On Feb 2, 2013, at 2:49 PM, Brian Mastenbrook <[email protected]> wrote:
> Is anyone successfully using StrongSwan 5.x with OS X/iOS clients using > "Cisco IPsec" (XAUTH + tunnel mode)? I'm finding that clients drop after 45 > minutes because the client wants to rekey, but doesn't expect to have to > perform XAUTH authentication again. I found a recent issue report > (http://wiki.strongswan.org/issues/260), and a patch for pluto > (https://lists.strongswan.org/pipermail/users/2011-September/006613.html) to > work around the issue, but I'm at a bit of a loss as to how to proceed with > charon. Apple does not regard this as a bug in OS X and is not intending on > fixing the behavior. Is this possible to accomplish with charon, or if not, > is it straightforward to implement? I dug into the source a little and wasn't > sure where to begin. I've been able to make this work with OS X clients with a small hack: basically, sending an OK status immediately instead of a request for authentication works. I don't particularly care that XAUTH authentication never occurs in this case because I'd be using pure RSA if OS X would let me get away with it. Is there any interest in a cleaner patch for this "fake XAUTH" mode? -- Brian Mastenbrook [email protected] http:/brian.mastenbrook.net/ _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
