Added an aggressive mode peer_cfg option
This commit is contained in:
parent
a347c1ac43
commit
5ce59d4c06
|
@ -252,7 +252,7 @@ static peer_cfg_t *load_peer_config(private_config_t *this,
|
||||||
|
|
||||||
ike_cfg = load_ike_config(this, settings, config);
|
ike_cfg = load_ike_config(this, settings, config);
|
||||||
peer_cfg = peer_cfg_create(config, IKEV2, ike_cfg, CERT_ALWAYS_SEND,
|
peer_cfg = peer_cfg_create(config, IKEV2, ike_cfg, CERT_ALWAYS_SEND,
|
||||||
UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, 0,
|
UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, 0,
|
||||||
NULL, NULL, FALSE, NULL, NULL);
|
NULL, NULL, FALSE, NULL, NULL);
|
||||||
|
|
||||||
auth = auth_cfg_create();
|
auth = auth_cfg_create();
|
||||||
|
|
|
@ -105,6 +105,11 @@ struct private_peer_cfg_t {
|
||||||
*/
|
*/
|
||||||
bool use_mobike;
|
bool use_mobike;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Use aggressive mode?
|
||||||
|
*/
|
||||||
|
bool aggressive;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Time before starting rekeying
|
* Time before starting rekeying
|
||||||
*/
|
*/
|
||||||
|
@ -381,6 +386,12 @@ METHOD(peer_cfg_t, use_mobike, bool,
|
||||||
return this->use_mobike;
|
return this->use_mobike;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
METHOD(peer_cfg_t, use_aggressive, bool,
|
||||||
|
private_peer_cfg_t *this)
|
||||||
|
{
|
||||||
|
return this->aggressive;
|
||||||
|
}
|
||||||
|
|
||||||
METHOD(peer_cfg_t, get_dpd, u_int32_t,
|
METHOD(peer_cfg_t, get_dpd, u_int32_t,
|
||||||
private_peer_cfg_t *this)
|
private_peer_cfg_t *this)
|
||||||
{
|
{
|
||||||
|
@ -574,9 +585,9 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version,
|
||||||
unique_policy_t unique, u_int32_t keyingtries,
|
unique_policy_t unique, u_int32_t keyingtries,
|
||||||
u_int32_t rekey_time, u_int32_t reauth_time,
|
u_int32_t rekey_time, u_int32_t reauth_time,
|
||||||
u_int32_t jitter_time, u_int32_t over_time,
|
u_int32_t jitter_time, u_int32_t over_time,
|
||||||
bool mobike, u_int32_t dpd, host_t *virtual_ip,
|
bool mobike, bool aggressive, u_int32_t dpd,
|
||||||
char *pool, bool mediation, peer_cfg_t *mediated_by,
|
host_t *virtual_ip, char *pool, bool mediation,
|
||||||
identification_t *peer_id)
|
peer_cfg_t *mediated_by, identification_t *peer_id)
|
||||||
{
|
{
|
||||||
private_peer_cfg_t *this;
|
private_peer_cfg_t *this;
|
||||||
|
|
||||||
|
@ -605,6 +616,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version,
|
||||||
.get_reauth_time = _get_reauth_time,
|
.get_reauth_time = _get_reauth_time,
|
||||||
.get_over_time = _get_over_time,
|
.get_over_time = _get_over_time,
|
||||||
.use_mobike = _use_mobike,
|
.use_mobike = _use_mobike,
|
||||||
|
.use_aggressive = _use_aggressive,
|
||||||
.get_dpd = _get_dpd,
|
.get_dpd = _get_dpd,
|
||||||
.get_virtual_ip = _get_virtual_ip,
|
.get_virtual_ip = _get_virtual_ip,
|
||||||
.get_pool = _get_pool,
|
.get_pool = _get_pool,
|
||||||
|
@ -632,6 +644,7 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version,
|
||||||
.jitter_time = jitter_time,
|
.jitter_time = jitter_time,
|
||||||
.over_time = over_time,
|
.over_time = over_time,
|
||||||
.use_mobike = mobike,
|
.use_mobike = mobike,
|
||||||
|
.aggressive = aggressive,
|
||||||
.dpd = dpd,
|
.dpd = dpd,
|
||||||
.virtual_ip = virtual_ip,
|
.virtual_ip = virtual_ip,
|
||||||
.pool = strdupnull(pool),
|
.pool = strdupnull(pool),
|
||||||
|
|
|
@ -256,6 +256,13 @@ struct peer_cfg_t {
|
||||||
*/
|
*/
|
||||||
bool (*use_mobike) (peer_cfg_t *this);
|
bool (*use_mobike) (peer_cfg_t *this);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Use/Accept aggressive mode with IKEv1?.
