ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
9,747 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

7571 Commits

Author SHA1 Message Date
Tobias Brunner 23b4d3a52f starter: Allow %any also for protocol in left|rightprotoport 2012-09-12 16:53:45 +02:00
Martin Willi ab2c989c32 Don't allow NULL encryption with PEAP 2012-09-12 13:19:52 +02:00
Martin Willi acada66a35 Use memmove on overlapping regions, and operate with correct sizeof() 2012-09-12 13:19:52 +02:00
Martin Willi fb3cf1b708 Whitespace cleanups in tls_eap 2012-09-12 13:19:52 +02:00
Martin Willi 5b96503e13 Use uintptr_t in mem pool to avoid compiler warning if sizeof(void*) != sizeof(int) 2012-09-12 13:19:52 +02:00
Martin Willi d4cca1beea Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is empty 2012-09-11 17:20:17 +02:00
Martin Willi c4acf37502 Don't use host address for dynamic TS in IKEv1 if a virtual IP was expected 2012-09-11 16:18:29 +02:00
Martin Willi 7d82aaea8d Don't use host address for dynamic TS in IKEv2 if a virtual IP was expected 2012-09-11 16:18:28 +02:00
Martin Willi 4cb0783f3c Don't return a subset for a dynamic TS unless set_address has been called 2012-09-11 16:18:28 +02:00
Martin Willi c7294f7a58 Send FAILED_CP_REQUIRED if a configuration payload was expected, but not received 2012-09-11 16:18:28 +02:00
Martin Willi 1e04488f32 Check for an existing lease in all stroke pools before creating a new one 2012-09-11 16:18:28 +02:00
Martin Willi 28a3d5bfbd Pass full pool list to release_address 2012-09-11 16:18:28 +02:00
Martin Willi 594c58e111 Pass the full list of pools to acquire_address, enumerate in providers 
If the provider has access to the full pool list, it can enumerate
them twice, for example to search for existing leases first, and
only search for new leases in a second step.

