769c69facc
Added support for responders to change their address via MOBIKE.
...
If the original responder updates its list of additional addresses we
check if the remote endpoint changed and update the IPsec SAs if it did,
as we assume the original address became unavailable and the responder
already updated the SAs on its side.
2010-10-12 11:11:05 +02:00
13876431d6
Explicitly configure MOBIKE tasks to update the list of additional addresses.
2010-10-12 11:11:05 +02:00
31e7dc4dfd
Improved check for first IKE_AUTH message in ike_mobike task.
...
If the original responder initiated a MOBIKE exchange, the previous
check was not always correct.
2010-10-12 11:11:05 +02:00
c817e7bb90
Migrated ike_mobike task to INIT/METHOD macros.
2010-10-12 11:11:05 +02:00
be90134211
Simplified apply_port function in mobike task.
2010-10-12 11:11:04 +02:00
cd26eedc5c
Do not update hosts based on retransmitted messages.
2010-10-12 11:11:04 +02:00
d5bd775126
Do not update remote host if we are behind a NAT.
2010-10-12 11:11:04 +02:00
ed08f7ce83
use DBG_TNC for TNC debugging output
2010-10-09 16:01:19 +02:00
3cb3f85dfc
TNCCS debug cosmetics
2010-10-09 00:58:12 +02:00
e9ba435fe3
revert to standard TNCC/TNCS Initialization function
2010-10-09 00:35:45 +02:00
bfba1fdc92
implemented TNC isolation via group memberships
2010-10-09 00:34:53 +02:00
db2f66c2df
implemented a makeshift non-scalable send buffer
2010-10-08 22:24:30 +02:00
55960a170f
imc/imv cosmetics
2010-10-08 06:40:03 +02:00
8dcc56dcc0
created tnc-imc and tnc-imv plugins
2010-10-07 23:31:23 +02:00
04d000210b
deactivate start_phase2_tnc flag after start
2010-10-07 15:42:00 +02:00
888455587b
added server side support for EAP-TNC
2010-10-07 15:02:51 +02:00
962300b920
Show result of RADIUS authentication along with EAP identity
2010-10-07 11:14:09 +02:00
bb43f25ad3
configure tnc_config path and preferred_language via strongswan.conf
2010-10-05 22:09:07 +02:00
6d0e9cf046
created hull for TNCCS 2.0 plugin
2010-10-05 21:15:24 +02:00
a1edf4d33e
use group membership to implement access/isolate redirection in filter-based TNC scenario
2010-10-05 20:40:36 +02:00
b540d19133
moved CHILD_SA selection out of attribute loop
2010-10-05 08:02:07 +02:00
28b23fef11
receive name of preferred CHILD_SA via RADIUS Filter-Id attribute
2010-10-05 07:58:07 +02:00
a00a43e0f6
print XML as plaintext and process recieved TNCCS Batch
2010-09-30 23:34:00 +02:00
f685b3aca0
started use of libtnc library
2010-09-29 23:24:59 +02:00
3c354b6d11
NOTIFY error message types include 16383
2010-09-29 19:01:36 +02:00
4e8e74fcfa
moved TNCCS layer out of eap_tnc plugin
2010-09-28 23:34:04 +02:00
f22ba072e8
draft-ietf-ipsecme-eap-mutual will be released as RFC 5998.
2010-09-16 10:27:49 +02:00
004de55235
added notify messages defined in RFC 5996
2010-09-15 12:48:58 +02:00
80f86acccb
show validity of OCSP responses
2010-09-10 22:26:03 +02:00
3f58022679
debug output of inbound and outbound TNCCS batches
2010-09-09 11:15:08 +02:00
20ad62026e
support non EAP-TTLS conformant RADIUS-type attribute segmentation
2010-09-09 11:15:08 +02:00
b1baa90846
Fixed copy/paste error.
2010-09-09 10:10:43 +02:00
3b7eb3a9f4
added explanatory comments
2010-09-09 08:57:13 +02:00
48b8cbb206
send well-formed TNCCS-Batch
2010-09-08 13:44:34 +02:00
de29e3a683
max max_message_count configurable and move it into tls_eap_t
2010-09-08 12:58:45 +02:00
30cd31fb69
Added a simple led plugin to control Linux LEDs based on IKE activity
2010-09-08 12:00:57 +02:00
51b385d44d
moved tls_t existance test into tls_eap_create() again
2010-09-08 11:09:11 +02:00
d2b1d4378e
generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol
2010-09-08 11:01:53 +02:00
f6697eadb9
Scheduler and processor have been moved to libstrongswan.
...
Also reverts 0c21dc000d
2010-09-02 19:04:23 +02:00
71b6d2ff5e
Adapted child_sa_t to changed kernel interface.
2010-09-02 19:04:22 +02:00
34cf6def83
Fixing installation of trap policies (SPI=0) in kernel interface.
2010-09-02 19:04:21 +02:00
bd7a2f3bfc
Added an option to specify the type of a policy to kernel_ipsec.add_policy.
...
This will later allow us to support pluto's passthrough and drop
policies in charon.
2010-09-02 19:04:19 +02:00
b4872c1e09
Replaced the protocol argument in add_policy with an optional SPI for an AH SA.
2010-09-02 19:04:19 +02:00
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
062a602216
Moved all kernel plugins to libhydra.
2010-09-02 19:01:26 +02:00
08c0d340b8
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.
...
Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.
2010-09-02 19:01:25 +02:00
f6659688ab
Refer to kernel interface via hydra and not charon.
2010-09-02 19:01:25 +02:00
6f449d2efd
Moved kernel interface to libhydra.
2010-09-02 19:01:25 +02:00
9f166d9ac2
Removed references to protocol_id_t from kernel interface.
...
Instead we use the actual IP protocol identifier (the conversion now happens in
child_sa_t and kernel_handler_t).
2010-09-02 19:01:25 +02:00
9d94174242
Migrated child_sa_t to INIT/METHOD macros.
2010-09-02 19:01:25 +02:00
Tobias Brunner