Martin Willi
45f20f8a79
farp plugin sends ARP responses for any tunneled address, not only virtual IPs
2012-03-06 16:06:33 +01:00
Martin Willi
4d7a2128b6
Re-resolve hosts on additional keyingtries
2012-03-06 16:05:28 +01:00
Martin Willi
d1fbb0a4b3
Renamed radius_server to radius_config, as some real RADIUS server functionality is coming
2012-03-05 18:31:30 +01:00
Martin Willi
2e3615e4ad
Prefer EAP-Identity to read radattr RADIUS attribute file
2012-03-05 18:08:04 +01:00
Martin Willi
4cd176d525
Invoke ike_updown hook on authentication failure not before response sent
2012-03-05 18:08:04 +01:00
Martin Willi
3ccc8a191c
Inject RADIUS attribute in radattr plugin read from an identity specific file
2012-03-05 18:08:04 +01:00
Martin Willi
caf4b88efc
Added a radattr plugin that prints any received RADIUS notify to console
2012-03-05 18:08:04 +01:00
Martin Willi
f0f94e2ce6
Moved generic RADIUS protocol support to a dedicated libradius
2012-03-05 18:08:04 +01:00
Martin Willi
990fda9d88
Removed libcharon dependencies from generic RADIUS protocol support
2012-03-05 18:06:15 +01:00
Martin Willi
99cb353968
Forward specifcied RADIUS attributes between AAA backend and client
2012-03-05 18:06:15 +01:00
Martin Willi
007d5b9218
Defined a private status notify to transport arbitrary RADIUS attributes
2012-03-05 18:06:14 +01:00
Martin Willi
c158ccd960
Implemented RADIUS DAE response retransmission
2012-03-05 18:06:14 +01:00
Martin Willi
fbaf5cd213
Be a little more verbose before starting IKE_SA reauthentication
2012-03-05 18:06:14 +01:00
Martin Willi
4d19f7c5bf
Process RADIUS DAE CoA updates, updating lifetimes
2012-03-05 18:06:14 +01:00
Martin Willi
a07b69734b
Send an AUTH_LIFETIME update after updating the lifetime, but can not reauth actively
2012-03-05 18:06:14 +01:00
Martin Willi
d23c159658
Use faster ike_sa_id and a delete job to handle RADIUS DAE Delete-Request
2012-03-05 18:06:14 +01:00
Martin Willi
245e3c52a2
Refactored RADIUS DAE IKE_SA lookup
2012-03-05 18:06:14 +01:00
Martin Willi
964b0c144e
Pass RADIUS DAE client address a host_t instead of sockaddr struct
2012-03-05 18:06:14 +01:00
Martin Willi
9756c143f0
Send RADIUS DAE Disconnect-ACK/NAK on Disconnect-Request
2012-03-05 18:06:14 +01:00
Martin Willi
392618d4ec
Support signing of RADIUS response messages
2012-03-05 18:06:13 +01:00
Martin Willi
2bf3858955
Act on RADIUS DAE Disconnect requests
2012-03-05 18:06:13 +01:00
Martin Willi
76b6b19f8d
Verify received RADIUS DAE requests
2012-03-05 18:06:13 +01:00
Martin Willi
e8a8179706
Support verification of RADIUS request messages
2012-03-05 18:06:13 +01:00
Martin Willi
3bc1829211
Rename RADIUS message constructors to handle both, requests and responses
2012-03-05 18:06:13 +01:00
Martin Willi
6319ce63cf
Enable RADIUS DAE listening if configured
2012-03-05 18:06:13 +01:00
Martin Willi
85932ad24e
Added infrastructure to listen to RADIUS Dynamic Authorization Extension requests
2012-03-05 18:06:13 +01:00
Martin Willi
3a42c08904
Added Dynamic Authorization Extension RADIUS message codes
2012-03-05 18:06:13 +01:00
Martin Willi
c61341a58f
Set IKE_SA lifetime based on RADIUS Session-Timeout attribute
2012-03-05 18:06:13 +01:00
Martin Willi
bdcf441703
Set hard timeouts when setting a lifetime
2012-03-05 18:06:13 +01:00
Martin Willi
e9fcf1c6cc
Fix IKE_SA timeout debug output on 64bit platforms
2012-03-05 18:06:13 +01:00
Tobias Brunner
686cfd4e34
Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.
...
This requires a Linux kernel >= 2.6.33.
2012-02-27 14:31:19 +01:00
Martin Willi
3a2660f189
Encode IPv6 virtual IPs in a Framed-IPv6-Prefix attribute
2012-02-24 11:20:16 +01:00
Martin Willi
d15ae70c8c
Refactored construction of RADIUS accounting messages
2012-02-24 11:12:18 +01:00
Martin Willi
d93f204ca5
Include port numbers in Calling-Station-Id, too
2012-02-24 10:49:29 +01:00
Martin Willi
802ed08dff
Use large enough buffers for IPv6 addresses in Calling-Station-Id
2012-02-24 10:13:08 +01:00
Martin Willi
434cdbac09
Send client external address as Calling-Station-Id in RADIUS accounting
2012-02-24 10:05:23 +01:00
Tobias Brunner
b96eb46d5c
Some Doxygen fixes.
2012-02-07 11:20:46 +01:00
Martin Willi
32dc2b0243
Update usage for all children in RADIUS accounting just before sending Stop
2012-02-06 10:51:40 +01:00
Martin Willi
e5747e7a83
Check if ClusterIP directory could be opened before enumerating it
2012-02-06 10:51:39 +01:00
Martin Willi
85dd6a8deb
Trigger DPD not before IKE_SA state gets updated
2012-02-02 10:35:50 +01:00
Martin Willi
916cdca851
Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state
2012-02-02 10:34:04 +01:00
Tobias Brunner
9ec66bc1a5
Added an option to load CA certificates without CA basic constraint.
...
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
2012-02-01 14:34:52 +01:00
Martin Willi
0399edef71
Support RADIUS accounting messages containing Framed-IP and Inbound/Outbound-Octets
2012-01-30 19:16:49 +01:00
Martin Willi
8e5b4aa023
Open RADIUS accounting sockets to exchange accounting messages
2012-01-30 19:15:20 +01:00
Martin Willi
a69aff5f17
Support signing of RADIUS accounting messages
2012-01-30 19:13:20 +01:00
Martin Willi
370de553f8
RADIUS message constructor accepts a message code parameter
2012-01-30 19:11:08 +01:00
Tobias Brunner
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
Tobias Brunner
576298a3ef
Simplified logging of list of loaded plugins.
2012-01-19 11:56:03 +01:00
Thomas Egerer
d68b8dfec4
Destroy active task list before queued tasks
...
Since active task's destruction might result in adopting tasks from a
rekeyed ike sa it seems better to first destroy the active task list and
then destroy all queued tasks. This way adoption is possible at all,
while otherwise the queued task list would be empty.
2012-01-18 10:06:54 +01:00
Tobias Brunner
2e0b478a01
Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.
...
Because all packages are now marked as optional executables that are to
be installed on the final system have to be added to PRODUCT_PACKAGES in
build/target/product/core.mk. Dependencies (such as libraries) are
installed automatically.
2012-01-12 19:18:35 +01:00