[strongSwan] Prompting for Credentials with strongswan 5

Tobias Brunner tobias at strongswan.org
Tue Sep 18 16:58:21 CEST 2012

Hi Gerald, Martin,

>> What I would like to have, is that the user gets ask for username _and_
>> password (maybe with some default username already filled in). Is it
>> possible to supply the username via the credential manager or can it
>> only be changed in the config, so I have to do it upfront?
> Usually the different identities are part of the configuration. When you
> use configurations from ipsec.conf, you currently can't change them
> dynamically. 

That's not entirely true. There is a (slightly hackish) feature of
stroke that allows you to set username and password for configs that are
configured for EAP or XAuth (only with [1] or the upcoming 5.0.1)
authentication (e.g. with leftauth=eap):

  ipsec stroke user-creds <conn> <username> [<password>]

If the password is not given on the command line the user is prompted
for it.  The username is not optional, so you'd have to prompt the user
yourself to get that (and since it uses the stroke socket, root
permission is required to execute this command).  And it only works if
executed before the connection is started with ipsec up <conn>.


[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=8c19323c

More information about the Users mailing list