|
||||||
|
*
|
||||||
|
* @return TRUE to use aggressive mode
|
||||||
|
*/
|
||||||
|
bool (*use_aggressive)(peer_cfg_t *this);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the DPD check interval.
|
* Get the DPD check interval.
|
||||||
*
|
*
|
||||||
|
@ -357,6 +364,7 @@ struct peer_cfg_t {
|
||||||
* @param jitter_time timerange to randomly subtract from rekey/reauth time
|
* @param jitter_time timerange to randomly subtract from rekey/reauth time
|
||||||
* @param over_time maximum overtime before closing a rekeying/reauth SA
|
* @param over_time maximum overtime before closing a rekeying/reauth SA
|
||||||
* @param mobike use MOBIKE (RFC4555) if peer supports it
|
* @param mobike use MOBIKE (RFC4555) if peer supports it
|
||||||
|
* @param aggressive use/accept aggressive mode with IKEv1
|
||||||
* @param dpd DPD check interval, 0 to disable
|
* @param dpd DPD check interval, 0 to disable
|
||||||
* @param virtual_ip virtual IP for local host, or NULL
|
* @param virtual_ip virtual IP for local host, or NULL
|
||||||
* @param pool pool name to get configuration attributes from, or NULL
|
* @param pool pool name to get configuration attributes from, or NULL
|
||||||
|
@ -370,8 +378,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_version_t ike_version,
|
||||||
unique_policy_t unique, u_int32_t keyingtries,
|
unique_policy_t unique, u_int32_t keyingtries,
|
||||||
u_int32_t rekey_time, u_int32_t reauth_time,
|
u_int32_t rekey_time, u_int32_t reauth_time,
|
||||||
u_int32_t jitter_time, u_int32_t over_time,
|
u_int32_t jitter_time, u_int32_t over_time,
|
||||||
bool mobike, u_int32_t dpd, host_t *virtual_ip,
|
bool mobike, bool aggressive, u_int32_t dpd,
|
||||||
char *pool, bool mediation, peer_cfg_t *mediated_by,
|
host_t *virtual_ip, char *pool, bool mediation,
|
||||||
identification_t *peer_id);
|
peer_cfg_t *mediated_by, identification_t *peer_id);
|
||||||
|
|
||||||
#endif /** PEER_CFG_H_ @}*/
|
#endif /** PEER_CFG_H_ @}*/
|
||||||
|
|
|
@ -277,7 +277,7 @@ static job_requeue_t initiate(private_android_service_t *this)
|
||||||
UNIQUE_REPLACE, 1, /* keyingtries */
|
UNIQUE_REPLACE, 1, /* keyingtries */
|
||||||
36000, 0, /* rekey 10h, reauth none */
|
36000, 0, /* rekey 10h, reauth none */
|
||||||
600, 600, /* jitter, over 10min */
|
600, 600, /* jitter, over 10min */
|
||||||
TRUE, 0, /* mobike, DPD */
|
TRUE, FALSE, 0, /* mobike, aggressive, DPD */
|
||||||
host_create_from_string("0.0.0.0", 0) /* virt */,
|
host_create_from_string("0.0.0.0", 0) /* virt */,
|
||||||
NULL, FALSE, NULL, NULL); /* pool, mediation */
|
NULL, FALSE, NULL, NULL); /* pool, mediation */
|
||||||
|
|
||||||
|
|
|
@ -207,7 +207,7 @@ static void setup_tunnel(private_ha_tunnel_t *this,
|
||||||
remote, IKEV2_UDP_PORT);
|
remote, IKEV2_UDP_PORT);
|
||||||
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
|
||||||
peer_cfg = peer_cfg_create("ha", IKEV2, ike_cfg, CERT_NEVER_SEND,
|
peer_cfg = peer_cfg_create("ha", IKEV2, ike_cfg, CERT_NEVER_SEND,
|
||||||
UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, 30,
|
UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30,
|
||||||
NULL, NULL, FALSE, NULL, NULL);
|
NULL, NULL, FALSE, NULL, NULL);
|
||||||
|
|
||||||
auth_cfg = auth_cfg_create();
|
auth_cfg = auth_cfg_create();
|
||||||
|
|
|
@ -253,7 +253,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num)
|
||||||
CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */
|
CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */
|
||||||
this->ike_rekey, 0, /* rekey, reauth */
|
this->ike_rekey, 0, /* rekey, reauth */
