Tobias Brunner
23b4d3a52f
starter: Allow %any also for protocol in left|rightprotoport
2012-09-12 16:53:45 +02:00
Martin Willi
ab2c989c32
Don't allow NULL encryption with PEAP
2012-09-12 13:19:52 +02:00
Martin Willi
acada66a35
Use memmove on overlapping regions, and operate with correct sizeof()
2012-09-12 13:19:52 +02:00
Martin Willi
fb3cf1b708
Whitespace cleanups in tls_eap
2012-09-12 13:19:52 +02:00
Martin Willi
5b96503e13
Use uintptr_t in mem pool to avoid compiler warning if sizeof(void*) != sizeof(int)
2012-09-12 13:19:52 +02:00
Martin Willi
d4cca1beea
Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is empty
2012-09-11 17:20:17 +02:00
Martin Willi
c4acf37502
Don't use host address for dynamic TS in IKEv1 if a virtual IP was expected
2012-09-11 16:18:29 +02:00
Martin Willi
7d82aaea8d
Don't use host address for dynamic TS in IKEv2 if a virtual IP was expected
2012-09-11 16:18:28 +02:00
Martin Willi
4cb0783f3c
Don't return a subset for a dynamic TS unless set_address has been called
2012-09-11 16:18:28 +02:00
Martin Willi
c7294f7a58
Send FAILED_CP_REQUIRED if a configuration payload was expected, but not received
2012-09-11 16:18:28 +02:00
Martin Willi
1e04488f32
Check for an existing lease in all stroke pools before creating a new one
2012-09-11 16:18:28 +02:00
Martin Willi
28a3d5bfbd
Pass full pool list to release_address
2012-09-11 16:18:28 +02:00
Martin Willi
594c58e111
Pass the full list of pools to acquire_address, enumerate in providers
...
If the provider has access to the full pool list, it can enumerate
them twice, for example to search for existing leases first, and
only search for new leases in a second step.
Fixes lease enumeration in attr-sql using multiple pools.
2012-09-11 16:18:28 +02:00
Martin Willi
dc7b79d8a5
Add a linked list constructor initializing from an enumerator
2012-09-11 16:18:28 +02:00
Martin Willi
f942588f95
Add a responder narrow() hook to change TS in the kernel, but not on the wire
2012-09-11 16:14:39 +02:00
Martin Willi
cf85ebbfec
Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radius
2012-09-11 15:22:22 +02:00
Martin Willi
37095ce1c1
Fix leak while enumerating RADIUS Framed-IPs from IKE_SA
2012-09-11 15:22:22 +02:00
Tobias Brunner
f4cc7ea11b
Add uniqueids=never to ignore INITIAL_CONTACT notifies
...
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received. With this new option
it also ignores these notifies.
2012-09-10 17:37:18 +02:00
Martin Willi
7b68cd9212
Add strongswan.conf runtime options for /dev/[u]random files
...
Fixes #221 .
2012-09-10 17:07:51 +02:00
Tobias Brunner
4065e2504c
Use the proper types for comma separated attributes read from strongswan.conf
...
Attributes of different address families previously were mapped to
the same attribute type (the one derived from the address family of the
first address).
2012-09-10 15:17:17 +02:00
Tobias Brunner
383c174a79
Print the name of mem pools instead of the confusing <base>/<size>
2012-09-10 12:42:09 +02:00
Tobias Brunner
747fd544a7
Properly remove broadcast address from mem pools
2012-09-10 11:44:18 +02:00
Andreas Steffen
32e30f15cb
use base IMC ID if src IMC ID is not supported
2012-09-10 00:07:54 +02:00
Andreas Steffen
a785bb8797
make sending of IETF Assessment Result attributes configurable
2012-09-09 23:24:23 +02:00
Andreas Steffen
6f93927b6c
introduced sending of standard IETF Assessment Result PA-TNC attribute by IMVs
2012-09-09 05:13:50 +02:00
Tobias Brunner
bcf8cdd556
Only initiate an exchange from send_dpd() if a task was actually queued
...
