[strongSwan] UNITY_SAVE_PASSWD not honoured?
t.griffin at sheffield.ac.uk
Thu Sep 8 20:16:40 CEST 2016
Is it possible to log this as a bug?
On 14 July 2016 at 16:33, Tom Griffin <t.griffin at sheffield.ac.uk> wrote:
> Hi Tobias,
> I am personally testing with the Cisco VPN Client for Windows. But the
> same issue has been reported on iPhone and Mac OSX.
> I have tried using 0.0.0.1 (and have confirmed from the debug output that
> the value has been loaded), but it still does not allow the client to save
> password, so it may require the 16-bit value as you suggested.
> I also tried 0.1.0.0 (in case it was truncating) and 220.127.116.11 for good
> measure, but neither worked.
> On 14 July 2016 at 14:40, Tobias Brunner <tobias at strongswan.org> wrote:
>> Hi Tom,
>> > I am successfully sending UNITY_* attrs to IKEv1 clients which support
>> > it, but the UNITY_SAVE_PASSWD option does not seem to be accepted
>> > correctly, it simply doesn't allow the client to save their password.
>> This has been discussed previously . Basically the attr plugin only
>> supports IP addresses and strings. So setting this to `yes` or `1`
>> (which is transmitted as 0x31) won't work. If the clients accept 32-bit
>> numbers you could perhaps try 0.0.0.1 as value. But it's also possible
>> that the clients only accept the attribute in its short form (i.e. the
>> value is expected to be encoded in the 16-bit length field), which
>> neither the attr nor the attr-sql plugin supports. The latter could be
>> used to send a 16-bit instead of a 32-bit attribute, though, so that
>> might also be something worth trying.
>> By the way, what clients are you testing with?
>>  https://lists.strongswan.org/pipermail/users/2011-November/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users