|
||||||
0, this->ike_rekey, /* jitter, overtime */
|
0, this->ike_rekey, /* jitter, overtime */
|
||||||
FALSE, this->dpd_delay, /* mobike, dpddelay */
|
FALSE, FALSE, /* mobike, aggressive mode */
|
||||||
|
this->dpd_delay, /* dpddelay */
|
||||||
this->vip ? this->vip->clone(this->vip) : NULL,
|
this->vip ? this->vip->clone(this->vip) : NULL,
|
||||||
this->pool, FALSE, NULL, NULL);
|
this->pool, FALSE, NULL, NULL);
|
||||||
if (num)
|
if (num)
|
||||||
|
|
|
@ -332,7 +332,7 @@ static gboolean initiate_connection(private_maemo_service_t *this,
|
||||||
UNIQUE_REPLACE, 1, /* keyingtries */
|
UNIQUE_REPLACE, 1, /* keyingtries */
|
||||||
36000, 0, /* rekey 10h, reauth none */
|
36000, 0, /* rekey 10h, reauth none */
|
||||||
600, 600, /* jitter, over 10min */
|
600, 600, /* jitter, over 10min */
|
||||||
TRUE, 0, /* mobike, DPD */
|
TRUE, FALSE, 0, /* mobike, aggressive, DPD */
|
||||||
host_create_from_string("0.0.0.0", 0) /* virt */,
|
host_create_from_string("0.0.0.0", 0) /* virt */,
|
||||||
NULL, FALSE, NULL, NULL); /* pool, mediation */
|
NULL, FALSE, NULL, NULL); /* pool, mediation */
|
||||||
|
|
||||||
|
|
|
@ -126,7 +126,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
|
||||||
CERT_NEVER_SEND, UNIQUE_REPLACE,
|
CERT_NEVER_SEND, UNIQUE_REPLACE,
|
||||||
1, this->rekey*60, 0, /* keytries, rekey, reauth */
|
1, this->rekey*60, 0, /* keytries, rekey, reauth */
|
||||||
this->rekey*5, this->rekey*3, /* jitter, overtime */
|
this->rekey*5, this->rekey*3, /* jitter, overtime */
|
||||||
TRUE, this->dpd, /* mobike, dpddelay */
|
TRUE, FALSE, this->dpd, /* mobike, aggressive, dpddelay */
|
||||||
NULL, NULL, /* vip, pool */
|
NULL, NULL, /* vip, pool */
|
||||||
TRUE, NULL, NULL); /* mediation, med by, peer id */
|
TRUE, NULL, NULL); /* mediation, med by, peer id */
|
||||||
e->destroy(e);
|
e->destroy(e);
|
||||||
|
@ -163,7 +163,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
|
||||||
CERT_NEVER_SEND, UNIQUE_REPLACE,
|
CERT_NEVER_SEND, UNIQUE_REPLACE,
|
||||||
1, this->rekey*60, 0, /* keytries, rekey, reauth */
|
1, this->rekey*60, 0, /* keytries, rekey, reauth */
|
||||||
this->rekey*5, this->rekey*3, /* jitter, overtime */
|
this->rekey*5, this->rekey*3, /* jitter, overtime */
|
||||||
TRUE, this->dpd, /* mobike, dpddelay */
|
TRUE, FALSE, this->dpd, /* mobike, aggressive, dpddelay */
|
||||||
NULL, NULL, /* vip, pool */
|
NULL, NULL, /* vip, pool */
|
||||||
FALSE, med_cfg, /* mediation, med by */
|
FALSE, med_cfg, /* mediation, med by */
|
||||||
identification_create_from_encoding(ID_KEY_ID, other));
|
identification_create_from_encoding(ID_KEY_ID, other));
|
||||||
|
@ -238,7 +238,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
|
||||||
CERT_NEVER_SEND, UNIQUE_REPLACE,
|
CERT_NEVER_SEND, UNIQUE_REPLACE,
|
||||||
1, this->rekey*60, 0, /* keytries, rekey, reauth */
|
1, this->rekey*60, 0, /* keytries, rekey, reauth */
|
||||||
this->rekey*5, this->rekey*3, /* jitter, overtime */
|
this->rekey*5, this->rekey*3, /* jitter, overtime */
|
||||||
TRUE, this->dpd, /* mobike, dpddelay */
|
TRUE, FALSE, this->dpd, /* mobike, aggr., dpddelay */
|
||||||
NULL, NULL, /* vip, pool */
|
NULL, NULL, /* vip, pool */
|
||||||
FALSE, NULL, NULL); /* mediation, med by, peer id */
|
FALSE, NULL, NULL); /* mediation, med by, peer id */
|
||||||
|
|
||||||
|
|
|
@ -92,7 +92,7 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*,
|
||||||
CERT_NEVER_SEND, UNIQUE_REPLACE,
|
CERT_NEVER_SEND, UNIQUE_REPLACE,
|
||||||
1, this->rekey*60, 0, /* keytries, rekey, reauth */
|
