ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
8,207 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

1091 Commits

Author SHA1 Message Date
Andreas Steffen 21b0f216b9 created libradius shared by eap-radius and tnc-pdp plugins 2012-03-13 16:27:17 +01:00
Andreas Steffen 70fd2d1af7 created tnc-pdp policy decision point plugin 2012-03-13 16:27:16 +01:00
Martin Willi bc403eb1e5 Fixed crash and locking issues while unrouting connections via stroke 2012-03-13 10:56:22 +01:00
Tobias Brunner cd6b5bf8e9 Clear peer addresses during HA update. 2012-03-09 10:30:37 +01:00
Tobias Brunner 72b2811204 Simplified some route lookups now that we store all peer addresses in a list. 2012-03-09 10:22:21 +01:00
Tobias Brunner 94bbc60256 Renamed list of additional peer addresses as it now stores all known addresses. 2012-03-09 10:17:42 +01:00
Tobias Brunner 2fe624cca9 Store the peer's current address as additional known address on the IKE_SA. 
This allows to switch back to the original address after switching to
any of the additional addresses.
 2012-03-09 10:08:41 +01:00
Martin Willi 4bbd943038 Include radattr RADIUS attribute only if an EAP payload is present 2012-03-06 16:08:32 +01:00
Martin Willi bb0b203186 By default include radattr RADIUS attribute in any IKE_AUTH exchange 2012-03-06 16:08:29 +01:00
Martin Willi 45f20f8a79 farp plugin sends ARP responses for any tunneled address, not only virtual IPs 2012-03-06 16:06:33 +01:00
Martin Willi 4d7a2128b6 Re-resolve hosts on additional keyingtries 2012-03-06 16:05:28 +01:00
Martin Willi d1fbb0a4b3 Renamed radius_server to radius_config, as some real RADIUS server functionality is coming 2012-03-05 18:31:30 +01:00
Martin Willi 2e3615e4ad Prefer EAP-Identity to read radattr RADIUS attribute file 2012-03-05 18:08:04 +01:00
Martin Willi 4cd176d525 Invoke ike_updown hook on authentication failure not before response sent 2012-03-05 18:08:04 +01:00
Martin Willi 3ccc8a191c Inject RADIUS attribute in radattr plugin read from an identity specific file 2012-03-05 18:08:04 +01:00
Martin Willi caf4b88efc Added a radattr plugin that prints any received RADIUS notify to console 2012-03-05 18:08:04 +01:00
Martin Willi f0f94e2ce6 Moved generic RADIUS protocol support to a dedicated libradius 2012-03-05 18:08:04 +01:00
Martin Willi 990fda9d88 Removed libcharon dependencies from generic RADIUS protocol support 2012-03-05 18:06:15 +01:00
Martin Willi 99cb353968 Forward specifcied RADIUS attributes between AAA backend and client 2012-03-05 18:06:15 +01:00
Martin Willi 007d5b9218 Defined a private status notify to transport arbitrary RADIUS attributes 2012-03-05 18:06:14 +01:00
Martin Willi c158ccd960 Implemented RADIUS DAE response retransmission 2012-03-05 18:06:14 +01:00
Martin Willi fbaf5cd213 Be a little more verbose before starting IKE_SA reauthentication 2012-03-05 18:06:14 +01:00
Martin Willi 4d19f7c5bf Process RADIUS DAE CoA updates, updating lifetimes 2012-03-05 18:06:14 +01:00
Martin Willi a07b69734b Send an AUTH_LIFETIME update after updating the lifetime, but can not reauth actively 2012-03-05 18:06:14 +01:00
Martin Willi d23c159658 Use faster ike_sa_id and a delete job to handle RADIUS DAE Delete-Request 2012-03-05 18:06:14 +01:00
Martin Willi 245e3c52a2 Refactored RADIUS DAE IKE_SA lookup 2012-03-05 18:06:14 +01:00
Martin Willi 964b0c144e Pass RADIUS DAE client address a host_t instead of sockaddr struct 2012-03-05 18:06:14 +01:00
Martin Willi 9756c143f0 Send RADIUS DAE Disconnect-ACK/NAK on Disconnect-Request 2012-03-05 18:06:14 +01:00
Martin Willi 392618d4ec Support signing of RADIUS response messages 2012-03-05 18:06:13 +01:00
Martin Willi 2bf3858955 Act on RADIUS DAE Disconnect requests 2012-03-05 18:06:13 +01:00
Martin Willi 76b6b19f8d Verify received RADIUS DAE requests 2012-03-05 18:06:13 +01:00
Martin Willi e8a8179706 Support verification of RADIUS request messages 2012-03-05 18:06:13 +01:00
Martin Willi 3bc1829211 Rename RADIUS message constructors to handle both, requests and responses 2012-03-05 18:06:13 +01:00
Martin Willi 6319ce63cf Enable RADIUS DAE listening if configured 2012-03-05 18:06:13 +01:00
Martin Willi 85932ad24e Added infrastructure to listen to RADIUS Dynamic Authorization Extension requests 2012-03-05 18:06:13 +01:00
Martin Willi 3a42c08904 Added Dynamic Authorization Extension RADIUS message codes 2012-03-05 18:06:13 +01:00
Martin Willi c61341a58f Set IKE_SA lifetime based on RADIUS Session-Timeout attribute 2012-03-05 18:06:13 +01:00
Martin Willi bdcf441703 Set hard timeouts when setting a lifetime 2012-03-05 18:06:13 +01:00
Martin Willi e9fcf1c6cc Fix IKE_SA timeout debug output on 64bit platforms 2012-03-05 18:06:13 +01:00
Tobias Brunner 686cfd4e34 Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595. 
This requires a Linux kernel >= 2.6.33.
 2012-02-27 14:31:19 +01:00
Martin Willi 3a2660f189 Encode IPv6 virtual IPs in a Framed-IPv6-Prefix attribute 2012-02-24 11:20:16 +01:00
Martin Willi d15ae70c8c Refactored construction of RADIUS accounting messages 2012-02-24 11:12:18 +01:00
Martin Willi d93f204ca5 Include port numbers in Calling-Station-Id, too 2012-02-24 10:49:29 +01:00
Martin Willi 802ed08dff Use large enough buffers for IPv6 addresses in Calling-Station-Id 2012-02-24 10:13:08 +01:00
Martin Willi 434cdbac09 Send client external address as Calling-Station-Id in RADIUS accounting 2012-02-24 10:05:23 +01:00
Tobias Brunner b96eb46d5c Some Doxygen fixes. 2012-02-07 11:20:46 +01:00
Martin Willi 32dc2b0243 Update usage for all children in RADIUS accounting just before sending Stop 2012-02-06 10:51:40 +01:00
Martin Willi e5747e7a83 Check if ClusterIP directory could be opened before enumerating it 2012-02-06 10:51:39 +01:00
Martin Willi 85dd6a8deb Trigger DPD not before IKE_SA state gets updated 2012-02-02 10:35:50 +01:00
Martin Willi 916cdca851 Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state 2012-02-02 10:34:04 +01:00