Implemented PT-EAP protocol (RFC 7171)
This commit is contained in:
parent
ab21875f50
commit
8d59090349
|
@ -1,6 +1,6 @@
|
||||||
charon.plugins.eap-tnc.max_message_count = 10
|
charon.plugins.eap-tnc.max_message_count = 10
|
||||||
Maximum number of processed EAP-TNC packets (0 = no limit).
|
Maximum number of processed EAP-TNC packets (0 = no limit).
|
||||||
|
|
||||||
charon.plugins.eap-tnc.protocol = tnccs-1.1
|
charon.plugins.eap-tnc.protocol = tnccs-2.0
|
||||||
IF-TNCCS protocol version to be used (_tnccs-1.1_, _tnccs-2.0_,
|
IF-TNCCS protocol version to be used (_tnccs-1.1_, _tnccs-2.0_,
|
||||||
_tnccs-dynamic_).
|
_tnccs-dynamic_).
|
||||||
|
|
|
@ -16,5 +16,8 @@ charon.plugins.eap-ttls.phase2_piggyback = no
|
||||||
charon.plugins.eap-ttls.phase2_tnc = no
|
charon.plugins.eap-ttls.phase2_tnc = no
|
||||||
Start phase2 EAP TNC protocol after successful client authentication.
|
Start phase2 EAP TNC protocol after successful client authentication.
|
||||||
|
|
||||||
|
charon.plugins.eap-ttls.phase2_tnc_method = pt
|
||||||
|
Phase2 EAP TNC transport protocol (_pt_ as IETF standard or legacy _tnc_)
|
||||||
|
|
||||||
charon.plugins.eap-ttls.request_peer_auth = no
|
charon.plugins.eap-ttls.request_peer_auth = no
|
||||||
Request peer authentication based on a client certificate.
|
Request peer authentication based on a client certificate.
|
||||||
|
|
|
@ -46,6 +46,11 @@ struct private_eap_tnc_t {
|
||||||
*/
|
*/
|
||||||
eap_tnc_t public;
|
eap_tnc_t public;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Inner EAP authentication type
|
||||||
|
*/
|
||||||
|
eap_type_t type;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Outer EAP authentication type
|
* Outer EAP authentication type
|
||||||
*/
|
*/
|
||||||
|
@ -124,7 +129,7 @@ METHOD(eap_method_t, initiate, status_t,
|
||||||
private_eap_tnc_t *this, eap_payload_t **out)
|
private_eap_tnc_t *this, eap_payload_t **out)
|
||||||
{
|
{
|
||||||
chunk_t data;
|
chunk_t data;
|
||||||
u_int32_t auth_type;
|
uint32_t auth_type;
|
||||||
|
|
||||||
/* Determine TNC Client Authentication Type */
|
/* Determine TNC Client Authentication Type */
|
||||||
switch (this->auth_type)
|
switch (this->auth_type)
|
||||||
|
@ -175,10 +180,10 @@ METHOD(eap_method_t, process, status_t,
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(eap_method_t, get_type, eap_type_t,
|
METHOD(eap_method_t, get_type, eap_type_t,
|
||||||
private_eap_tnc_t *this, u_int32_t *vendor)
|
private_eap_tnc_t *this, uint32_t *vendor)
|
||||||
{
|
{
|
||||||
*vendor = 0;
|
*vendor = 0;
|
||||||
return EAP_TNC;
|
return this->type;
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(eap_method_t, get_msk, status_t,
|
METHOD(eap_method_t, get_msk, status_t,
|
||||||
|
@ -192,14 +197,14 @@ METHOD(eap_method_t, get_msk, status_t,
|
||||||
return FAILED;
|
return FAILED;
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(eap_method_t, get_identifier, u_int8_t,
|
METHOD(eap_method_t, get_identifier, uint8_t,
|
||||||
private_eap_tnc_t *this)
|
private_eap_tnc_t *this)
|
||||||
{
|
{
|
||||||
return this->tls_eap->get_identifier(this->tls_eap);
|
return this->tls_eap->get_identifier(this->tls_eap);
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(eap_method_t, set_identifier, void,
|
METHOD(eap_method_t, set_identifier, void,
|
||||||
private_eap_tnc_t *this, u_int8_t identifier)
|
private_eap_tnc_t *this, uint8_t identifier)
|
||||||
{
|
{
|
||||||
this->tls_eap->set_identifier(this->tls_eap, identifier);
|
this->tls_eap->set_identifier(this->tls_eap, identifier);
|
||||||
}
|
}
|
||||||
|
@ -214,7 +219,7 @@ METHOD(eap_method_t, destroy, void,
|
||||||
private_eap_tnc_t *this)
|
private_eap_tnc_t *this)
|
||||||
{
|
{
|
||||||
chunk_t pdp_server;
|
chunk_t pdp_server;
|
||||||
u_int16_t pdp_port;
|
uint16_t pdp_port;
|
||||||
tls_t *tls;
|
tls_t *tls;
|
||||||
|
|
||||||
pdp_server = this->tnccs->get_pdp_server(this->tnccs, &pdp_port);
|
pdp_server = this->tnccs->get_pdp_server(this->tnccs, &pdp_port);
|
||||||
|
@ -245,13 +250,14 @@ METHOD(eap_inner_method_t, set_auth_type, void,
|
||||||
* Generic private constructor
|
* Generic private constructor
|
||||||
*/
|
*/
|
||||||
static eap_tnc_t *eap_tnc_create(identification_t *server,
|
static eap_tnc_t *eap_tnc_create(identification_t *server,
