[vpn-devel] ikea looses Local Identity -> Identification Type when editing properties

Peter Schauer peterschauer at gmx.net
Mon Mar 22 18:52:01 CDT 2010 

Problem:
ikea looses
Authentication -> Local Identity -> Identification Type
when editing properties.

To Reproduce:
If you import the file below (this is a client file for a Lancom 1711
with certificates) and then click on Properties, the
Authentication -> Local Identity -> Identification Type
will be changed from ASN.1 to FQDN.
If the Properties are then saved, bad things will happen with this
configuration.

This is caused by site::init calling UpdateAuthentication() with
auth == AUTH_HYBRID_RSA_XAUTH, so comboBoxLocalIDType gets only
four entries (without IDTXT_ASN1).
When site::Load later on calls
  combobox_setbytext( IDTXT_ASN1, comboBoxLocalIDType );
combobox_setbytext does not find IDTXT_ASN1 and leaves it at the
default of IDTXT_FQDN.

Here is patch which fixes the issue, but I am not sure if it is the
right fix:

*** ./ike-2.1.5/source/ikea/site.ui.h.orig	Mon Mar 22 20:33:05 2010
--- ./ike-2.1.5/source/ikea/site.ui.h	Mon Mar 22 23:52:58 2010
***************
*** 510,515 ****
--- 510,516 ----
  	//
  	// NOTE : Requires phase1 exchange type & authentication mode
  
+ 	UpdateAuthentication();
  	if( config.get_string( "ident-client-type",
  		text, MAX_CONFSTRING, 0 ) )
  	{

The problem still persists in SVN Head, which has the additional
problem that the client-dns-suffix is not imported properly,
as client-dns-suffix-auto is set to 1 (it should be set to 0 for
backwards compatibility with client-dns-auto:0).

Hope that helps.

Here is the client file:

n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:network-notify-enable:1
n:client-banner-enable:1
n:client-dns-used:1
n:client-dns-auto:0
n:phase1-dhgroup:2
n:phase1-keylen:0
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-keylen:0
n:phase2-pfsgroup:2
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:1
s:network-host:XXXXXX.dyndns.org
s:client-auto-mode:pull
s:client-iface:virtual
s:network-natt-mode:enable
s:network-frag-mode:enable
s:client-dns-addr:192.168.178.222
s:client-dns-suffix:XXXXXX.local
s:auth-method:mutual-rsa
s:ident-client-type:asn1dn
s:ident-server-type:asn1dn
s:ident-server-data:CN=XXXXXXXXX
s:phase1-exchange:main
s:phase1-cipher:auto
s:phase1-hash:auto
s:phase2-transform:auto
s:phase2-hmac:auto
s:ipcomp-transform:disabled

-- 
Peter Schauer			Peter.Schauer at mytum.de

More information about the vpn-devel mailing list