45f20f8a79
farp plugin sends ARP responses for any tunneled address, not only virtual IPs
2012-03-06 16:06:33 +01:00
4d7a2128b6
Re-resolve hosts on additional keyingtries
2012-03-06 16:05:28 +01:00
d1fbb0a4b3
Renamed radius_server to radius_config, as some real RADIUS server functionality is coming
2012-03-05 18:31:30 +01:00
2e3615e4ad
Prefer EAP-Identity to read radattr RADIUS attribute file
2012-03-05 18:08:04 +01:00
4cd176d525
Invoke ike_updown hook on authentication failure not before response sent
2012-03-05 18:08:04 +01:00
3ccc8a191c
Inject RADIUS attribute in radattr plugin read from an identity specific file
2012-03-05 18:08:04 +01:00
caf4b88efc
Added a radattr plugin that prints any received RADIUS notify to console
2012-03-05 18:08:04 +01:00
f0f94e2ce6
Moved generic RADIUS protocol support to a dedicated libradius
2012-03-05 18:08:04 +01:00
990fda9d88
Removed libcharon dependencies from generic RADIUS protocol support
2012-03-05 18:06:15 +01:00
99cb353968
Forward specifcied RADIUS attributes between AAA backend and client
2012-03-05 18:06:15 +01:00
007d5b9218
Defined a private status notify to transport arbitrary RADIUS attributes
2012-03-05 18:06:14 +01:00
c158ccd960
Implemented RADIUS DAE response retransmission
2012-03-05 18:06:14 +01:00
fbaf5cd213
Be a little more verbose before starting IKE_SA reauthentication
2012-03-05 18:06:14 +01:00
4d19f7c5bf
Process RADIUS DAE CoA updates, updating lifetimes
2012-03-05 18:06:14 +01:00
a07b69734b
Send an AUTH_LIFETIME update after updating the lifetime, but can not reauth actively
2012-03-05 18:06:14 +01:00
d23c159658
Use faster ike_sa_id and a delete job to handle RADIUS DAE Delete-Request
2012-03-05 18:06:14 +01:00
245e3c52a2
Refactored RADIUS DAE IKE_SA lookup
2012-03-05 18:06:14 +01:00
964b0c144e
Pass RADIUS DAE client address a host_t instead of sockaddr struct
2012-03-05 18:06:14 +01:00
9756c143f0
Send RADIUS DAE Disconnect-ACK/NAK on Disconnect-Request
2012-03-05 18:06:14 +01:00
392618d4ec
Support signing of RADIUS response messages
2012-03-05 18:06:13 +01:00
2bf3858955
Act on RADIUS DAE Disconnect requests
2012-03-05 18:06:13 +01:00
76b6b19f8d
Verify received RADIUS DAE requests
2012-03-05 18:06:13 +01:00
e8a8179706
Support verification of RADIUS request messages
2012-03-05 18:06:13 +01:00
3bc1829211
Rename RADIUS message constructors to handle both, requests and responses
2012-03-05 18:06:13 +01:00
6319ce63cf
Enable RADIUS DAE listening if configured
2012-03-05 18:06:13 +01:00
85932ad24e
Added infrastructure to listen to RADIUS Dynamic Authorization Extension requests
2012-03-05 18:06:13 +01:00
3a42c08904
Added Dynamic Authorization Extension RADIUS message codes
2012-03-05 18:06:13 +01:00
c61341a58f
Set IKE_SA lifetime based on RADIUS Session-Timeout attribute
2012-03-05 18:06:13 +01:00
bdcf441703
Set hard timeouts when setting a lifetime
2012-03-05 18:06:13 +01:00
e9fcf1c6cc
Fix IKE_SA timeout debug output on 64bit platforms
2012-03-05 18:06:13 +01:00
686cfd4e34
Added support for untruncated MD5 and SHA1 HMACs in ESP as used in RFC 4595.
...
This requires a Linux kernel >= 2.6.33.
2012-02-27 14:31:19 +01:00
3a2660f189
Encode IPv6 virtual IPs in a Framed-IPv6-Prefix attribute
2012-02-24 11:20:16 +01:00
d15ae70c8c
Refactored construction of RADIUS accounting messages
2012-02-24 11:12:18 +01:00
d93f204ca5
Include port numbers in Calling-Station-Id, too
2012-02-24 10:49:29 +01:00
802ed08dff
Use large enough buffers for IPv6 addresses in Calling-Station-Id
2012-02-24 10:13:08 +01:00
434cdbac09
Send client external address as Calling-Station-Id in RADIUS accounting
2012-02-24 10:05:23 +01:00
b96eb46d5c
Some Doxygen fixes.
2012-02-07 11:20:46 +01:00
32dc2b0243
Update usage for all children in RADIUS accounting just before sending Stop
2012-02-06 10:51:40 +01:00
e5747e7a83
Check if ClusterIP directory could be opened before enumerating it
2012-02-06 10:51:39 +01:00
85dd6a8deb
Trigger DPD not before IKE_SA state gets updated
2012-02-02 10:35:50 +01:00
916cdca851
Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state
2012-02-02 10:34:04 +01:00
9ec66bc1a5
Added an option to load CA certificates without CA basic constraint.
...
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
2012-02-01 14:34:52 +01:00
0399edef71
Support RADIUS accounting messages containing Framed-IP and Inbound/Outbound-Octets
2012-01-30 19:16:49 +01:00
8e5b4aa023
Open RADIUS accounting sockets to exchange accounting messages
2012-01-30 19:15:20 +01:00
a69aff5f17
Support signing of RADIUS accounting messages
2012-01-30 19:13:20 +01:00
370de553f8
RADIUS message constructor accepts a message code parameter
2012-01-30 19:11:08 +01:00
f1ba06c1c6
Cache list of plugin names to further simplify its usage.
...
Also helpful for ipsec statusall to avoid having to enumerate plugins.
2012-01-19 12:37:42 +01:00
576298a3ef
Simplified logging of list of loaded plugins.
2012-01-19 11:56:03 +01:00
d68b8dfec4
Destroy active task list before queued tasks
...
Since active task's destruction might result in adopting tasks from a
rekeyed ike sa it seems better to first destroy the active task list and
then destroy all queued tasks. This way adoption is possible at all,
while otherwise the queued task list would be empty.
2012-01-18 10:06:54 +01:00
2e0b478a01
Android 4 requires LOCAL_MODULE_TAGS to be set for all modules.
...
Because all packages are now marked as optional executables that are to
be installed on the final system have to be added to PRODUCT_PACKAGES in
build/target/product/core.mk. Dependencies (such as libraries) are
installed automatically.
2012-01-12 19:18:35 +01:00
Martin Willi