[strongSwan] UNITY_SAVE_PASSWD not honoured?

Tom Griffin t.griffin at sheffield.ac.uk
Thu Sep 8 20:16:40 CEST 2016


Is it possible to log this as a bug?


On 14 July 2016 at 16:33, Tom Griffin <t.griffin at sheffield.ac.uk> wrote:

> Hi Tobias,
> I am personally testing with the Cisco VPN Client for Windows. But the
> same issue has been reported on iPhone and Mac OSX.
> I have tried using (and have confirmed from the debug output that
> the value has been loaded), but it still does not allow the client to save
> password, so it may require the 16-bit value as you suggested.
> I also tried (in case it was truncating) and for good
> measure, but neither worked.
> Thanks,
> Tom
> On 14 July 2016 at 14:40, Tobias Brunner <tobias at strongswan.org> wrote:
>> Hi Tom,
>> > I am successfully sending UNITY_* attrs to IKEv1 clients which support
>> > it, but the UNITY_SAVE_PASSWD option does not seem to be accepted
>> > correctly, it simply doesn't allow the client to save their password.
>> This has been discussed previously [1].  Basically the attr plugin only
>> supports IP addresses and strings.  So setting this to `yes` or `1`
>> (which is transmitted as 0x31) won't work.  If the clients accept 32-bit
>> numbers you could perhaps try as value.  But it's also possible
>> that the clients only accept the attribute in its short form (i.e. the
>> value is expected to be encoded in the 16-bit length field), which
>> neither the attr nor the attr-sql plugin supports.  The latter could be
>> used to send a 16-bit instead of a 32-bit attribute, though, so that
>> might also be something worth trying.
>> By the way, what clients are you testing with?
>> Regards,
>> Tobias
>> [1] https://lists.strongswan.org/pipermail/users/2011-November/
>> 002342.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160908/15897bd4/attachment.html>

More information about the Users mailing list