|
||||||
identification_t *peer, bool is_server)
|
identification_t *peer, bool is_server,
|
||||||
|
eap_type_t type)
|
||||||
{
|
{
|
||||||
private_eap_tnc_t *this;
|
private_eap_tnc_t *this;
|
||||||
int max_msg_count;
|
int max_msg_count;
|
||||||
char* protocol;
|
char* protocol;
|
||||||
tnccs_t *tnccs;
|
tnccs_t *tnccs;
|
||||||
tnccs_type_t type;
|
tnccs_type_t tnccs_type;
|
||||||
|
|
||||||
INIT(this,
|
INIT(this,
|
||||||
.public = {
|
.public = {
|
||||||
|
@ -270,24 +276,25 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
||||||
.set_auth_type = _set_auth_type,
|
.set_auth_type = _set_auth_type,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
.type = type,
|
||||||
);
|
);
|
||||||
|
|
||||||
max_msg_count = lib->settings->get_int(lib->settings,
|
max_msg_count = lib->settings->get_int(lib->settings,
|
||||||
"%s.plugins.eap-tnc.max_message_count",
|
"%s.plugins.eap-tnc.max_message_count",
|
||||||
EAP_TNC_MAX_MESSAGE_COUNT, lib->ns);
|
EAP_TNC_MAX_MESSAGE_COUNT, lib->ns);
|
||||||
protocol = lib->settings->get_str(lib->settings,
|
protocol = lib->settings->get_str(lib->settings,
|
||||||
"%s.plugins.eap-tnc.protocol", "tnccs-1.1", lib->ns);
|
"%s.plugins.eap-tnc.protocol", "tnccs-2.0", lib->ns);
|
||||||
if (strcaseeq(protocol, "tnccs-2.0"))
|
if (strcaseeq(protocol, "tnccs-2.0"))
|
||||||
{
|
{
|
||||||
type = TNCCS_2_0;
|
tnccs_type = TNCCS_2_0;
|
||||||
}
|
}
|
||||||
else if (strcaseeq(protocol, "tnccs-1.1"))
|
else if (strcaseeq(protocol, "tnccs-1.1"))
|
||||||
{
|
{
|
||||||
type = TNCCS_1_1;
|
tnccs_type = TNCCS_1_1;
|
||||||
}
|
}
|
||||||
else if (strcaseeq(protocol, "tnccs-dynamic") && is_server)
|
else if (strcaseeq(protocol, "tnccs-dynamic") && is_server)
|
||||||
{
|
{
|
||||||
type = TNCCS_DYNAMIC;
|
tnccs_type = TNCCS_DYNAMIC;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -295,8 +302,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
||||||
free(this);
|
free(this);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
tnccs = tnc->tnccs->create_instance(tnc->tnccs, type,
|
tnccs = tnc->tnccs->create_instance(tnc->tnccs, tnccs_type,
|
||||||
is_server, server, peer, TNC_IFT_EAP_1_1,
|
is_server, server, peer,
|
||||||
|
(type == EAP_TNC) ? TNC_IFT_EAP_1_1 : TNC_IFT_EAP_2_0,
|
||||||
is_server ? enforce_recommendation : NULL);
|
is_server ? enforce_recommendation : NULL);
|
||||||
if (!tnccs)
|
if (!tnccs)
|
||||||
{
|
{
|
||||||
|
@ -305,7 +313,7 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
this->tnccs = tnccs->get_ref(tnccs);
|
this->tnccs = tnccs->get_ref(tnccs);
|
||||||
this->tls_eap = tls_eap_create(EAP_TNC, &tnccs->tls,
|
this->tls_eap = tls_eap_create(type, &tnccs->tls,
|
||||||
EAP_TNC_MAX_MESSAGE_LEN,
|
EAP_TNC_MAX_MESSAGE_LEN,
|
||||||
max_msg_count, FALSE);
|
max_msg_count, FALSE);
|
||||||
if (!this->tls_eap)
|
if (!this->tls_eap)
|
||||||
|
@ -319,11 +327,23 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
||||||
eap_tnc_t *eap_tnc_create_server(identification_t *server,
|
eap_tnc_t *eap_tnc_create_server(identification_t *server,
|
||||||
identification_t *peer)
|
identification_t *peer)
|
||||||
{
|
{
|
||||||
return eap_tnc_create(server, peer, TRUE);
|
return eap_tnc_create(server, peer, TRUE, EAP_TNC);
|
||||||
}
|
}
|
||||||
|
|
||||||
eap_tnc_t *eap_tnc_create_peer(identification_t *server,
|
eap_tnc_t *eap_tnc_create_peer(identification_t *server,
|
||||||
identification_t *peer)
|
identification_t *peer)
|
||||||
{
|
{
|
||||||
return eap_tnc_create(server, peer, FALSE);
|
return eap_tnc_create(server, peer, FALSE, EAP_TNC);
|
||||||
|
}
|
||||||
|
|
||||||
|
eap_tnc_t *eap_tnc_pt_create_server(identification_t *server,
|
||||||
|
identification_t *peer)
|
||||||
|
{
|
||||||
|
return eap_tnc_create(server, peer, TRUE, EAP_PT_EAP);
|
||||||
|
}
|
||||||
|
|
||||||
|
eap_tnc_t *eap_tnc_pt_create_peer(identification_t *server,
|
||||||
|
identification_t *peer)
|
||||||
|
{
|
||||||
|
return eap_tnc_create(server, peer, FALSE, EAP_PT_EAP);
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,7 +26,7 @@ typedef struct eap_tnc_t eap_tnc_t;
|
||||||
#include <sa/eap/eap_inner_method.h>
|
#include <sa/eap/eap_inner_method.h>
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implementation of the eap_method_t interface using EAP-TNC.
|
* Implementation of the eap_method_t interface using EAP-TNC or PT-EAP.
|
||||||
*/
|
*/
|
||||||
struct eap_tnc_t {
|
struct eap_tnc_t {
|
||||||
|
|
||||||
|
@ -43,7 +43,8 @@ struct eap_tnc_t {
|
||||||
* @param peer ID of the EAP client
|
* @param peer ID of the EAP client
|
||||||
* @return eap_tnc_t object
|
* @return eap_tnc_t object
|
||||||
*/
|
*/
|
||||||
eap_tnc_t *eap_tnc_create_server(identification_t *server, identification_t *peer);
|
eap_tnc_t *eap_tnc_create_server(identification_t *server,
|
||||||
|
identification_t *peer);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates the EAP method EAP-TNC acting as peer.
|
* Creates the EAP method EAP-TNC acting as peer.
|
||||||
|
@ -52,6 +53,27 @@ eap_tnc_t *eap_tnc_create_server(identification_t *server, identification_t *pee
|
||||||
* @param peer ID of the EAP client
|
* @param peer ID of the EAP client
|
||||||
* @return eap_tnc_t object
|
* @return eap_tnc_t object
|
||||||
*/
|
*/
|
||||||
eap_tnc_t *eap_tnc_create_peer(identification_t *server, identification_t *peer);
|
eap_tnc_t *eap_tnc_create_peer(identification_t *server,
|
||||||
|
identification_t *peer);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates the EAP method PT-EAP acting as server.
|
||||||
|
*
|
||||||
|
* @param server ID of the EAP server
|
||||||
|
* @param peer ID of the EAP client
|
||||||
|
* @return eap_tnc_t object
|
||||||
|
*/
|
||||||
|
eap_tnc_t *eap_tnc_pt_create_server(identification_t *server,
|
||||||
|
identification_t *peer);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates the EAP method PT-EAP acting as peer.
|
||||||
|
*
|
||||||
|
* @param server ID of the EAP server
|
||||||
|
* @param peer ID of the EAP client
|
||||||
|
* @return eap_tnc_t object
|
||||||
|
*/
|
||||||
|
eap_tnc_t *eap_tnc_pt_create_peer(identification_t *server,
|
||||||
|
identification_t *peer);
|
||||||
|
|
||||||
#endif /** EAP_TNC_H_ @}*/
|
#endif /** EAP_TNC_H_ @}*/
|
||||||
|
|
|
@ -36,6 +36,14 @@ METHOD(plugin_t, get_features, int,
|
||||||
PLUGIN_PROVIDE(EAP_PEER, EAP_TNC),
|
PLUGIN_PROVIDE(EAP_PEER, EAP_TNC),
|
||||||
PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS),
|
PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS),
|
||||||
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
|
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
|
||||||
|
PLUGIN_CALLBACK(eap_method_register, eap_tnc_pt_create_server),
|
||||||
|
PLUGIN_PROVIDE(EAP_SERVER, EAP_PT_EAP),
|
||||||
|
PLUGIN_DEPENDS(EAP_SERVER, EAP_TTLS),
|
||||||
|
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
|
||||||
|
PLUGIN_CALLBACK(eap_method_register, eap_tnc_pt_create_peer),
|
||||||
|
PLUGIN_PROVIDE(EAP_PEER, EAP_PT_EAP),
|
||||||
|
PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS),
|
||||||
|
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
|
||||||
};
|
};
|
||||||
*features = f;
|
*features = f;
|
||||||
return countof(f);
|
return countof(f);
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2010 Andreas Steffen
|
* Copyright (C) 2010-2014 Andreas Steffen
|
||||||
* Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
* This program is free software; you can redistribute it and/or modify it
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
* under the terms of the GNU General Public License as published by the
|
* under the terms of the GNU General Public License as published by the
|
||||||
|
@ -107,22 +107,34 @@ static status_t start_phase2_auth(private_eap_ttls_server_t *this)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* If configured, start EAP-TNC protocol
|
* If configured, start PT-EAP or legacy EAP-TNC protocol
|
||||||
*/
|
*/
|
||||||
static status_t start_phase2_tnc(private_eap_ttls_server_t *this,
|
static status_t start_phase2_tnc(private_eap_ttls_server_t *this,
|
||||||
eap_type_t auth_type)
|
eap_type_t auth_type)
|
||||||
{
|
{
|
||||||
eap_inner_method_t *inner_method;
|
eap_inner_method_t *inner_method;
|
||||||
|
eap_type_t type;
|
||||||
