ike: Send AEAD ESP default proposal first
We generally prefer AEAD nowadays. References #3461.
This commit is contained in:
parent
c7bef954ee
commit
33412158f5
|
@ -362,9 +362,8 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this,
|
|||
}
|
||||
else
|
||||
{
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg,
|
||||
proposal_create_default_aead(PROTO_ESP));
|
||||
}
|
||||
while (this->local_ts->remove_first(this->local_ts, (void**)&ts) == SUCCESS)
|
||||
{
|
||||
|
|
|
@ -834,8 +834,8 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
|
|||
}
|
||||
else
|
||||
{
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
}
|
||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||
|
|
|
@ -192,9 +192,8 @@ static child_cfg_t *load_child_config(private_config_t *this,
|
|||
}
|
||||
else
|
||||
{
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg,
|
||||
proposal_create_default_aead(PROTO_ESP));
|
||||
}
|
||||
|
||||
token = settings->get_str(settings, "configs.%s.%s.lts", NULL, config, child);
|
||||
|
|
|
@ -150,8 +150,8 @@ static child_cfg_t* create_child_cfg(char *name)
|
|||
child_cfg->add_proposal(child_cfg, proposal_create_from_string(PROTO_ESP,
|
||||
"aes128gcm8-aes128gcm12-aes128gcm16-"
|
||||
"aes256gcm8-aes256gcm12-aes256gcm16"));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
ts = traffic_selector_create_dynamic(0, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts);
|
||||
ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE,
|
||||
|
|
|
@ -256,8 +256,8 @@ static void setup_tunnel(private_ha_tunnel_t *this,
|
|||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
|
||||
ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535);
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
||||
|
||||
this->backend.cfg = peer_cfg;
|
||||
|
|
|
@ -196,8 +196,8 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
|
|||
peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
|
||||
|
||||
child_cfg = child_cfg_create(name, &child);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
|
||||
peer_cfg->add_child_cfg(peer_cfg, child_cfg);
|
||||
|
@ -277,8 +277,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
|
|||
this->current->add_auth_cfg(this->current, auth, FALSE);
|
||||
|
||||
child_cfg = child_cfg_create(name, &child);
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP));
|
||||
child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP));
|
||||
child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net));
|
||||
child_cfg->add_traffic_selector(child_cfg, FALSE, ts_from_string(remote_net));
|
||||
this->current->add_child_cfg(this->current, child_cfg);
|
||||
|
|
|
@ -153,8 +153,8 @@ static void add_esp_proposals(private_sql_config_t *this,
|
|||
}
|
||||
if (use_default)
|
||||
{
|
||||
child->add_proposal(child, proposal_create_default(PROTO_ESP));
|
||||
child->add_proposal(child, proposal_create_default_aead(PROTO_ESP));
|
||||
child->add_proposal(child, proposal_create_default(PROTO_ESP));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2006,12 +2006,12 @@ CALLBACK(children_sn, bool,
|
|||
}
|
||||
if (child.proposals->get_count(child.proposals) == 0)
|
||||
{
|
||||
proposal = proposal_create_default(PROTO_ESP);
|
||||
proposal = proposal_create_default_aead(PROTO_ESP);
|
||||
if (proposal)
|
||||
{
|
||||
child.proposals->insert_last(child.proposals, proposal);
|
||||
}
|
||||
proposal = proposal_create_default_aead(PROTO_ESP);
|
||||
proposal = proposal_create_default(PROTO_ESP);
|
||||
if (proposal)
|
||||
{
|
||||
child.proposals->insert_last(child.proposals, proposal);
|
||||
|
|
Loading…
Reference in New Issue