Andreas Steffen
|
21b0f216b9
|
created libradius shared by eap-radius and tnc-pdp plugins
|
2012-03-13 16:27:17 +01:00 |
Andreas Steffen
|
70fd2d1af7
|
created tnc-pdp policy decision point plugin
|
2012-03-13 16:27:16 +01:00 |
Martin Willi
|
bc403eb1e5
|
Fixed crash and locking issues while unrouting connections via stroke
|
2012-03-13 10:56:22 +01:00 |
Tobias Brunner
|
cd6b5bf8e9
|
Clear peer addresses during HA update.
|
2012-03-09 10:30:37 +01:00 |
Tobias Brunner
|
72b2811204
|
Simplified some route lookups now that we store all peer addresses in a list.
|
2012-03-09 10:22:21 +01:00 |
Tobias Brunner
|
94bbc60256
|
Renamed list of additional peer addresses as it now stores all known addresses.
|
2012-03-09 10:17:42 +01:00 |
Tobias Brunner
|
2fe624cca9
|
Store the peer's current address as additional known address on the IKE_SA.
This allows to switch back to the original address after switching to
any of the additional addresses.
|
2012-03-09 10:08:41 +01:00 |
Martin Willi
|
4bbd943038
|
Include radattr RADIUS attribute only if an EAP payload is present
|
2012-03-06 16:08:32 +01:00 |
Martin Willi
|
bb0b203186
|
By default include radattr RADIUS attribute in any IKE_AUTH exchange
|
2012-03-06 16:08:29 +01:00 |
Martin Willi
|
45f20f8a79
|
farp plugin sends ARP responses for any tunneled address, not only virtual IPs
|
2012-03-06 16:06:33 +01:00 |
Martin Willi
|
4d7a2128b6
|
Re-resolve hosts on additional keyingtries
|
2012-03-06 16:05:28 +01:00 |
Martin Willi
|
d1fbb0a4b3
|
Renamed radius_server to radius_config, as some real RADIUS server functionality is coming
|
2012-03-05 18:31:30 +01:00 |
Martin Willi
|
2e3615e4ad
|
Prefer EAP-Identity to read radattr RADIUS attribute file
|
2012-03-05 18:08:04 +01:00 |
Martin Willi
|
4cd176d525
|
Invoke ike_updown hook on authentication failure not before response sent
|
2012-03-05 18:08:04 +01:00 |
Martin Willi
|
3ccc8a191c
|
Inject RADIUS attribute in radattr plugin read from an identity specific file
|
2012-03-05 18:08:04 +01:00 |
Martin Willi
|
caf4b88efc
|
Added a radattr plugin that prints any received RADIUS notify to console
|
2012-03-05 18:08:04 +01:00 |
Martin Willi
|
f0f94e2ce6
|
Moved generic RADIUS protocol support to a dedicated libradius
|
2012-03-05 18:08:04 +01:00 |
Martin Willi
|
990fda9d88
|
Removed libcharon dependencies from generic RADIUS protocol support
|
2012-03-05 18:06:15 +01:00 |
Martin Willi
|
99cb353968
|
Forward specifcied RADIUS attributes between AAA backend and client
|
2012-03-05 18:06:15 +01:00 |
Martin Willi
|
007d5b9218
|
Defined a private status notify to transport arbitrary RADIUS attributes
|
2012-03-05 18:06:14 +01:00 |
Martin Willi
|
c158ccd960
|
Implemented RADIUS DAE response retransmission
|
2012-03-05 18:06:14 +01:00 |
Martin Willi
|
fbaf5cd213
|
Be a little more verbose before starting IKE_SA reauthentication
|
2012-03-05 18:06:14 +01:00 |
Martin Willi
|
4d19f7c5bf
|
Process RADIUS DAE CoA updates, updating lifetimes
|
2012-03-05 18:06:14 +01:00 |
Martin Willi
|
a07b69734b
|
Send an AUTH_LIFETIME update after updating the lifetime, but can not reauth actively