|
char *eap_type_str;
|
||||||
|
|
||||||
if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings,
|
if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings,
|
||||||
"%s.plugins.eap-ttls.phase2_tnc", FALSE, lib->ns))
|
"%s.plugins.eap-ttls.phase2_tnc", FALSE, lib->ns))
|
||||||
{
|
{
|
||||||
DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC);
|
eap_type_str = lib->settings->get_str(lib->settings,
|
||||||
this->method = charon->eap->create_instance(charon->eap, EAP_TNC,
|
"%s.plugins.eap-ttls.phase2_tnc_method", "pt",
|
||||||
|
lib->ns);
|
||||||
|
type = eap_type_from_string(eap_type_str);
|
||||||
|
if (type == 0)
|
||||||
|
{
|
||||||
|
DBG1(DBG_IKE, "unrecognized phase2 EAP TNC method \"%s\"",
|
||||||
|
eap_type_str);
|
||||||
|
return FAILED;
|
||||||
|
}
|
||||||
|
DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, type);
|
||||||
|
this->method = charon->eap->create_instance(charon->eap, type,
|
||||||
0, EAP_SERVER, this->server, this->peer);
|
0, EAP_SERVER, this->server, this->peer);
|
||||||
if (this->method == NULL)
|
if (this->method == NULL)
|
||||||
{
|
{
|
||||||
DBG1(DBG_IKE, "%N method not available", eap_type_names, EAP_TNC);
|
DBG1(DBG_IKE, "%N method not available", eap_type_names, type);
|
||||||
return FAILED;
|
return FAILED;
|
||||||
}
|
}
|
||||||
inner_method = (eap_inner_method_t *)this->method;
|
inner_method = (eap_inner_method_t *)this->method;
|
||||||
|
@ -135,7 +147,7 @@ static status_t start_phase2_tnc(private_eap_ttls_server_t *this,
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
DBG1(DBG_IKE, "%N method failed", eap_type_names, EAP_TNC);
|
DBG1(DBG_IKE, "%N method failed", eap_type_names, type);
|
||||||
return FAILED;
|
return FAILED;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -151,7 +163,7 @@ METHOD(tls_application_t, process, status_t,
|
||||||
eap_payload_t *in;
|
eap_payload_t *in;
|
||||||
eap_code_t code;
|
eap_code_t code;
|
||||||
eap_type_t type = EAP_NAK, received_type;
|
eap_type_t type = EAP_NAK, received_type;
|
||||||
u_int32_t vendor, received_vendor;
|
uint32_t vendor, received_vendor;
|
||||||
|
|
||||||
status = this->avp->process(this->avp, reader, &data);
|
status = this->avp->process(this->avp, reader, &data);
|
||||||
switch (status)
|
switch (status)
|
||||||
|
@ -297,7 +309,7 @@ METHOD(tls_application_t, build, status_t,
|
||||||
chunk_t data;
|
chunk_t data;
|
||||||
eap_code_t code;
|
eap_code_t code;
|
||||||
eap_type_t type;
|
eap_type_t type;
|
||||||
u_int32_t vendor;
|
uint32_t vendor;
|
||||||
|
|
||||||
if (this->method == NULL && this->start_phase2 &&
|
if (this->method == NULL && this->start_phase2 &&
|
||||||
lib->settings->get_bool(lib->settings,
|
lib->settings->get_bool(lib->settings,
|
||||||
|
|
|
@ -57,7 +57,9 @@ ENUM_NEXT(eap_type_names, EAP_MSTLV, EAP_MSTLV, EAP_MSCHAPV2,
|
||||||
"EAP_MSTLV");
|
"EAP_MSTLV");
|
||||||
ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSTLV,
|
ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSTLV,
|
||||||
"EAP_TNC");
|
"EAP_TNC");
|
||||||
ENUM_NEXT(eap_type_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_TNC,
|
ENUM_NEXT(eap_type_names, EAP_PT_EAP, EAP_PT_EAP, EAP_TNC,
|
||||||
|
"EAP_PT_EAP");
|
||||||
|
ENUM_NEXT(eap_type_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_PT_EAP,
|
||||||
"EAP_EXPANDED",
|
"EAP_EXPANDED",
|
||||||
"EAP_EXPERIMENTAL",
|
"EAP_EXPERIMENTAL",
|
||||||
"EAP_RADIUS",
|
"EAP_RADIUS",
|
||||||
|
@ -86,7 +88,9 @@ ENUM_NEXT(eap_type_short_names, EAP_MSTLV, EAP_MSTLV, EAP_MSCHAPV2,
|
||||||
"MSTLV");
|
"MSTLV");
|
||||||
ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSTLV,
|
ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSTLV,
|
||||||
"TNC");
|
"TNC");
|
||||||
ENUM_NEXT(eap_type_short_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_TNC,
|
ENUM_NEXT(eap_type_short_names, EAP_PT_EAP, EAP_PT_EAP, EAP_TNC,
|
||||||
|
"PT");
|
||||||
|
ENUM_NEXT(eap_type_short_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_PT_EAP,
|
||||||