1, this->rekey*60, 0, /* keytries, rekey, reauth */
|
||||||
this->rekey*5, this->rekey*3, /* jitter, overtime */
|
this->rekey*5, this->rekey*3, /* jitter, overtime */
|
||||||
TRUE, this->dpd, /* mobike, dpddelay */
|
TRUE, FALSE, this->dpd, /* mobike, aggr., dpddelay */
|
||||||
NULL, NULL, /* vip, pool */
|
NULL, NULL, /* vip, pool */
|
||||||
TRUE, NULL, NULL); /* mediation, med by, peer id */
|
TRUE, NULL, NULL); /* mediation, med by, peer id */
|
||||||
e->destroy(e);
|
e->destroy(e);
|
||||||
|
|
|
@ -503,7 +503,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection,
|
||||||
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
|
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
|
||||||
36000, 0, /* rekey 10h, reauth none */
|
36000, 0, /* rekey 10h, reauth none */
|
||||||
600, 600, /* jitter, over 10min */
|
600, 600, /* jitter, over 10min */
|
||||||
TRUE, 0, /* mobike, DPD */
|
TRUE, FALSE, 0, /* mobike, aggressive, DPD */
|
||||||
virtual ? host_create_from_string("0.0.0.0", 0) : NULL,
|
virtual ? host_create_from_string("0.0.0.0", 0) : NULL,
|
||||||
NULL, FALSE, NULL, NULL); /* pool, mediation */
|
NULL, FALSE, NULL, NULL); /* pool, mediation */
|
||||||
auth = auth_cfg_create();
|
auth = auth_cfg_create();
|
||||||
|
|
|
@ -370,7 +370,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e,
|
||||||
peer_cfg = peer_cfg_create(
|
peer_cfg = peer_cfg_create(
|
||||||
name, IKEV2, ike, cert_policy, uniqueid,
|
name, IKEV2, ike, cert_policy, uniqueid,
|
||||||
keyingtries, rekeytime, reauthtime, jitter, overtime,
|
keyingtries, rekeytime, reauthtime, jitter, overtime,
|
||||||
mobike, dpd_delay, vip, pool,
|
mobike, FALSE, dpd_delay, vip, pool,
|
||||||
mediation, mediated_cfg, peer_id);
|
mediation, mediated_cfg, peer_id);
|
||||||
auth = auth_cfg_create();
|
auth = auth_cfg_create();
|
||||||
auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_method);
|
auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_method);
|
||||||
|
|
|
@ -689,7 +689,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this,
|
||||||
msg->add_conn.version, ike_cfg,
|
msg->add_conn.version, ike_cfg,
|
||||||
msg->add_conn.me.sendcert, unique,
|
msg->add_conn.me.sendcert, unique,
|
||||||
msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
|
msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
|
||||||
msg->add_conn.mobike, msg->add_conn.dpd.delay,
|
msg->add_conn.mobike, FALSE, msg->add_conn.dpd.delay,
|
||||||
vip, msg->add_conn.other.sourceip_mask ?
|
vip, msg->add_conn.other.sourceip_mask ?
|
||||||
msg->add_conn.name : msg->add_conn.other.sourceip,
|
msg->add_conn.name : msg->add_conn.other.sourceip,
|
||||||
msg->add_conn.ikeme.mediation, mediated_by, peer_id);
|
msg->add_conn.ikeme.mediation, mediated_by, peer_id);
|
||||||
|
|
|
@ -175,7 +175,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
|
||||||
name, IKEV2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
|
name, IKEV2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
|
||||||
1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */
|
1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */
|
||||||
1800, 900, /* jitter, overtime */
|
1800, 900, /* jitter, overtime */
|
||||||
TRUE, 60, /* mobike, dpddelay */
|
TRUE, FALSE, 60, /* mobike, aggr., dpddelay */
|
||||||
NULL, NULL, /* vip, pool */
|
NULL, NULL, /* vip, pool */
|
||||||
FALSE, NULL, NULL); /* mediation, med by, peer id */
|
FALSE, NULL, NULL); /* mediation, med by, peer id */
|
||||||
auth = auth_cfg_create();
|
auth = auth_cfg_create();
|
||||||
|
|
Loading…
Reference in New Issue