable-sql --enable-attr-sql
> --enable-cisco-quirks --enable-medsrv --enable-mediation --enable-medcli
> --enable-manager --enable-smp --with-group=vpn --enable-nat-transport
>
> some of that is absolutely nonessential to my working setup atm,
> realistically the most important things were --enable-cisco-quirks and
> --enable-nat-transport. The rest is just me playing around. :-) My
> ipsec.conf is posted earlier in this thread, if that ends up being any
> help - I've configured my VPN connections w/ the iPhone Configuration
> Utility from Apple - http://support.apple.com/kb/dl851, whose
> .mobileconfig files I've manually installed on the phone over HTTP.
>
> Chris Zelenak
>
>
> On Mon, Nov 28, 2011 at 5:46 PM, Klaus Darilion
> <klaus.mailinglists at pernau.at <mailto:klaus.mailinglists at pernau.at>> wrote:
>
> Hi Chris!
>
> Sorry for hijacking your thread - I recently setup strongSwan
> (4.4.1-5.2) and connecting with my iPhone works fine, but only on
> the first login. Further logins will fail and I have to restart
> strongSwan.
>
> I wonder if I am the only person with this problem or if you
> experience similar problems too.
>
> If you do not have this problem, which strongSwan version are you using?
>
> Thanks
> Klaus
>
>
>
> On 28.11.2011 05:31, Chris Zelenak wrote:
>
> Hi,
>
> I've been trying to send down the UNITY_SAVE_PASSWD attrib
> (28673) to an
> iPhone client to allow local client storage of the Xauth password. (
> iPhone client connecting w/ IPSEC XAuth + Cert, server compiled
> w/ cisco
> quirks ) I initially tried by loading the attr plugin and
> having the
> following block in my strongswan.conf:
>
> pluto {
> plugins {
> attr {
> 28672 = "pluto"
> 28673 = 1
> }
> }
> }
>
> Both the 28672 ( UNITY_BANNER ) and 28673 ( UNITY_SAVE_PASSWD )
> don't
> get picked up in the isakmp mode config sent back to the client
> - the
> server never sends them. ( I tried UNITY_BANNER just to debug
> if the
> attr plugin would pick it up at all ) Just to see if I could
> force it, I
> ended up inserting the following into src/pluto/modecfg.c :
>
> if (want_unity_banner)
> {
> ca = modecfg_attribute_create(__UNITY_BANNER,
>
> chunk_create(DEFAULT_UNITY___BANNER,
>
> strlen(DEFAULT_UNITY_BANNER)))__;
> ca_list->insert_last(ca_list, ca);
> }
> + ca = modecfg_attribute_create_tv(__UNITY_SAVE_PASSWD, 1);
> + ca_list->insert_last(ca_list, ca);
>
> Now the data /does/ get sent down, but the iPhone client doesn't
> seem to
> be acting on the UNITY_SAVE_PASSWD value - subsequent reconnection
> attempts still prompt me for a password. From what I've been able to
> tell looking around, 1 is the correct value to send down, but I
> dunno...
>
> If anyone could help me out in figuring out why:
>
> A) the attr plugin doesn't seem to be working
> and
> B) if I'm sending down the value incorrectly in my hack inside
> modecfg.c
>
> it would be much appreciated.
>
> Thanks,
>
> Chris Zelenak
>
>
>
> _________________________________________________
> Users mailing list
> Users at lists.strongswan.org <mailto:Users at lists.strongswan.org>
> https://lists.strongswan.org/__mailman/listinfo/users
> <https://lists.strongswan.org/mailman/listinfo/users>
>
>
>
More information about the Users
mailing list