|
2012-03-05 18:06:14 +01:00 |
Martin Willi
|
d23c159658
|
Use faster ike_sa_id and a delete job to handle RADIUS DAE Delete-Request
|
2012-03-05 18:06:14 +01:00 |
Martin Willi
|
245e3c52a2
|
Refactored RADIUS DAE IKE_SA lookup
|
2012-03-05 18:06:14 +01:00 |
Martin Willi
|
964b0c144e
|
Pass RADIUS DAE client address a host_t instead of sockaddr struct
|
2012-03-05 18:06:14 +01:00 |
Martin Willi
|
9756c143f0
|
Send RADIUS DAE Disconnect-ACK/NAK on Disconnect-Request
|
2012-03-05 18:06:14 +01:00 |
Martin Willi
|
392618d4ec
|
Support signing of RADIUS response messages
|
2012-03-05 18:06:13 +01:00 |
Martin Willi
|
2bf3858955
|
Act on RADIUS DAE Disconnect requests
|
2012-03-05 18:06:13 +01:00 |
Martin Willi
|
76b6b19f8d
|
Verify received RADIUS DAE requests
|
2012-03-05 18:06:13 +01:00 |
Martin Willi
|
e8a8179706
|
Support verification of RADIUS request messages
|
2012-03-05 18:06:13 +01:00 |
Martin Willi
|
3bc1829211
|
Rename RADIUS message constructors to handle both, requests and responses
|
2012-03-05 18:06:13 +01:00 |
Martin Willi
|
6319ce63cf
|
Enable RADIUS DAE listening if configured
|
2012-03-05 18:06:13 +01:00 |
Martin Willi
|
85932ad24e
|
Added infrastructure to listen to RADIUS Dynamic Authorization Extension requests
|
2012-03-05 18:06:13 +01:00 |
Martin Willi
|
3a42c08904
|
Added Dynamic Authorization Extension RADIUS message codes
|
2012-03-05 18:06:13 +01:00 |
Martin Willi
|
c61341a58f
|
Set IKE_SA lifetime based on RADIUS Session-Timeout attribute
|
2012-03-05 18:06:13 +01:00 |
Martin Willi
|
bdcf441703
|
Set hard timeouts when setting a lifetime
|
2012-03-05 18:06:13 +01:00 |
Martin Willi
|
e9fcf1c6cc
|
Fix IKE_SA timeout debug output on 64bit platforms
|
2012-03-05 18:06:13 +01:00 |
Tobias Brunner
|
686cfd4e34
|
Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.
This requires a Linux kernel >= 2.6.33.
|
2012-02-27 14:31:19 +01:00 |
Martin Willi
|
3a2660f189
|
Encode IPv6 virtual IPs in a Framed-IPv6-Prefix attribute
|
2012-02-24 11:20:16 +01:00 |
Martin Willi
|
d15ae70c8c
|
Refactored construction of RADIUS accounting messages
|
2012-02-24 11:12:18 +01:00 |
Martin Willi
|
d93f204ca5
|
Include port numbers in Calling-Station-Id, too
|
2012-02-24 10:49:29 +01:00 |
Martin Willi
|
802ed08dff
|
Use large enough buffers for IPv6 addresses in Calling-Station-Id
|
2012-02-24 10:13:08 +01:00 |
Martin Willi
|
434cdbac09
|
Send client external address as Calling-Station-Id in RADIUS accounting
|
2012-02-24 10:05:23 +01:00 |
Tobias Brunner
|
b96eb46d5c
|
Some Doxygen fixes.
|
2012-02-07 11:20:46 +01:00 |
Martin Willi
|
32dc2b0243
|
Update usage for all children in RADIUS accounting just before sending Stop
|
2012-02-06 10:51:40 +01:00 |
Martin Willi
|
e5747e7a83
|
Check if ClusterIP directory could be opened before enumerating it
|
2012-02-06 10:51:39 +01:00 |
Martin Willi
|
85dd6a8deb
|
Trigger DPD not before IKE_SA state gets updated
|
2012-02-02 10:35:50 +01:00 |
Martin Willi
|
916cdca851
|
Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state
|
2012-02-02 10:34:04 +01:00 |