Tobias Brunner
769c69facc
Added support for responders to change their address via MOBIKE.
...
If the original responder updates its list of additional addresses we
check if the remote endpoint changed and update the IPsec SAs if it did,
as we assume the original address became unavailable and the responder
already updated the SAs on its side.
2010-10-12 11:11:05 +02:00
Tobias Brunner
13876431d6
Explicitly configure MOBIKE tasks to update the list of additional addresses.
2010-10-12 11:11:05 +02:00
Tobias Brunner
31e7dc4dfd
Improved check for first IKE_AUTH message in ike_mobike task.
...
If the original responder initiated a MOBIKE exchange, the previous
check was not always correct.
2010-10-12 11:11:05 +02:00
Tobias Brunner
c817e7bb90
Migrated ike_mobike task to INIT/METHOD macros.
2010-10-12 11:11:05 +02:00
Tobias Brunner
be90134211
Simplified apply_port function in mobike task.
2010-10-12 11:11:04 +02:00
Tobias Brunner
cd26eedc5c
Do not update hosts based on retransmitted messages.
2010-10-12 11:11:04 +02:00
Tobias Brunner
d5bd775126
Do not update remote host if we are behind a NAT.
2010-10-12 11:11:04 +02:00
Andreas Steffen
ed08f7ce83
use DBG_TNC for TNC debugging output
2010-10-09 16:01:19 +02:00
Andreas Steffen
3cb3f85dfc
TNCCS debug cosmetics
2010-10-09 00:58:12 +02:00
Andreas Steffen
e9ba435fe3
revert to standard TNCC/TNCS Initialization function
2010-10-09 00:35:45 +02:00
Andreas Steffen
bfba1fdc92
implemented TNC isolation via group memberships
2010-10-09 00:34:53 +02:00
Andreas Steffen
db2f66c2df
implemented a makeshift non-scalable send buffer
2010-10-08 22:24:30 +02:00
Andreas Steffen
55960a170f
imc/imv cosmetics
2010-10-08 06:40:03 +02:00
Andreas Steffen
8dcc56dcc0
created tnc-imc and tnc-imv plugins
2010-10-07 23:31:23 +02:00
Andreas Steffen
04d000210b
deactivate start_phase2_tnc flag after start
2010-10-07 15:42:00 +02:00
Andreas Steffen
888455587b
added server side support for EAP-TNC
2010-10-07 15:02:51 +02:00
Martin Willi
962300b920
Show result of RADIUS authentication along with EAP identity
2010-10-07 11:14:09 +02:00
Andreas Steffen
bb43f25ad3
configure tnc_config path and preferred_language via strongswan.conf
2010-10-05 22:09:07 +02:00
Andreas Steffen
6d0e9cf046
created hull for TNCCS 2.0 plugin
2010-10-05 21:15:24 +02:00
Andreas Steffen
a1edf4d33e
use group membership to implement access/isolate redirection in filter-based TNC scenario
2010-10-05 20:40:36 +02:00
Andreas Steffen
b540d19133
moved CHILD_SA selection out of attribute loop
2010-10-05 08:02:07 +02:00
Andreas Steffen
28b23fef11
receive name of preferred CHILD_SA via RADIUS Filter-Id attribute
2010-10-05 07:58:07 +02:00
Andreas Steffen
a00a43e0f6
print XML as plaintext and process recieved TNCCS Batch
2010-09-30 23:34:00 +02:00
Andreas Steffen
f685b3aca0
started use of libtnc library
2010-09-29 23:24:59 +02:00
Andreas Steffen
3c354b6d11
NOTIFY error message types include 16383
2010-09-29 19:01:36 +02:00
Andreas Steffen
4e8e74fcfa
moved TNCCS layer out of eap_tnc plugin
2010-09-28 23:34:04 +02:00
Tobias Brunner
f22ba072e8
draft-ietf-ipsecme-eap-mutual will be released as RFC 5998.
2010-09-16 10:27:49 +02:00
Andreas Steffen
004de55235
added notify messages defined in RFC 5996
2010-09-15 12:48:58 +02:00
Andreas Steffen
80f86acccb
show validity of OCSP responses
2010-09-10 22:26:03 +02:00
Andreas Steffen
3f58022679
debug output of inbound and outbound TNCCS batches
2010-09-09 11:15:08 +02:00
Andreas Steffen
20ad62026e
support non EAP-TTLS conformant RADIUS-type attribute segmentation
2010-09-09 11:15:08 +02:00
Tobias Brunner
b1baa90846
Fixed copy/paste error.
2010-09-09 10:10:43 +02:00
Andreas Steffen
3b7eb3a9f4
added explanatory comments
2010-09-09 08:57:13 +02:00
Andreas Steffen
48b8cbb206
send well-formed TNCCS-Batch
2010-09-08 13:44:34 +02:00
Andreas Steffen
de29e3a683
max max_message_count configurable and move it into tls_eap_t
2010-09-08 12:58:45 +02:00
Martin Willi
30cd31fb69
Added a simple led plugin to control Linux LEDs based on IKE activity
2010-09-08 12:00:57 +02:00
Andreas Steffen
51b385d44d
moved tls_t existance test into tls_eap_create() again
2010-09-08 11:09:11 +02:00
Andreas Steffen
d2b1d4378e
generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol
2010-09-08 11:01:53 +02:00
Tobias Brunner
f6697eadb9
Scheduler and processor have been moved to libstrongswan.
...
Also reverts 0c21dc000d
as the dependency
to libcharon is no longer required.
2010-09-02 19:04:23 +02:00
Tobias Brunner
71b6d2ff5e
Adapted child_sa_t to changed kernel interface.
2010-09-02 19:04:22 +02:00
Tobias Brunner
34cf6def83
Fixing installation of trap policies (SPI=0) in kernel interface.
2010-09-02 19:04:21 +02:00
Tobias Brunner
bd7a2f3bfc
Added an option to specify the type of a policy to kernel_ipsec.add_policy.
...
This will later allow us to support pluto's passthrough and drop
policies in charon.
2010-09-02 19:04:19 +02:00
Tobias Brunner
b4872c1e09
Replaced the protocol argument in add_policy with an optional SPI for an AH SA.
2010-09-02 19:04:19 +02:00
Tobias Brunner
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
Tobias Brunner
062a602216
Moved all kernel plugins to libhydra.
2010-09-02 19:01:26 +02:00
Tobias Brunner
08c0d340b8
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.
...
Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.
2010-09-02 19:01:25 +02:00
Tobias Brunner
f6659688ab
Refer to kernel interface via hydra and not charon.
2010-09-02 19:01:25 +02:00
Tobias Brunner
6f449d2efd
Moved kernel interface to libhydra.
2010-09-02 19:01:25 +02:00
Tobias Brunner
9f166d9ac2
Removed references to protocol_id_t from kernel interface.
...
Instead we use the actual IP protocol identifier (the conversion now happens in
child_sa_t and kernel_handler_t).
2010-09-02 19:01:25 +02:00
Tobias Brunner
9d94174242
Migrated child_sa_t to INIT/METHOD macros.
2010-09-02 19:01:25 +02:00