"EXP",
|
"EXP",
|
||||||
"XP",
|
"XP",
|
||||||
"RAD",
|
"RAD",
|
||||||
|
@ -114,6 +118,7 @@ eap_type_t eap_type_from_string(char *name)
|
||||||
{"peap", EAP_PEAP},
|
{"peap", EAP_PEAP},
|
||||||
{"mschapv2", EAP_MSCHAPV2},
|
{"mschapv2", EAP_MSCHAPV2},
|
||||||
{"tnc", EAP_TNC},
|
{"tnc", EAP_TNC},
|
||||||
|
{"pt", EAP_PT_EAP},
|
||||||
{"dynamic", EAP_DYNAMIC},
|
{"dynamic", EAP_DYNAMIC},
|
||||||
{"radius", EAP_RADIUS},
|
{"radius", EAP_RADIUS},
|
||||||
};
|
};
|
||||||
|
@ -136,7 +141,7 @@ eap_vendor_type_t *eap_vendor_type_from_string(char *str)
|
||||||
enumerator_t *enumerator;
|
enumerator_t *enumerator;
|
||||||
eap_vendor_type_t *result = NULL;
|
eap_vendor_type_t *result = NULL;
|
||||||
eap_type_t type = 0;
|
eap_type_t type = 0;
|
||||||
u_int32_t vendor = 0;
|
uint32_t vendor = 0;
|
||||||
char *part, *end;
|
char *part, *end;
|
||||||
|
|
||||||
/* parse EAP method string of the form: [eap-]type[-vendor] */
|
/* parse EAP method string of the form: [eap-]type[-vendor] */
|
||||||
|
|
|
@ -67,6 +67,7 @@ enum eap_type_t {
|
||||||
EAP_MSCHAPV2 = 26,
|
EAP_MSCHAPV2 = 26,
|
||||||
EAP_MSTLV = 33,
|
EAP_MSTLV = 33,
|
||||||
EAP_TNC = 38,
|
EAP_TNC = 38,
|
||||||
|
EAP_PT_EAP = 54,
|
||||||
EAP_EXPANDED = 254,
|
EAP_EXPANDED = 254,
|
||||||
EAP_EXPERIMENTAL = 255,
|
EAP_EXPERIMENTAL = 255,
|
||||||
/** not a method, but an implementation providing different methods */
|
/** not a method, but an implementation providing different methods */
|
||||||
|
|
|
@ -47,7 +47,7 @@ struct private_tls_eap_t {
|
||||||
/**
|
/**
|
||||||
* Current value of EAP identifier
|
* Current value of EAP identifier
|
||||||
*/
|
*/
|
||||||
u_int8_t identifier;
|
uint8_t identifier;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* TLS stack
|
* TLS stack
|
||||||
|
@ -59,6 +59,11 @@ struct private_tls_eap_t {
|
||||||
*/
|
*/
|
||||||
bool is_server;
|
bool is_server;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Supported version of the EAP tunnel protocol
|
||||||
|
*/
|
||||||
|
uint8_t supported_version;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* If FALSE include the total length of an EAP message
|
* If FALSE include the total length of an EAP message
|
||||||
* in the first fragment of fragmented messages only.
|
* in the first fragment of fragmented messages only.
|
||||||
|
@ -94,22 +99,24 @@ typedef enum {
|
||||||
EAP_TLS_LENGTH = (1<<7), /* shared with EAP-TTLS/TNC/PEAP */
|
EAP_TLS_LENGTH = (1<<7), /* shared with EAP-TTLS/TNC/PEAP */
|
||||||
EAP_TLS_MORE_FRAGS = (1<<6), /* shared with EAP-TTLS/TNC/PEAP */
|
EAP_TLS_MORE_FRAGS = (1<<6), /* shared with EAP-TTLS/TNC/PEAP */
|
||||||
EAP_TLS_START = (1<<5), /* shared with EAP-TTLS/TNC/PEAP */
|
EAP_TLS_START = (1<<5), /* shared with EAP-TTLS/TNC/PEAP */
|
||||||
EAP_TTLS_VERSION = (0x07), /* shared with EAP-TNC/PEAP */
|
EAP_TTLS_VERSION = (0x07), /* shared with EAP-TNC/PEAP/PT-EAP */
|
||||||
|
EAP_PT_START = (1<<7) /* PT-EAP only */
|
||||||
} eap_tls_flags_t;
|
} eap_tls_flags_t;
|
||||||
|
|
||||||
#define EAP_TTLS_SUPPORTED_VERSION 0
|
#define EAP_TTLS_SUPPORTED_VERSION 0
|
||||||
#define EAP_TNC_SUPPORTED_VERSION 1
|
#define EAP_TNC_SUPPORTED_VERSION 1
|
||||||
#define EAP_PEAP_SUPPORTED_VERSION 0
|
#define EAP_PEAP_SUPPORTED_VERSION 0
|
||||||
|
#define EAP_PT_EAP_SUPPORTED_VERSION 1
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* EAP-TLS/TTLS packet format
|
* EAP-TLS/TTLS packet format
|
||||||
*/
|
*/
|
||||||
typedef struct __attribute__((packed)) {
|
typedef struct __attribute__((packed)) {
|
||||||
u_int8_t code;
|
uint8_t code;
|
||||||
u_int8_t identifier;
|
uint8_t identifier;
|
||||||
u_int16_t length;
|
uint16_t length;
|
||||||
u_int8_t type;
|
uint8_t type;
|
||||||
u_int8_t flags;
|
uint8_t flags;
|
||||||
} eap_tls_packet_t;
|
} eap_tls_packet_t;
|
||||||
|
|
||||||
METHOD(tls_eap_t, initiate, status_t,
|
METHOD(tls_eap_t, initiate, status_t,
|
||||||
|
@ -120,18 +127,18 @@ METHOD(tls_eap_t, initiate, status_t,
|
||||||
eap_tls_packet_t pkt = {
