[strongSwan] UNITY_SAVE_PASSWD not honoured?
Chris Buechler
cbuechler at gmail.com
Sun Jul 10 03:11:14 CEST 2016
On Fri, Jul 8, 2016 at 2:33 AM, Tom Griffin <t.griffin at sheffield.ac.uk> wrote:
> Hello,
>
> I am successfully sending UNITY_* attrs to IKEv1 clients which support it,
> but the UNITY_SAVE_PASSWD option does not seem to be accepted correctly, it
> simply doesn't allow the client to save their password.
>
> /etc/strongswan.conf snippet;
>>
>> charon {
>> plugins {
>> include strongswan.d/charon/*.conf
>> attr {
>> # Banner
>> #28672 = "TEST BANNER"
>> # Allow password saving
>> 28673 = yes
>> # Search domain
>> 28674 = "sheffield.ac.uk"
>> }
>> }
>> }
>
>
> The banner message and search domains *do* work, but password saving
> doesn't. I've tried setting the option to both "1" and "yes" and neither
> seem to work, should it be set to a particular value for it to take effect?
>
I was never able to get the password saving to work with strongswan
either, though the other Unity attrs were working. Pretty sure there's
a bug there, but haven't yet had a chance to dig further into it to
confirm and get a bug ticket opened. Cisco's IPsec client on Windows,
and OS X and iOS's built in clients all exhibited the same behavior.
Connecting same clients to racoon with that option configured all
worked correctly.
More information about the Users
mailing list