---disable-xauth-vid will not disable strongSwan's XAUTH capability. The option just suppresses the sending of the Vendor ID.
Regards Andreas On 07.03.2011 08:26, Brian Zhao - 赵宪鹏 wrote: > Hi Andreas, > > Loop group. > > Thank you very much! I am using strongswan-4.2.8, defined > authby=secret, I don't know why it will contain this XAUTH. Maybe on > later version will OK. I also have some confuses, if I compiling with > --disable-xauth-vid, does it means I also disable the XAUTH function? > Then I configure authby=xauthpsk will cannot work well? If yes why we > need XAUTH-vendor-id? > > > Thanks! > > Brian > > -----Original Message----- From: Andreas Steffen > [mailto:[email protected]] Sent: 2011年3月7日 14:48 To: > Brian Zhao - 赵宪鹏 Cc: [email protected] Subject: Re: > [strongSwan] XAuth Vendor ID > > Hi Brian, > > strongSwan never sends XAUTH proposals on its own if you don't > explicitly define > > authby=xauthrsasig or authby=xauthpsk > > the default being authby=rsasig. > > But if you think that your peer is disturbed by the XAUTH Vendor ID, > you can suppress it by compiling strongSwan with the option > > ./configure --disable-xauth-vid > > Best regards > > Andreas > > On 07.03.2011 03:40, Brian Zhao - 赵宪鹏 wrote: >> Hi All, >> >> I have met a problem when use strongswan connect to another VPN >> device. Because strongswan will send a packet which contain >> contains draft-beaulieu-ike-xauth-02.txt information in phase 1, >> this information will cause other side check XAuth match and >> feedback an error message “NO-PROPOSAL-CHOSEN”. So I want to check >> you, it is strongswan’s problem or other side’s problem? Does the >> other side should just ignore this XAuth Vendor ID? I think this >> XAuth Vendor ID should not carry because I have not used XAuth. But >> the other side also should don’t care this(indeed most of VPN >> device did, only a few will check XAuth when receive packet >> contain draft-beaulieu-ike-xauth-02.txt) >> >> Could any one can give me some suggestion or information about >> this? >> >> Thanks very much! >> >> =================== >> >> Best regards, >> >> msn:[email protected] > > ====================================================================== > > Andreas Steffen [email protected] > strongSwan - the Linux VPN Solution! > www.strongswan.org Institute for Internet Technologies and > Applications University of Applied Sciences Rapperswil CH-8640 > Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== -- > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