Otherwise, the initiator would prematurely initiate Quick Mode if it has
DPD enabled and XAuth is used.
2012-09-07 18:05:22 +02:00
Tobias Brunner
ccba4f1533
android: New release after adding certificate authentication and reauth fix
2012-09-06 14:54:37 +02:00
Tobias Brunner
3babde90bb
Trigger ike_updown event caused by retransmits only after reestablish() has been called
...
This allows listeners to migrate to the new IKE_SA with the
ike_reestablish event without having to worry about an ike_updown event
for the old IKE_SA.
2012-09-06 11:27:28 +02:00
Tobias Brunner
d7d2a5ec38
android: Properly handle reauthentication initiated by the client
2012-09-06 11:27:07 +02:00
Tobias Brunner
0326ceda64
android: Create a new VpnService.Builder after VPN has been established
2012-09-06 11:25:24 +02:00
Tobias Brunner
4dbb193190
Add ike_reestablish() event that is triggered when an IKE_SA is reestablished
...
This is particularly useful during reauthentication to get the new
IKE_SA.
2012-09-06 11:25:14 +02:00
Tobias Brunner
873b63b771
Add a new condition to mark IKE_SAs that are currently being reauthenticated
2012-09-06 11:23:11 +02:00
Tobias Brunner
4c91845452
starter: Load config again when restarting charon
...
This got lost in 041e763b
.
2012-09-05 16:43:34 +02:00
Tobias Brunner
d2e8f20d94
Clear virtual IPs before storing assigned ones on the IKE_SA
...
Otherwise we'll end up with duplicate or invalid VIPs stored on the
IKE_SA.
2012-09-05 14:35:57 +02:00
Martin Willi
4c892fe533
In mode_config, destroy temporary pool list instead of the virtual IP list twice
2012-09-05 14:18:52 +02:00
Tobias Brunner
d1604d0551
Merge branch 'android-client-cert'
...
Introduces IKEv2 client certificate authentication for the Android App.
2012-09-04 13:58:49 +02:00
Tobias Brunner
c89cc22692
android: Native parts handle ikev2-cert VPN type
2012-08-31 18:24:46 +02:00
Tobias Brunner
094a059bcf
android: android_creds_t can provide a user's private key and certificate
2012-08-31 18:24:46 +02:00
Tobias Brunner
3aba33868b
android: Added JNI method to retrieve user certificate and private key
...
To simplify things the private key, the user certificate and the CA
certificates are all put into the same list.
2012-08-31 18:24:46 +02:00
Tobias Brunner
38e866c3dd
android: Don't show the password dialog if not required
2012-08-31 18:24:46 +02:00
Tobias Brunner
69f731a9d8
android: Enable pkcs8 plugin
2012-08-31 18:24:46 +02:00
Tobias Brunner
5eb7ad3a38
android: Pass the type of VPN to the native parts
2012-08-31 18:24:46 +02:00
Tobias Brunner
655362464e
android: Make sure NULL jstrings are converted properly
2012-08-31 18:24:45 +02:00
Tobias Brunner
6de38fe88a
android: Display the selected certificate alias in the profile list
2012-08-31 18:24:45 +02:00
Tobias Brunner
f46da851ab
android: Allow configuration of a user certificate
2012-08-31 18:24:43 +02:00
Tobias Brunner
3f9e90f618
android: Remove NOT NULL constraint from username column
2012-08-31 18:24:23 +02:00
Tobias Brunner
d0f6481eb0
android: Separate view added to select certificates
2012-08-31 18:24:23 +02:00
Tobias Brunner
7fedacb2e7
android: Don't try to load the profile with ID 0
2012-08-31 18:24:22 +02:00
Tobias Brunner
825c192d4f
android: Spinner added to select the VPN type
2012-08-31 18:24:19 +02:00
Martin Willi
1323dc1138
Merge branch 'multi-vip'
...
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
2012-08-31 12:55:56 +02:00