Just for the records: I solved my problems and re-connect work now. The problem was solved by using strongSwan 4.6.1 (make; make install).
I failed with Debian's 4.4.1-5.1 (re-connect failed) and Debian's 4.5.2-1.2 (no connect at all). Anybody tried making Debian packets of 4.6.1? I failed ... Thanks Klaus On 29.11.2011 00:09, Chris Zelenak wrote: > Klaus, > > I haven't experienced that problem myself - I'm using strongSwan 4.6.1 > compiled with the following: > > ./configure --enable-mysql --enable-sql --enable-attr-sql > --enable-cisco-quirks --enable-medsrv --enable-mediation --enable-medcli > --enable-manager --enable-smp --with-group=vpn --enable-nat-transport > > some of that is absolutely nonessential to my working setup atm, > realistically the most important things were --enable-cisco-quirks and > --enable-nat-transport. The rest is just me playing around. :-) My > ipsec.conf is posted earlier in this thread, if that ends up being any > help - I've configured my VPN connections w/ the iPhone Configuration > Utility from Apple - http://support.apple.com/kb/dl851, whose > .mobileconfig files I've manually installed on the phone over HTTP. > > Chris Zelenak > > > On Mon, Nov 28, 2011 at 5:46 PM, Klaus Darilion > <klaus.mailingli...@pernau.at <mailto:klaus.mailingli...@pernau.at>> wrote: > > Hi Chris! > > Sorry for hijacking your thread - I recently setup strongSwan > (4.4.1-5.2) and connecting with my iPhone works fine, but only on > the first login. Further logins will fail and I have to restart > strongSwan. > > I wonder if I am the only person with this problem or if you > experience similar problems too. > > If you do not have this problem, which strongSwan version are you using? > > Thanks > Klaus > > > > On 28.11.2011 05:31, Chris Zelenak wrote: > > Hi, > > I've been trying to send down the UNITY_SAVE_PASSWD attrib > (28673) to an > iPhone client to allow local client storage of the Xauth password. ( > iPhone client connecting w/ IPSEC XAuth + Cert, server compiled > w/ cisco > quirks ) I initially tried by loading the attr plugin and > having the > following block in my strongswan.conf: > > pluto { > plugins { > attr { > 28672 = "pluto" > 28673 = 1 > } > } > } > > Both the 28672 ( UNITY_BANNER ) and 28673 ( UNITY_SAVE_PASSWD ) > don't > get picked up in the isakmp mode config sent back to the client > - the > server never sends them. ( I tried UNITY_BANNER just to debug > if the > attr plugin would pick it up at all ) Just to see if I could > force it, I > ended up inserting the following into src/pluto/modecfg.c : > > if (want_unity_banner) > { > ca = modecfg_attribute_create(__UNITY_BANNER, > > chunk_create(DEFAULT_UNITY___BANNER, > > strlen(DEFAULT_UNITY_BANNER)))__; > ca_list->insert_last(ca_list, ca); > } > + ca = modecfg_attribute_create_tv(__UNITY_SAVE_PASSWD, 1); > + ca_list->insert_last(ca_list, ca); > > Now the data /does/ get sent down, but the iPhone client doesn't > seem to > be acting on the UNITY_SAVE_PASSWD value - subsequent reconnection > attempts still prompt me for a password. From what I've been able to > tell looking around, 1 is the correct value to send down, but I > dunno... > > If anyone could help me out in figuring out why: > > A) the attr plugin doesn't seem to be working > and > B) if I'm sending down the value incorrectly in my hack inside > modecfg.c > > it would be much appreciated. > > Thanks, > > Chris Zelenak > > > > _________________________________________________ > Users mailing list > Users@lists.strongswan.org <mailto:Users@lists.strongswan.org> > https://lists.strongswan.org/__mailman/listinfo/users > <https://lists.strongswan.org/mailman/listinfo/users> > > > _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users