|
eap_tls_packet_t pkt = {
|
||||||
.type = this->type,
|
.type = this->type,
|
||||||
.code = EAP_REQUEST,
|
.code = EAP_REQUEST,
|
||||||
.flags = EAP_TLS_START,
|
.flags = this->supported_version
|
||||||
};
|
};
|
||||||
switch (this->type)
|
switch (this->type)
|
||||||
{
|
{
|
||||||
|
case EAP_TLS:
|
||||||
case EAP_TTLS:
|
case EAP_TTLS:
|
||||||
pkt.flags |= EAP_TTLS_SUPPORTED_VERSION;
|
|
||||||
break;
|
|
||||||
case EAP_TNC:
|
case EAP_TNC:
|
||||||
pkt.flags |= EAP_TNC_SUPPORTED_VERSION;
|
|
||||||
break;
|
|
||||||
case EAP_PEAP:
|
case EAP_PEAP:
|
||||||
pkt.flags |= EAP_PEAP_SUPPORTED_VERSION;
|
pkt.flags |= EAP_TLS_START;
|
||||||
|
break;
|
||||||
|
case EAP_PT_EAP:
|
||||||
|
pkt.flags |= EAP_PT_START;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
|
@ -153,13 +160,25 @@ METHOD(tls_eap_t, initiate, status_t,
|
||||||
*/
|
*/
|
||||||
static status_t process_pkt(private_tls_eap_t *this, eap_tls_packet_t *pkt)
|
static status_t process_pkt(private_tls_eap_t *this, eap_tls_packet_t *pkt)
|
||||||
{
|
{
|
||||||
u_int16_t pkt_len;
|
uint8_t version;
|
||||||
u_int32_t msg_len;
|
uint16_t pkt_len;
|
||||||
|
uint32_t msg_len;
|
||||||
size_t msg_len_offset = 0;
|
size_t msg_len_offset = 0;
|
||||||
|
|
||||||
|
/* EAP-TLS doesn't have a version field */
|
||||||
|
if (this->type != EAP_TLS)
|
||||||
|
{
|
||||||
|
version = pkt->flags & EAP_TTLS_VERSION;
|
||||||
|
if (version != this->supported_version)
|
||||||
|
{
|
||||||
|
DBG1(DBG_TLS, "received %N packet with unsupported version v%u",
|
||||||
|
eap_type_names, this->type, version);
|
||||||
|
return FAILED;
|
||||||
|
}
|
||||||
|
}
|
||||||
pkt_len = untoh16(&pkt->length);
|
pkt_len = untoh16(&pkt->length);
|
||||||
|
|
||||||
if (pkt->flags & EAP_TLS_LENGTH)
|
if (this->type != EAP_PT_EAP && (pkt->flags & EAP_TLS_LENGTH))
|
||||||
{
|
{
|
||||||
if (pkt_len < sizeof(eap_tls_packet_t) + sizeof(msg_len))
|
if (pkt_len < sizeof(eap_tls_packet_t) + sizeof(msg_len))
|
||||||
{
|
{
|
||||||
|
@ -200,27 +219,12 @@ static status_t build_pkt(private_tls_eap_t *this, chunk_t *out)
|
||||||
pkt->code = this->is_server ? EAP_REQUEST : EAP_RESPONSE;
|
pkt->code = this->is_server ? EAP_REQUEST : EAP_RESPONSE;
|
||||||
pkt->identifier = this->identifier;
|
pkt->identifier = this->identifier;
|
||||||
pkt->type = this->type;
|
pkt->type = this->type;
|
||||||
pkt->flags = 0;
|
pkt->flags = this->supported_version;
|
||||||
|
|
||||||
switch (this->type)
|
|
||||||
{
|
|
||||||
case EAP_TTLS:
|
|
||||||
pkt->flags |= EAP_TTLS_SUPPORTED_VERSION;
|
|
||||||
break;
|
|
||||||
case EAP_TNC:
|
|
||||||
pkt->flags |= EAP_TNC_SUPPORTED_VERSION;
|
|
||||||
break;
|
|
||||||
case EAP_PEAP:
|
|
||||||
pkt->flags |= EAP_PEAP_SUPPORTED_VERSION;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (this->first_fragment)
|
if (this->first_fragment)
|
||||||
{
|
{
|
||||||
len = sizeof(buf) - sizeof(eap_tls_packet_t) - sizeof(u_int32_t);
|
len = sizeof(buf) - sizeof(eap_tls_packet_t) - sizeof(uint32_t);
|
||||||
msg_len_offset = sizeof(u_int32_t);
|
msg_len_offset = sizeof(uint32_t);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -251,7 +255,7 @@ static status_t build_pkt(private_tls_eap_t *this, chunk_t *out)
|
||||||
}
|
}
|
||||||
kind = "packet";
|
kind = "packet";
|
||||||
}
|
}
|
||||||
else if (this->type != EAP_TNC)
|
else if (this->type != EAP_TNC && this->type != EAP_PT_EAP)
|
||||||
{
|
{
|
||||||
this->first_fragment = TRUE;
|
this->first_fragment = TRUE;
|
||||||
kind = "final fragment";
|
kind = "final fragment";
|
||||||
|
@ -269,14 +273,14 @@ static status_t build_pkt(private_tls_eap_t *this, chunk_t *out)
|
||||||
if (pkt->flags & EAP_TLS_LENGTH)
|
if (pkt->flags & EAP_TLS_LENGTH)
|
||||||
{
|
{
|
||||||
htoun32(pkt + 1, reclen);
|
htoun32(pkt + 1, reclen);
|
||||||
len += sizeof(u_int32_t);
|
len += sizeof(uint32_t);
|
||||||
pkt->flags |= EAP_TLS_LENGTH;
|
pkt->flags |= EAP_TLS_LENGTH;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* get rid of the reserved length field */
