ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
8,212 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

8212 Commits

Author SHA1 Message Date
Martin Willi 5ce59d4c06 Added an aggressive mode peer_cfg option 2012-03-20 17:31:34 +01:00
Martin Willi a347c1ac43 Fix sending of CERTREQ/CERT payloads in aggressive mode 2012-03-20 17:31:34 +01:00
Martin Willi ebc7bcb550 Encrypt payloads of third aggressive mode message 2012-03-20 17:31:33 +01:00
Martin Willi ee325b555f Implemented aggressive mode using Phase 1 helper class 2012-03-20 17:31:33 +01:00
Martin Willi b4bd875612 Make use of the new Phase 1 helper class in main mode 2012-03-20 17:31:33 +01:00
Martin Willi c29a89b80d Implemented a common Phase 1 helper class to use by main and aggressive modes 2012-03-20 17:31:33 +01:00
Martin Willi 44dcd5944a Fix error handling if no PSK found for main mode 2012-03-20 17:31:33 +01:00
Martin Willi 90731f38c9 Install quick mode CHILD_SAs with negotiated encapsulation mode 2012-03-20 17:31:33 +01:00
Martin Willi 927c1dd9d2 Support IKEv1 proposal encodings having both lifebytes and a lifetime 2012-03-20 17:31:33 +01:00
Martin Willi b147679a2c Try to detect reauthentication as responder and adopt children to new SA 2012-03-20 17:31:33 +01:00
Martin Willi 3a0b67bce5 Destroy IKE_SA after reauthentication initiatend and lifetime limit reached 2012-03-20 17:31:33 +01:00
Martin Willi cb1a145ce2 Added an IKE_SA manager method to enumerate IKE_SA IDs filtered by identities 2012-03-20 17:31:33 +01:00
Martin Willi beab4a90ae Query for XAuth identity in get_other_eap_id(), too 2012-03-20 17:31:32 +01:00
Martin Willi 1b79299b89 Set ISAKMP SA state to rekeying after triggering reauthentication 2012-03-20 17:31:32 +01:00
Martin Willi c9d68d17f0 Include peer config overtime in negotiated ISAKMP SA lifetime 2012-03-20 17:31:32 +01:00
Martin Willi 4f49b06843 Initiate IKEv1 reauthentication, take over all children 2012-03-20 17:31:32 +01:00
Martin Willi 17c64d5ff9 Establish IKE_SA only once as XAuth responder 2012-03-20 17:31:32 +01:00
Martin Willi 9c64f214f1 Support initiation of childless IKEv1 ISAKMP SAs 2012-03-20 17:31:32 +01:00
Martin Willi 7e9e1f96df Don't trigger reauthentication if initiator authenticated using XAuth 2012-03-20 17:31:32 +01:00
Martin Willi 2da3ff7a52 Set a condition flag if peer has been authenticated using XAuth 2012-03-20 17:31:32 +01:00
Martin Willi 54773729a8 Queue Mode Config tasks after main mode as initiator, not as responder 2012-03-20 17:31:32 +01:00
Clavister OpenSource d71092ceed Setting Mode Cfg identifier for CFG_ACK messages. 2012-03-20 17:31:32 +01:00
Clavister OpenSource e32820f593 Add functions to set mode cfg identifier 2012-03-20 17:31:32 +01:00
Martin Willi 462c9a4f72 Try all matching XAuth secrets we find, not only the first one 2012-03-20 17:31:32 +01:00
Martin Willi 3d86d76b86 Fixed create_shared_enumerator method description 2012-03-20 17:31:31 +01:00
Martin Willi f56c3c53f6 As responder, try to reuse the reqid of the CHILD_SA the initiator is rekeying 2012-03-20 17:31:31 +01:00
Martin Willi 31bd5c8c0e Reply quick mode with the same SA lifetime that we received 2012-03-20 17:31:31 +01:00
Martin Willi 3a925f74ab Do not query CHILD_SA during delete if they already expired 2012-03-20 17:31:31 +01:00
Martin Willi 07202a2bf1 Be less verbose when deleting SAs triggered by a hard expire 2012-03-20 17:31:31 +01:00
Martin Willi 23eb447c9a Implemented CHILD_SA rekeying 2012-03-20 17:31:31 +01:00
Martin Willi 634ac410a2 Don't return FAILED if a CHILD_SA to delete could not be found 2012-03-20 17:31:31 +01:00
Martin Willi 14dc794165 Support installing of quick mode SAs with a specific reqid 2012-03-20 17:31:31 +01:00
Martin Willi 5f1df0a060 Double check that we could select a TS as quick mode responder 2012-03-20 17:31:31 +01:00
Martin Willi f5a84055fe Implemented responder retransmission, currently enabled for quick mode only 2012-03-20 17:31:30 +01:00
Martin Willi dc8e964775 Queue IKEv1 INFORMATIONALS with higher priority to process notifies first 2012-03-20 17:31:30 +01:00
Martin Willi 96f98a8c11 Accept IKEv1 INVALID_KE_INFORMATION notifies without data 2012-03-20 17:31:30 +01:00
Martin Willi 253d7e3eff Don't process notifies in quick mode task when we get an INFORMATIONAL 2012-03-20 17:31:30 +01:00
Martin Willi 9276f7121c Always queue a new passive task when receiving an IKEv1 INFORMATIONAL 2012-03-20 17:31:30 +01:00
Tobias Brunner db1dc81329 IKEv1 ATTRIBUTES_NOT_SUPPORTED error notify added. 2012-03-20 17:31:30 +01:00
Martin Willi 8a395e889c Fixed leak of a hash when checking out by hash 2012-03-20 17:31:30 +01:00
Martin Willi dd5c3787dc Give a hint that decryption failed if payload length invalid 2012-03-20 17:31:30 +01:00
Martin Willi 07b8ec7c00 Cast keymat safely, not based on external input 2012-03-20 17:31:30 +01:00
Martin Willi 3bacc1f429 Added a keymat_t version to cast it safely 2012-03-20 17:31:30 +01:00
Martin Willi 3d54ae94d9 Handle initiation of not supported IKE versions properly 2012-03-20 17:31:30 +01:00
Martin Willi daee47ba46 Send a delete for every CHILD_SA before deleting IKE_SA 2012-03-20 17:31:30 +01:00
Martin Willi 6379c679ae Set used auth_class in PSKv1 authenticator to comply to constraints 2012-03-20 17:31:30 +01:00
Martin Willi 8573b18d22 Fixed scheduling of IKEv2 init tasks in a second keyingtry 2012-03-20 17:31:29 +01:00
Martin Willi 8ed976c061 Don't requeue IKEv1 init tasks if they already exist in a second keyingtry 2012-03-20 17:31:29 +01:00
Tobias Brunner fd5d6bb08e Use IPSEC DOI also for ISAKMP SA deletes. 2012-03-20 17:31:29 +01:00
Martin Willi d9c1dae293 Implemented resetting of IKEv1 task manager, enabling additional keyingtries 2012-03-20 17:31:29 +01:00