[strongSwan] UNITY_SAVE_PASSWD not honoured?

[Tom Griffin]

Hello,

Is it possible to log this as a bug?

Thanks,
Tom

On 14 July 2016 at 16:33, Tom Griffin <t.griffin at sheffield.ac.uk> wrote:

> Hi Tobias,
>
> I am personally testing with the Cisco VPN Client for Windows. But the
> same issue has been reported on iPhone and Mac OSX.
>
> I have tried using 0.0.0.1 (and have confirmed from the debug output that
> the value has been loaded), but it still does not allow the client to save
> password, so it may require the 16-bit value as you suggested.
>
> I also tried 0.1.0.0 (in case it was truncating) and 1.1.1.1 for good
> measure, but neither worked.
>
> Thanks,
> Tom
>
> On 14 July 2016 at 14:40, Tobias Brunner <tobias at strongswan.org> wrote:
>
>> Hi Tom,
>>
>> > I am successfully sending UNITY_* attrs to IKEv1 clients which support
>> > it, but the UNITY_SAVE_PASSWD option does not seem to be accepted
>> > correctly, it simply doesn't allow the client to save their password.
>>
>> This has been discussed previously [1].  Basically the attr plugin only
>> supports IP addresses and strings.  So setting this to `yes` or `1`
>> (which is transmitted as 0x31) won't work.  If the clients accept 32-bit
>> numbers you could perhaps try 0.0.0.1 as value.  But it's also possible
>> that the clients only accept the attribute in its short form (i.e. the
>> value is expected to be encoded in the 16-bit length field), which
>> neither the attr nor the attr-sql plugin supports.  The latter could be
>> used to send a 16-bit instead of a 32-bit attribute, though, so that
>> might also be something worth trying.
>>
>> By the way, what clients are you testing with?
>>
>> Regards,
>> Tobias
>>
>> [1] https://lists.strongswan.org/pipermail/users/2011-November/
>> 002342.html
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160908/15897bd4/attachment.html>