added config option for BEET mode
This commit is contained in:
parent
f73d4c9eb0
commit
af87afed47
4
NEWS
4
NEWS
|
@ -3,9 +3,11 @@ strongswan-4.0.6
|
|||
|
||||
- IKEv2: Support for reauthentication when rekeying
|
||||
|
||||
- IKEv2: Support for transport and (experimental!) BEET mode
|
||||
|
||||
- fixed most (all?) bugs related to byte order
|
||||
|
||||
- a lot of bugfixes
|
||||
- a lot of other bugfixes
|
||||
|
||||
|
||||
strongswan-4.0.5
|
||||
|
|
|
@ -845,6 +845,7 @@ extern const char *prettypolicy(lset_t policy);
|
|||
#define POLICY_XAUTH_RSASIG LELEM(19) /* do we support XAUTH????RSA? */
|
||||
#define POLICY_XAUTH_SERVER LELEM(20) /* are we an XAUTH server? */
|
||||
#define POLICY_DONT_REAUTH LELEM(21) /* don't reauthenticate on rekeying, IKEv2 only */
|
||||
#define POLICY_BEET LELEM(22) /* bound end2end tunnel, IKEv2 */
|
||||
|
||||
/* Any IPsec policy? If not, a connection description
|
||||
* is only for ISAKMP SA, not IPSEC SA. (A pun, I admit.)
|
||||
|
|
|
@ -388,6 +388,8 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
|
|||
conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK);
|
||||
if (streq(kw->value, "tunnel"))
|
||||
conn->policy |= POLICY_TUNNEL;
|
||||
else if (streq(kw->value, "beet"))
|
||||
conn->policy |= POLICY_BEET;
|
||||
else if (streq(kw->value, "passthrough") || streq(kw->value, "pass"))
|
||||
conn->policy |= POLICY_SHUNT_PASS;
|
||||
else if (streq(kw->value, "drop"))
|
||||
|
|
|
@ -194,7 +194,18 @@ int starter_stroke_add_conn(starter_conn_t *conn)
|
|||
msg.add_conn.name = push_string(&msg, connection_name(conn));
|
||||
msg.add_conn.auth_method = (conn->policy & POLICY_PSK)?
|
||||
SHARED_KEY_MESSAGE_INTEGRITY_CODE : RSA_DIGITAL_SIGNATURE;
|
||||
msg.add_conn.mode = (conn->policy & POLICY_TUNNEL) ? 1 : 0;
|
||||
if (conn->policy & POLICY_TUNNEL)
|
||||
{
|
||||
msg.add_conn.mode = 1; /* XFRM_MODE_TRANSPORT */
|
||||
}
|
||||
else if (conn->policy & POLICY_BEET)
|
||||
{
|
||||
msg.add_conn.mode = 4; /* XFRM_MODE_BEET */
|
||||
}
|
||||
else
|
||||
{
|
||||
msg.add_conn.mode = 0; /* XFRM_MODE_TUNNEL */
|
||||
}
|
||||
|
||||
if (conn->policy & POLICY_DONT_REKEY)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue