[strongSwan] UNITY_SAVE_PASSWD not honoured?

Tom Griffin t.griffin at sheffield.ac.uk
Thu Jul 14 17:33:00 CEST 2016


Hi Tobias,

I am personally testing with the Cisco VPN Client for Windows. But the same
issue has been reported on iPhone and Mac OSX.

I have tried using 0.0.0.1 (and have confirmed from the debug output that
the value has been loaded), but it still does not allow the client to save
password, so it may require the 16-bit value as you suggested.

I also tried 0.1.0.0 (in case it was truncating) and 1.1.1.1 for good
measure, but neither worked.

Thanks,
Tom

On 14 July 2016 at 14:40, Tobias Brunner <tobias at strongswan.org> wrote:

> Hi Tom,
>
> > I am successfully sending UNITY_* attrs to IKEv1 clients which support
> > it, but the UNITY_SAVE_PASSWD option does not seem to be accepted
> > correctly, it simply doesn't allow the client to save their password.
>
> This has been discussed previously [1].  Basically the attr plugin only
> supports IP addresses and strings.  So setting this to `yes` or `1`
> (which is transmitted as 0x31) won't work.  If the clients accept 32-bit
> numbers you could perhaps try 0.0.0.1 as value.  But it's also possible
> that the clients only accept the attribute in its short form (i.e. the
> value is expected to be encoded in the 16-bit length field), which
> neither the attr nor the attr-sql plugin supports.  The latter could be
> used to send a 16-bit instead of a 32-bit attribute, though, so that
> might also be something worth trying.
>
> By the way, what clients are you testing with?
>
> Regards,
> Tobias
>
> [1] https://lists.strongswan.org/pipermail/users/2011-November/002342.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160714/cbb5d621/attachment.html>


More information about the Users mailing list