Tobias Brunner
7a87381840
testing: Rename interfaces and bridges so they are easier to identify
...
This simplifies capturing traffic with Wireshark on the host as each of
the guest's interfaces is clearly identified.
The three bridges were previously numbered starting from 0, this scheme
is restored here.
2013-03-19 11:50:39 +01:00
Tobias Brunner
9525e9c506
testing: Don't use a specific version for the QEMU machine type
...
The previously used pc-1.1 is not yet available on e.g. Ubuntu 12.04.
With 'pc' the most current supported version of that type is used.
2013-03-19 11:50:39 +01:00
Tobias Brunner
e34666a4ed
NEWS about xauth-noauth added
2013-03-19 11:23:03 +01:00
Tobias Brunner
3c34e15ee4
Make sure that xauth-noauth is not used accidentally
...
It has to be selected explicitly with rightauth2=xauth-noauth.
2013-03-19 11:23:03 +01:00
Tobias Brunner
e4013bb904
Added xauth-noauth plugin
...
This XAuth backend does not do any authentication of client credentials
but simply sends a successful XAuth status to the client, thereby
concluding the XAuth exchange. This can be useful to fallback to basic
RSA authentication with clients that can not be configured without XAuth
authentication.
2013-03-19 11:23:03 +01:00
Martin Willi
41131528a9
In stroke counters, check if we have an IKE_SA before getting the name from it
...
Fixes a segfault when receiving an invalid IKE SPI, where we don't have an
IKE_SA for the raised alert.
2013-03-19 11:20:35 +01:00
Martin Willi
a0f1c4cf29
Add an "esp" load-tester option to configure custom CHILD_SA ESP proposal
2013-03-18 14:30:21 +01:00
Tobias Brunner
6cf79c1e9d
Algorithms are not really specific to an IKE version
...
But not all of them can be used with IKEv1.
Fixes #314 .
2013-03-18 12:20:47 +01:00
Martin Willi
96776d6f77
Add some 5.0.3 NEWS
2013-03-18 10:48:21 +01:00
Martin Willi
d29246cabe
Merge branch 'radius-ext'
...
Bring some extensions to eap-radius, namely a virtual IP address provider based
on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting
updates and the reporting of sent/received packets.
2013-03-18 10:13:36 +01:00
Martin Willi
048872f2f7
Merge branch 'stroke-counters'
...
Extend stroke counters functionality by connection specific counters, and
a resetcounters command to reset the global or connection counters.
2013-03-18 10:12:22 +01:00
Martin Willi
e85c0f6b84
Merge branch 'stroke-timeout'
...
Add a strongswan.conf timeout option for stroke control commands.
2013-03-18 10:11:46 +01:00
Martin Willi
cb14ecb1d3
Merge branch 'netlink-align'
...
Fixes some Netlink alignment issues, and then refactors Netlink XFRM message
attribute handling.
2013-03-18 10:09:35 +01:00
Martin Willi
94163816fa
Use netlink_add_attribute() to copy over attributes during update_sa()
2013-03-15 16:02:01 +01:00
Martin Willi
0d9f31e1ed
Use a helper function to add XFRM_MARK attribute
2013-03-15 16:02:01 +01:00
Martin Willi
6dfc633927
Use netlink_reserve() helper function in XFRM to simplify message construction
2013-03-15 16:02:01 +01:00
Martin Willi
6359ab04f4
Add a Netlink utility function to add a RTA header and reserve space for data
2013-03-15 14:32:51 +01:00
Martin Willi
53c98f098f
Correctly check buffer length in netlink_add_attribute()
2013-03-15 14:32:25 +01:00
Martin Willi
6ac601f543
Avoid unneeded termination of netlink algorithm name arrays with END_OF_LIST
2013-03-15 14:01:15 +01:00
Martin Willi
cf729248b2
Add a "resetcounters" command to ipsec, clearing global or connection counters
2013-03-15 10:55:22 +01:00
Martin Willi
d022322bed
Add connection name specific stroke counters
2013-03-15 10:41:04 +01:00
Martin Willi
a34ffd1c05
Add a chunk_from_str() initializer that does not include 0-terminator
2013-03-15 10:36:33 +01:00
Martin Willi
e813d218f1
Don't create interim update entries if RADIUS accounting is disabled
2013-03-14 16:44:09 +01:00
Martin Willi
d019764ab6
Add support for RADIUS Interim accounting updates
2013-03-14 16:35:11 +01:00
Martin Willi
1ba1cd0c9b
Add an option to delete any established IKE_SA if RADIUS server is not responding
2013-03-14 15:42:30 +01:00
Martin Willi
49960f021d
Make check whether to use IKEv1 fragmentation more readable
2013-03-14 14:20:55 +01:00
Martin Willi
552b8ad5f5
Send Acct-Terminate-Cause based on some alerts catched on the bus
...
