[strongSwan] UNITY_SAVE_PASSWD not honoured?

Chris Buechler cbuechler at gmail.com
Sun Jul 10 03:11:14 CEST 2016

On Fri, Jul 8, 2016 at 2:33 AM, Tom Griffin <t.griffin at sheffield.ac.uk> wrote:
> Hello,
> I am successfully sending UNITY_* attrs to IKEv1 clients which support it,
> but the UNITY_SAVE_PASSWD option does not seem to be accepted correctly, it
> simply doesn't allow the client to save their password.
> /etc/strongswan.conf snippet;
>> charon {
>>         plugins {
>>                 include strongswan.d/charon/*.conf
>>                 attr {
>>                         # Banner
>>                         #28672 = "TEST BANNER"
>>                         # Allow password saving
>>                         28673 = yes
>>                         # Search domain
>>                         28674 = "sheffield.ac.uk"
>>                 }
>>         }
>> }
> The banner message and search domains *do* work, but password saving
> doesn't. I've tried setting the option to both "1" and "yes" and neither
> seem to work, should it be set to a particular value for it to take effect?

I was never able to get the password saving to work with strongswan
either, though the other Unity attrs were working. Pretty sure there's
a bug there, but haven't yet had a chance to dig further into it to
confirm and get a bug ticket opened. Cisco's IPsec client on Windows,
and OS X and iOS's built in clients all exhibited the same behavior.
Connecting same clients to racoon with that option configured all
worked correctly.

More information about the Users mailing list