Project

General

Profile

Bug #631

xauth-pam and standard android ipsec client

Added by Carl Hörberg over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Category:
android
Target version:
Start date:
29.06.2014
Due date:
Estimated time:
Affected version:
5.1.2
Resolution:
Fixed

Description

Connecting with Android's (4.4.2) built in IPSec client fails when rightauth2 is xauth-pam. It works perfectly fine with the OS X built in IPSec client. The Android client works just fine when rightauth2 = xauth-generic.

config setup
conn psk-pam
  keyexchange=ikev1
  left=%defaultroute
  leftauth=psk
  leftsubnet=0.0.0.0/0
  leftfirewall=yes
  right=%any
  rightauth=psk
  rightauth2=xauth-pam
  rightsubnet=10.7.0.0/24
  rightsourceip=10.7.0.0/24
  rightdns=8.8.8.8,8.8.4.4
  auto=add
charon.log (23.5 KB) charon.log Server side log when an andorid client tries to connect with xauth-pam Carl Hörberg, 29.06.2014 22:59
xauth-pam-null-password.patch (702 Bytes) xauth-pam-null-password.patch Tobias Brunner, 30.06.2014 11:03

Associated revisions

Revision 44870e53 (diff)
Added by Tobias Brunner over 6 years ago

xauth-pam: Add workaround for null-terminated passwords

Fixes #631.

History

#1 Updated by Tobias Brunner over 6 years ago

It's probably due to the Android client sending the passwords null-terminated. We have a workaround for this in the xauth-generic plugin, but there is none yet in the xauth-pam plugin.

Could you please try if the attached patch fixes the issue?

#2 Updated by Carl Hörberg over 6 years ago

Yes, confirmed, it works with the patch applied!

#3 Updated by Tobias Brunner over 6 years ago

  • Tracker changed from Issue to Bug
  • Status changed from Feedback to Closed
  • Target version set to 5.2.0
  • Resolution set to Fixed

#4 Updated by Tobias Brunner over 6 years ago

Thanks for testing the patch. Will be included in 5.2.0.

Also available in: Atom PDF