Klaus, I haven't experienced that problem myself - I'm using strongSwan 4.6.1 compiled with the following:
./configure --enable-mysql --enable-sql --enable-attr-sql --enable-cisco-quirks --enable-medsrv --enable-mediation --enable-medcli --enable-manager --enable-smp --with-group=vpn --enable-nat-transport some of that is absolutely nonessential to my working setup atm, realistically the most important things were --enable-cisco-quirks and --enable-nat-transport. The rest is just me playing around. :-) My ipsec.conf is posted earlier in this thread, if that ends up being any help - I've configured my VPN connections w/ the iPhone Configuration Utility from Apple - http://support.apple.com/kb/dl851, whose .mobileconfig files I've manually installed on the phone over HTTP. Chris Zelenak On Mon, Nov 28, 2011 at 5:46 PM, Klaus Darilion < [email protected]> wrote: > Hi Chris! > > Sorry for hijacking your thread - I recently setup strongSwan (4.4.1-5.2) > and connecting with my iPhone works fine, but only on the first login. > Further logins will fail and I have to restart strongSwan. > > I wonder if I am the only person with this problem or if you experience > similar problems too. > > If you do not have this problem, which strongSwan version are you using? > > Thanks > Klaus > > > > On 28.11.2011 05:31, Chris Zelenak wrote: > >> Hi, >> >> I've been trying to send down the UNITY_SAVE_PASSWD attrib (28673) to an >> iPhone client to allow local client storage of the Xauth password. ( >> iPhone client connecting w/ IPSEC XAuth + Cert, server compiled w/ cisco >> quirks ) I initially tried by loading the attr plugin and having the >> following block in my strongswan.conf: >> >> pluto { >> plugins { >> attr { >> 28672 = "pluto" >> 28673 = 1 >> } >> } >> } >> >> Both the 28672 ( UNITY_BANNER ) and 28673 ( UNITY_SAVE_PASSWD ) don't >> get picked up in the isakmp mode config sent back to the client - the >> server never sends them. ( I tried UNITY_BANNER just to debug if the >> attr plugin would pick it up at all ) Just to see if I could force it, I >> ended up inserting the following into src/pluto/modecfg.c : >> >> if (want_unity_banner) >> { >> ca = modecfg_attribute_create(**UNITY_BANNER, >> >> chunk_create(DEFAULT_UNITY_**BANNER, >> >> strlen(DEFAULT_UNITY_BANNER)))**; >> ca_list->insert_last(ca_list, ca); >> } >> + ca = modecfg_attribute_create_tv(**UNITY_SAVE_PASSWD, 1); >> + ca_list->insert_last(ca_list, ca); >> >> Now the data /does/ get sent down, but the iPhone client doesn't seem to >> be acting on the UNITY_SAVE_PASSWD value - subsequent reconnection >> attempts still prompt me for a password. From what I've been able to >> tell looking around, 1 is the correct value to send down, but I dunno... >> >> If anyone could help me out in figuring out why: >> >> A) the attr plugin doesn't seem to be working >> and >> B) if I'm sending down the value incorrectly in my hack inside modecfg.c >> >> it would be much appreciated. >> >> Thanks, >> >> Chris Zelenak >> >> >> >> ______________________________**_________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/**mailman/listinfo/users<https://lists.strongswan.org/mailman/listinfo/users> >> > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