|
/* get rid of the reserved length field */
|
||||||
memmove(buf + sizeof(eap_tls_packet_t),
|
memmove(buf + sizeof(eap_tls_packet_t),
|
||||||
buf + sizeof(eap_tls_packet_t) + sizeof(u_int32_t), len);
|
buf + sizeof(eap_tls_packet_t) + sizeof(uint32_t), len);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
len += sizeof(eap_tls_packet_t);
|
len += sizeof(eap_tls_packet_t);
|
||||||
|
@ -352,10 +356,11 @@ METHOD(tls_eap_t, process, status_t,
|
||||||
}
|
}
|
||||||
DBG3(DBG_TLS, "%N payload %B", eap_type_names, this->type, &in);
|
DBG3(DBG_TLS, "%N payload %B", eap_type_names, this->type, &in);
|
||||||
|
|
||||||
if (pkt->flags & EAP_TLS_START)
|
if ((this->type == EAP_PT_EAP && (pkt->flags & EAP_PT_START)) ||
|
||||||
|
(pkt->flags & EAP_TLS_START))
|
||||||
{
|
{
|
||||||
if (this->type == EAP_TTLS || this->type == EAP_TNC ||
|
if (this->type == EAP_TTLS || this->type == EAP_TNC ||
|
||||||
this->type == EAP_PEAP)
|
this->type == EAP_PEAP || this->type == EAP_PT_EAP)
|
||||||
{
|
{
|
||||||
DBG1(DBG_TLS, "%N version is v%u", eap_type_names, this->type,
|
DBG1(DBG_TLS, "%N version is v%u", eap_type_names, this->type,
|
||||||
pkt->flags & EAP_TTLS_VERSION);
|
pkt->flags & EAP_TTLS_VERSION);
|
||||||
|
@ -409,14 +414,14 @@ METHOD(tls_eap_t, get_msk, chunk_t,
|
||||||
return this->tls->get_eap_msk(this->tls);
|
return this->tls->get_eap_msk(this->tls);
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tls_eap_t, get_identifier, u_int8_t,
|
METHOD(tls_eap_t, get_identifier, uint8_t,
|
||||||
private_tls_eap_t *this)
|
private_tls_eap_t *this)
|
||||||
{
|
{
|
||||||
return this->identifier;
|
return this->identifier;
|
||||||
}
|
}
|
||||||
|
|
||||||
METHOD(tls_eap_t, set_identifier, void,
|
METHOD(tls_eap_t, set_identifier, void,
|
||||||
private_tls_eap_t *this, u_int8_t identifier)
|
private_tls_eap_t *this, uint8_t identifier)
|
||||||
{
|
{
|
||||||
this->identifier = identifier;
|
this->identifier = identifier;
|
||||||
}
|
}
|
||||||
|
@ -452,13 +457,31 @@ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size,
|
||||||
},
|
},
|
||||||
.type = type,
|
.type = type,
|
||||||
.is_server = tls->is_server(tls),
|
.is_server = tls->is_server(tls),
|
||||||
.first_fragment = (type != EAP_TNC),
|
.first_fragment = (type != EAP_TNC && type != EAP_PT_EAP),
|
||||||
.frag_size = frag_size,
|
.frag_size = frag_size,
|
||||||
.max_msg_count = max_msg_count,
|
.max_msg_count = max_msg_count,
|
||||||
.include_length = include_length,
|
.include_length = include_length,
|
||||||
.tls = tls,
|
.tls = tls,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
switch (type)
|
||||||
|
{
|
||||||
|
case EAP_TTLS:
|
||||||
|
this->supported_version = EAP_TTLS_SUPPORTED_VERSION;
|
||||||
|
break;
|
||||||
|
case EAP_TNC:
|
||||||
|
this->supported_version = EAP_TNC_SUPPORTED_VERSION;
|
||||||
|
break;
|
||||||
|
case EAP_PEAP:
|
||||||
|
this->supported_version = EAP_PEAP_SUPPORTED_VERSION;
|
||||||
|
break;
|
||||||
|
case EAP_PT_EAP:
|
||||||
|
this->supported_version = EAP_PT_EAP_SUPPORTED_VERSION;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
if (this->is_server)
|
if (this->is_server)
|
||||||
{
|
{
|
||||||
do
|
do
|
||||||
|
|
|
@ -66,7 +66,7 @@ struct tls_eap_t {
|
||||||
*
|
*
|
||||||
* @return identifier
|
* @return identifier
|
||||||
*/
|
*/
|
||||||
u_int8_t (*get_identifier)(tls_eap_t *this);
|
uint8_t (*get_identifier)(tls_eap_t *this);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the EAP identifier to a deterministic value, overwriting
|
* Set the EAP identifier to a deterministic value, overwriting
|
||||||
|
@ -74,7 +74,7 @@ struct tls_eap_t {
|
||||||
*
|
*
|
||||||
* @param identifier EAP identifier
|
* @param identifier EAP identifier
|
||||||
*/
|
*/
|
||||||
void (*set_identifier) (tls_eap_t *this, u_int8_t identifier);
|
void (*set_identifier) (tls_eap_t *this, uint8_t identifier);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Destroy a tls_eap_t.
|
* Destroy a tls_eap_t.
