Project

General

Profile

Feature #273

Updated by Tobias Brunner about 7 years ago

The server told me to use "IPSecVPN" as USER_FQDN.
strongswan automatically parses this as FQDN, which the server doesn't accept.

I wrote a workaround (added it to strongswan-5.0.1/src/libstrongswan/utils/identification.c after line 993):
<pre><code class="diff">

if (*string == '@')
{
if (*(string + 1) == '#')
{
this = identification_create(ID_KEY_ID);
string += 2;
this->encoded = chunk_from_hex(
chunk_create(string, strlen(string)), NULL);
return &this->public;
}
+ else if (*(string + 1) == '@')
+ {
+ this = identification_create(ID_RFC822_ADDR);
+ string += 2;
+ this->encoded.len = strlen(string);
+ if (this->encoded.len)
+ {
+ this->encoded.ptr = strdup(string);
+ }
+ return &this->public;
+ }
else
{
this = identification_create(ID_FQDN);
string += 1;
this->encoded.len = strlen(string);
if (this->encoded.len)
{
this->encoded.ptr = strdup(string);
}
return &this->public;
}
}
</code></pre>



Now i write it down as @@IPSecVPN, but i don't think that is a nice way.
Maybe you have any idea to make this working another way, maybe a config or a prefix as in the certs (i had to use PSK, so i couldn't take it from the cert).

It would be pretty comfortable to import connections from .vpn or .ini files, even if its not a full support. It would be pretty easy to use, because this firewall-vpn-devices mostly export this configs.. even if i just would have a tool which gives me an output with a example configuration.
I think I'm not advanced enough with strongswan to write it myself.

Have a good day and a happy new year everyone

Back