Fixes lease enumeration in attr-sql using multiple pools.
 2012-09-11 16:18:28 +02:00
Martin Willi dc7b79d8a5 Add a linked list constructor initializing from an enumerator 2012-09-11 16:18:28 +02:00
Martin Willi f942588f95 Add a responder narrow() hook to change TS in the kernel, but not on the wire 2012-09-11 16:14:39 +02:00
Martin Willi cf85ebbfec Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radius 2012-09-11 15:22:22 +02:00
Martin Willi 37095ce1c1 Fix leak while enumerating RADIUS Framed-IPs from IKE_SA 2012-09-11 15:22:22 +02:00
Tobias Brunner f4cc7ea11b Add uniqueids=never to ignore INITIAL_CONTACT notifies 
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received.  With this new option
it also ignores these notifies.
 2012-09-10 17:37:18 +02:00
Martin Willi 7b68cd9212 Add strongswan.conf runtime options for /dev/[u]random files 
Fixes #221.
 2012-09-10 17:07:51 +02:00
Tobias Brunner 4065e2504c Use the proper types for comma separated attributes read from strongswan.conf 
Attributes of different address families previously were mapped to
the same attribute type (the one derived from the address family of the
first address).
 2012-09-10 15:17:17 +02:00
Tobias Brunner 383c174a79 Print the name of mem pools instead of the confusing <base>/<size> 2012-09-10 12:42:09 +02:00
Tobias Brunner 747fd544a7 Properly remove broadcast address from mem pools 2012-09-10 11:44:18 +02:00
Andreas Steffen 32e30f15cb use base IMC ID if src IMC ID is not supported 2012-09-10 00:07:54 +02:00
Andreas Steffen a785bb8797 make sending of IETF Assessment Result attributes configurable 2012-09-09 23:24:23 +02:00
Andreas Steffen 6f93927b6c introduced sending of standard IETF Assessment Result PA-TNC attribute by IMVs 2012-09-09 05:13:50 +02:00
Tobias Brunner bcf8cdd556 Only initiate an exchange from send_dpd() if a task was actually queued 
Otherwise, the initiator would prematurely initiate Quick Mode if it has
DPD enabled and XAuth is used.
 2012-09-07 18:05:22 +02:00
Tobias Brunner ccba4f1533 android: New release after adding certificate authentication and reauth fix 2012-09-06 14:54:37 +02:00
Tobias Brunner 3babde90bb Trigger ike_updown event caused by retransmits only after reestablish() has been called 
This allows listeners to migrate to the new IKE_SA with the
ike_reestablish event without having to worry about an ike_updown event
for the old IKE_SA.
 2012-09-06 11:27:28 +02:00
Tobias Brunner d7d2a5ec38 android: Properly handle reauthentication initiated by the client 2012-09-06 11:27:07 +02:00
Tobias Brunner 0326ceda64 android: Create a new VpnService.Builder after VPN has been established 2012-09-06 11:25:24 +02:00
Tobias Brunner 4dbb193190 Add ike_reestablish() event that is triggered when an IKE_SA is reestablished 
This is particularly useful during reauthentication to get the new
IKE_SA.
 2012-09-06 11:25:14 +02:00
Tobias Brunner 873b63b771 Add a new condition to mark IKE_SAs that are currently being reauthenticated 2012-09-06 11:23:11 +02:00
Tobias Brunner 4c91845452 starter: Load config again when restarting charon 
This got lost in 041e763b.
 2012-09-05 16:43:34 +02:00
Tobias Brunner d2e8f20d94 Clear virtual IPs before storing assigned ones on the IKE_SA 
Otherwise we'll end up with duplicate or invalid VIPs stored on the
IKE_SA.
 2012-09-05 14:35:57 +02:00
Martin Willi 4c892fe533 In mode_config, destroy temporary pool list instead of the virtual IP list twice 2012-09-05 14:18:52 +02:00
Tobias Brunner d1604d0551 Merge branch 'android-client-cert' 
Introduces IKEv2 client certificate authentication for the Android App.
 2012-09-04 13:58:49 +02:00
Tobias Brunner c89cc22692 android: Native parts handle ikev2-cert VPN type 2012-08-31 18:24:46 +02:00
Tobias Brunner 094a059bcf android: android_creds_t can provide a user's private key and certificate 2012-08-31 18:24:46 +02:00
Tobias Brunner 3aba33868b android: Added JNI method to retrieve user certificate and private key 
To simplify things the private key, the user certificate and the CA
certificates are all put into the same list.
 2012-08-31 18:24:46 +02:00
Tobias Brunner 38e866c3dd android: Don't show the password dialog if not required 2012-08-31 18:24:46 +02:00
Tobias Brunner 69f731a9d8 android: Enable pkcs8 plugin 2012-08-31 18:24:46 +02:00
Tobias Brunner 5eb7ad3a38 android: Pass the type of VPN to the native parts 2012-08-31 18:24:46 +02:00
Tobias Brunner 655362464e android: Make sure NULL jstrings are converted properly 2012-08-31 18:24:45 +02:00
Tobias Brunner 6de38fe88a android: Display the selected certificate alias in the profile list 2012-08-31 18:24:45 +02:00
Tobias Brunner f46da851ab android: Allow configuration of a user certificate 2012-08-31 18:24:43 +02:00
Tobias Brunner 3f9e90f618 android: Remove NOT NULL constraint from username column 2012-08-31 18:24:23 +02:00
Tobias Brunner d0f6481eb0 android: Separate view added to select certificates 2012-08-31 18:24:23 +02:00
Tobias Brunner 7fedacb2e7 android: Don't try to load the profile with ID 0 2012-08-31 18:24:22 +02:00
Tobias Brunner 825c192d4f android: Spinner added to select the VPN type 2012-08-31 18:24:19 +02:00
Martin Willi 1323dc1138 Merge branch 'multi-vip' 
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
 2012-08-31 12:55:56 +02:00