Currently supported are user disconnects, session timeouts and if the peer does
not respond on IKE packets or DPDs.
2013-03-14 14:20:55 +01:00
Martin Willi
335982169a
When IKEv1 DPD times out, raise missing SEND_RETRANSMIT_TIMOUT alert
2013-03-14 14:20:54 +01:00
Martin Willi
c45cf9048e
Raise an alert if an IKE_SA could not have been reauthenticated and expires
2013-03-14 14:20:54 +01:00
Martin Willi
68c12fd9f9
Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Accounting-Requests
2013-03-14 14:20:54 +01:00
Martin Willi
b4568ca230
Support RADIUS accounting of sent/received packets
2013-03-14 14:20:54 +01:00
Martin Willi
d28391a244
Report the number of processed packets in "ipsec statusall"
2013-03-14 14:20:54 +01:00
Martin Willi
d954a2081b
child_sa_t.get_usestats() can additionally return the number of processed packets
2013-03-14 14:20:54 +01:00
Martin Willi
6b35ab84da
Pass correclty sized pointer to lookup_algorithm() in PF_KEY
2013-03-14 14:20:54 +01:00
Martin Willi
7eeeb1c702
kernel_ipsec_t.query_sa() additionally returns the number of processed packets
2013-03-14 14:20:54 +01:00
Martin Willi
003452d18f
Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-Request
2013-03-13 15:20:11 +01:00
Martin Willi
02bf38890d
Forward Cisco Banner received from RADIUS to Unity capable clients
2013-03-12 20:37:35 +01:00
Martin Willi
54b3cbdc78
Add a radius message method to enumerate vendor specific attributes
2013-03-12 20:37:35 +01:00
Martin Willi
b4d172aa8e
Add Altiga Private Enterprise Numbers that Cisco uses in VPN 3000
2013-03-12 20:31:10 +01:00
Martin Willi
f4c8e6def7
In eap-radius, hand out received Framed-IP-Address attributes as virtual IP
2013-03-12 17:44:13 +01:00
Martin Willi
3a23794fa2
Add missing XAuthRespPSK switch case to IKEv1 key derivation
2013-03-12 10:09:23 +01:00
Martin Willi
cf6a4ea005
strdup() iface passed to queue_route_reinstall(), fixing double-free
2013-03-11 15:17:50 +01:00
Martin Willi
d6b6d1ecdb
Support mutliple subnets and ranges as external load-tester addresses
2013-03-11 15:16:13 +01:00
Martin Willi
0897cda33b
Add a constructor to create in-memory pools from an address range
2013-03-11 15:12:47 +01:00
Martin Willi
d3f5a05e29
When adding Netlink attributes, increase header length with potential alignment
...
If the payload is unaligned, we must make sure the total netlink message
length includes the added alignment for the first attribute.
2013-03-11 12:32:21 +01:00
Martin Willi
8f727d8007
Clean up IKE_SA state if IKE_SA_INIT request does not have message ID 0
2013-03-11 11:30:47 +01:00
Martin Willi
0235914d2f
Ignore fourth Qick Mode message sent by Windows servers.
...
Initial patch by Paul Stewart, fixes #289 .
2013-03-11 10:53:55 +01:00
Andreas Steffen
f361a85ebb
added ITA Echo PA-TNC Subtype and ITA Echo Attribute type
2013-03-11 09:30:20 +01:00
Andreas Steffen
e99cf029dc
version bump to 5.0.3dr4
2013-03-11 09:29:22 +01:00
Andreas Steffen
a498c7a9c3
moved ar_id from imv_agent to imv_state
2013-03-11 08:54:02 +01:00