Martin Willi
3ecfc83c6b
payload: Use common prefixes for all payload type identifiers
...
The old identifiers did not use a proper namespace and often clashed with
other defines.
2014-06-04 15:53:03 +02:00
Tobias Brunner
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
Martin Willi
eaafcec190
ikev2: if responder authentication fails, send AUTHENTICATION_FAILED
...
According to RFC 5996, we MAY send an INFORMATIONAL message having an
AUTHENTICATION_FAILED. We don't do any retransmits, though, but just close
the IKE_SA after one message has been sent, avoiding the danger that an
unauthenticated IKE_SA stays alive.
2013-06-11 15:54:26 +02:00
Martin Willi
965348cd7a
Raise LOCAL_AUTH_FAILED alert after receiving AUTHENTICATION_FAILURE
2013-05-15 17:18:03 +02:00
Martin Willi
d8a94c18c6
Apply a mutual EAP auth_cfg not before the EAP method completes
2013-02-26 13:15:27 +01:00
Martin Willi
cc787697b8
Be a little more verbose why a peer_cfg is inacceptable
2013-02-26 13:15:27 +01:00
Martin Willi
289b9b7b31
Refactor auth_cfg applying to a common function
2013-02-26 13:15:27 +01:00
Martin Willi
c794455666
Raise alerts when enforcing IKE_SA unique policy
2012-12-19 10:40:32 +01:00
Martin Willi
3f7f5388a5
Raise an alert of generating local authentication data fails
2012-12-19 10:40:32 +01:00
Martin Willi
01bc9bf428
Fix GPL license header to properly "sed" it
2012-11-30 18:00:33 +01:00
Tobias Brunner
3a8852c76f
Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiator
...
If it is set on an auth config IDr will not be sent, and later the configured
identity will not only be checked against the returned IDr, but also
against other identities contained in the responder's certificate.
2012-09-18 11:16:10 +02:00
Tobias Brunner
f4cc7ea11b
Add uniqueids=never to ignore INITIAL_CONTACT notifies
...
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received. With this new option
it also ignores these notifies.
2012-09-10 17:37:18 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Martin Willi
15a682f4c2
Separated libcharon/sa directory with ikev1 and ikev2 subfolders
2012-03-20 17:31:26 +01:00