|
||||||
|
|
|
@ -2,5 +2,12 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,5 +2,12 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,12 +2,18 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
|
phase2_tnc_method = tnc
|
||||||
|
}
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,14 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,7 +2,14 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,7 +2,14 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,7 +2,14 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,7 +2,14 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,7 +2,14 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,7 +2,14 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,7 +2,14 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
|
plugins {
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,12 +2,18 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
|
phase2_tnc_method = tnc
|
||||||
|
}
|
||||||
|
eap-tnc {
|
||||||
|
protocol = tnccs-1.1
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,11 +2,10 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
tnc-imc {
|
tnc-imc {
|
||||||
preferred_language = de, en
|
preferred_language = de, en
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,11 +2,10 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
|
|
||||||
multiple_authentication=no
|
multiple_authentication=no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
tnc-imc {
|
tnc-imc {
|
||||||
preferred_language = ru, fr, en
|
preferred_language = ru, fr, en
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,16 +2,15 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
}
|
}
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
tnc-imv {
|
tnc-imv {
|
||||||
recommendation_policy = all
|
recommendation_policy = all
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,12 +2,8 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,11 +2,10 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
tnc-imc {
|
tnc-imc {
|
||||||
preferred_language = ru , de, en
|
preferred_language = ru , de, en
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,16 +2,15 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
}
|
}
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,10 +2,6 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,10 +2,6 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,15 +2,14 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
}
|
}
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,12 +2,8 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,11 +2,10 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
tnc-imc {
|
tnc-imc {
|
||||||
preferred_language = de
|
preferred_language = de
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,16 +2,15 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
}
|
}
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,12 +2,8 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,11 +2,10 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
tnc-imc {
|
tnc-imc {
|
||||||
preferred_language = de
|
preferred_language = de
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,16 +2,15 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
}
|
}
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
|
@ -10,7 +11,6 @@ charon {
|
||||||
max_message_count = 0
|
max_message_count = 0
|
||||||
}
|
}
|
||||||
eap-tnc {
|
eap-tnc {
|
||||||
protocol = tnccs-2.0
|
|
||||||
max_message_count = 20
|
max_message_count = 20
|
||||||
}
|
}
|
||||||
tnc-pdp {
|
tnc-pdp {
|
||||||
|
|
|
@ -8,7 +8,6 @@ charon {
|
||||||
max_message_count = 0
|
max_message_count = 0
|
||||||
}
|
}
|
||||||
eap-tnc {
|
eap-tnc {
|
||||||
protocol = tnccs-2.0
|
|
||||||
max_message_count = 20
|
max_message_count = 20
|
||||||
}
|
}
|
||||||
tnccs-20 {
|
tnccs-20 {
|
||||||
|
|
|
@ -8,7 +8,6 @@ charon {
|
||||||
max_message_count = 0
|
max_message_count = 0
|
||||||
}
|
}
|
||||||
eap-tnc {
|
eap-tnc {
|
||||||
protocol = tnccs-2.0
|
|
||||||
max_message_count = 20
|
max_message_count = 20
|
||||||
}
|
}
|
||||||
tnccs-20 {
|
tnccs-20 {
|
||||||
|
|
|
@ -2,12 +2,8 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,11 +2,10 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
tnc-imc {
|
tnc-imc {
|
||||||
preferred_language = de
|
preferred_language = de
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,16 +2,15 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
}
|
}
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,12 +2,8 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,11 +2,9 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
plugins {
|
plugins {
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
tnc-imc {
|
tnc-imc {
|
||||||
preferred_language = de
|
preferred_language = de
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,16 +2,15 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
}
|
}
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,12 +2,8 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,11 +2,10 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
tnc-imc {
|
tnc-imc {
|
||||||
preferred_language = ru , de, en
|
preferred_language = ru , de, en
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,16 +2,15 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
}
|
}
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,12 +2,8 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,12 +2,8 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,25 +2,14 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
request_peer_auth = yes
|
request_peer_auth = yes
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
}
|
}
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
libimcv {
|
|
||||||
plugins {
|
|
||||||
imv-scanner {
|
|
||||||
closed_port_policy = no
|
|
||||||
tcp_ports = 80 443
|
|
||||||
udp_ports =
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,12 +2,8 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
plugins {
|
multiple_authentication = no
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
libimcv {
|
libimcv {
|
||||||
|
|
|
@ -2,11 +2,10 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
tnc-imc {
|
tnc-imc {
|
||||||
preferred_language = ru, pl , de
|
preferred_language = ru, pl , de
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,16 +2,15 @@
|
||||||
|
|
||||||
charon {
|
charon {
|
||||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
|
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
|
||||||
multiple_authentication=no
|
|
||||||
|
multiple_authentication = no
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
eap-ttls {
|
eap-ttls {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
}
|
}
|
||||||
eap-tnc {
|
|
||||||
protocol = tnccs-2.0
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@ charon {
|
||||||
phase2_method = md5
|
phase2_method = md5
|
||||||
phase2_piggyback = yes
|
phase2_piggyback = yes
|
||||||
phase2_tnc = yes
|
phase2_tnc = yes
|
||||||
|
phase2_tnc_method = tnc
|
||||||
}
|
}
|
||||||
eap-tnc {
|
eap-tnc {
|
||||||
protocol = tnccs-dynamic
|
protocol = tnccs-dynamic
|
||||||
|
|
Loading…
Reference in New Issue