497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
f3fefb1847
Increase log verbosity when sending NAT keep-alives
2012-08-08 15:41:02 +02:00
b223d517c8
Replaced usages of CHARON_*_PORT with calls to get_port().
2012-08-08 15:12:25 +02:00
75f8316332
Use send_no_marker to send NAT keepalives.
2012-08-08 15:12:25 +02:00
e7ea057fd2
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
2012-08-08 15:07:43 +02:00
764035d515
Block XAuth transaction on established IKE_SAs, but allow Mode Config
2012-08-03 13:07:57 +02:00
394b9f6b65
Reject initial exchange messages early once IKE_SA is established
2012-08-02 13:04:54 +02:00
1d315bddd3
implemented the right|leftallowany feature
2012-06-08 21:24:41 +02:00
77e4282643
Avoid queueing more than one retry initiate job.
2012-05-30 15:32:52 +02:00
60c82591c5
Retry IKE_SA initiation if DNS resolution failed.
...
This is disabled by default and can be enabled with the
charon.retry_initiate_interval option in strongswan.conf.
2012-05-30 15:32:52 +02:00
a46fe56858
Resolve hosts before reauthenticating due to address change.
2012-05-25 17:05:53 +02:00
c6da59f014
Don't queue delete_ike_sa job when setting IKE_DELETING.
...
This avoids deleting IKE_SAs during reauthentication (without
trying to reestablish them).
2012-05-25 17:05:53 +02:00
7457143072
During reauthentication reestablish IKE_SA even if deleting the old one fails.
2012-05-25 17:05:53 +02:00
23470d849a
Integrated main parts of IKE_REAUTH task into ike_sa_t.reestablish.
2012-05-25 17:05:53 +02:00
12715f1953
Fixed route lookup in case MOBIKE is not enabled.
2012-05-25 17:05:53 +02:00
cbc1a20ffe
Wrap task managers flush_queue() in IKE_SA
2012-05-21 14:05:01 +02:00
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
ae9ce83511
Properly initialize src in ike_sa_t.is_any_path_valid().
2012-04-06 10:54:44 +02:00
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
f98af1ddd5
Trigger DPD not before IKE_SA state gets updated
2012-03-20 17:31:39 +01:00
a994050e9c
Don't re-resolve addresses during initiate if they have already been set
2012-03-20 17:31:38 +01:00
783c496966
Update state before triggering DPD, as we cancel it if PASSIVE
2012-03-20 17:31:38 +01:00
47b8f6ef4b
Invoke bus_t.message hook twice, once plain and parsed, once encoded and encrypted
2012-03-20 17:31:37 +01:00
1a0648490c
Invoke ike_updown hooks for reauthenticated IKEv1 SAs
2012-03-20 17:31:36 +01:00
11aadd7722
Disable DPD checking for peers not supporting it
2012-03-20 17:31:35 +01:00
1e624ce876
Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state
2012-03-20 17:31:35 +01:00
3a0b67bce5
Destroy IKE_SA after reauthentication initiatend and lifetime limit reached
2012-03-20 17:31:33 +01:00
beab4a90ae
Query for XAuth identity in get_other_eap_id(), too
2012-03-20 17:31:32 +01:00
9c64f214f1
Support initiation of childless IKEv1 ISAKMP SAs
2012-03-20 17:31:32 +01:00
7e9e1f96df
Don't trigger reauthentication if initiator authenticated using XAuth
2012-03-20 17:31:32 +01:00
3a925f74ab
Do not query CHILD_SA during delete if they already expired
2012-03-20 17:31:31 +01:00
3d54ae94d9
Handle initiation of not supported IKE versions properly
2012-03-20 17:31:30 +01:00
d9c1dae293
Implemented resetting of IKEv1 task manager, enabling additional keyingtries
2012-03-20 17:31:29 +01:00
448e2e2945
Check message version before processing it on an IKE_SA
2012-03-20 17:31:29 +01:00
438a8d785f
Added a TODO for creating IKE_SAs with unsupported protocol version
2012-03-20 17:31:28 +01:00
3b08de850a
Removed obsolete task header inclusion in IKE_SA
2012-03-20 17:31:27 +01:00
873df908cc
Moved MOBIKE task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
26eee421b4
Check in task manager if we have to requeue IKE tasks in a non-first keyingtry
2012-03-20 17:31:27 +01:00
cedb412e5a
Moved IKE_SA reauth task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
dab60d6411
Moved IKE_SA rekey task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
3ed148b37e
Moved IKE_SA delete task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
83c5fda053
Moved CHILD_SA delete task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
463a73cc0f
Moved CHILD_SA rekey task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
fe43d9a237
Moved CHILD_SA initiate task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
a60daa07f6
Moved IKE_SA initiate task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
244d715de5
Moved liveness checking task creation to protocol specific task manager
2012-03-20 17:31:27 +01:00
15a682f4c2
Separated libcharon/sa directory with ikev1 and ikev2 subfolders
2012-03-20 17:31:26 +01:00
2e3c9f8799
Renamed ike_vendor_v1 to isakmp_vendor
2012-03-20 17:31:26 +01:00
Martin Willi