7a87381840
testing: Rename interfaces and bridges so they are easier to identify
...
This simplifies capturing traffic with Wireshark on the host as each of
the guest's interfaces is clearly identified.
The three bridges were previously numbered starting from 0, this scheme
is restored here.
2013-03-19 11:50:39 +01:00
9525e9c506
testing: Don't use a specific version for the QEMU machine type
...
The previously used pc-1.1 is not yet available on e.g. Ubuntu 12.04.
With 'pc' the most current supported version of that type is used.
2013-03-19 11:50:39 +01:00
e34666a4ed
NEWS about xauth-noauth added
2013-03-19 11:23:03 +01:00
3c34e15ee4
Make sure that xauth-noauth is not used accidentally
...
It has to be selected explicitly with rightauth2=xauth-noauth.
2013-03-19 11:23:03 +01:00
e4013bb904
Added xauth-noauth plugin
...
This XAuth backend does not do any authentication of client credentials
but simply sends a successful XAuth status to the client, thereby
concluding the XAuth exchange. This can be useful to fallback to basic
RSA authentication with clients that can not be configured without XAuth
authentication.
2013-03-19 11:23:03 +01:00
41131528a9
In stroke counters, check if we have an IKE_SA before getting the name from it
...
Fixes a segfault when receiving an invalid IKE SPI, where we don't have an
IKE_SA for the raised alert.
2013-03-19 11:20:35 +01:00
a0f1c4cf29
Add an "esp" load-tester option to configure custom CHILD_SA ESP proposal
2013-03-18 14:30:21 +01:00
6cf79c1e9d
Algorithms are not really specific to an IKE version
...
But not all of them can be used with IKEv1.
Fixes #314 .
2013-03-18 12:20:47 +01:00
96776d6f77
Add some 5.0.3 NEWS
2013-03-18 10:48:21 +01:00
d29246cabe
Merge branch 'radius-ext'
...
Bring some extensions to eap-radius, namely a virtual IP address provider based
on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting
updates and the reporting of sent/received packets.
2013-03-18 10:13:36 +01:00
048872f2f7
Merge branch 'stroke-counters'
...
Extend stroke counters functionality by connection specific counters, and
a resetcounters command to reset the global or connection counters.
2013-03-18 10:12:22 +01:00
e85c0f6b84
Merge branch 'stroke-timeout'
...
Add a strongswan.conf timeout option for stroke control commands.
2013-03-18 10:11:46 +01:00
cb14ecb1d3
Merge branch 'netlink-align'
...
Fixes some Netlink alignment issues, and then refactors Netlink XFRM message
attribute handling.
2013-03-18 10:09:35 +01:00
94163816fa
Use netlink_add_attribute() to copy over attributes during update_sa()
2013-03-15 16:02:01 +01:00
0d9f31e1ed
Use a helper function to add XFRM_MARK attribute
2013-03-15 16:02:01 +01:00
6dfc633927
Use netlink_reserve() helper function in XFRM to simplify message construction
2013-03-15 16:02:01 +01:00
6359ab04f4
Add a Netlink utility function to add a RTA header and reserve space for data
2013-03-15 14:32:51 +01:00
53c98f098f
Correctly check buffer length in netlink_add_attribute()
2013-03-15 14:32:25 +01:00
6ac601f543
Avoid unneeded termination of netlink algorithm name arrays with END_OF_LIST
2013-03-15 14:01:15 +01:00
cf729248b2
Add a "resetcounters" command to ipsec, clearing global or connection counters
2013-03-15 10:55:22 +01:00
d022322bed
Add connection name specific stroke counters
2013-03-15 10:41:04 +01:00
a34ffd1c05
Add a chunk_from_str() initializer that does not include 0-terminator
2013-03-15 10:36:33 +01:00
e813d218f1
Don't create interim update entries if RADIUS accounting is disabled
2013-03-14 16:44:09 +01:00
d019764ab6
Add support for RADIUS Interim accounting updates
2013-03-14 16:35:11 +01:00
1ba1cd0c9b
Add an option to delete any established IKE_SA if RADIUS server is not responding
2013-03-14 15:42:30 +01:00
49960f021d
Make check whether to use IKEv1 fragmentation more readable
2013-03-14 14:20:55 +01:00
552b8ad5f5
Send Acct-Terminate-Cause based on some alerts catched on the bus
...
Currently supported are user disconnects, session timeouts and if the peer does
not respond on IKE packets or DPDs.
2013-03-14 14:20:55 +01:00
335982169a
When IKEv1 DPD times out, raise missing SEND_RETRANSMIT_TIMOUT alert
2013-03-14 14:20:54 +01:00
c45cf9048e
Raise an alert if an IKE_SA could not have been reauthenticated and expires
2013-03-14 14:20:54 +01:00
68c12fd9f9
Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Accounting-Requests
2013-03-14 14:20:54 +01:00
b4568ca230
Support RADIUS accounting of sent/received packets
2013-03-14 14:20:54 +01:00
d28391a244
Report the number of processed packets in "ipsec statusall"
2013-03-14 14:20:54 +01:00
d954a2081b
child_sa_t.get_usestats() can additionally return the number of processed packets
2013-03-14 14:20:54 +01:00
6b35ab84da
Pass correclty sized pointer to lookup_algorithm() in PF_KEY
2013-03-14 14:20:54 +01:00
7eeeb1c702
kernel_ipsec_t.query_sa() additionally returns the number of processed packets
2013-03-14 14:20:54 +01:00
003452d18f
Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-Request
2013-03-13 15:20:11 +01:00
02bf38890d
Forward Cisco Banner received from RADIUS to Unity capable clients
2013-03-12 20:37:35 +01:00
54b3cbdc78
Add a radius message method to enumerate vendor specific attributes
2013-03-12 20:37:35 +01:00
b4d172aa8e
Add Altiga Private Enterprise Numbers that Cisco uses in VPN 3000
2013-03-12 20:31:10 +01:00
f4c8e6def7
In eap-radius, hand out received Framed-IP-Address attributes as virtual IP
2013-03-12 17:44:13 +01:00
3a23794fa2
Add missing XAuthRespPSK switch case to IKEv1 key derivation
2013-03-12 10:09:23 +01:00
cf6a4ea005
strdup() iface passed to queue_route_reinstall(), fixing double-free
2013-03-11 15:17:50 +01:00
d6b6d1ecdb
Support mutliple subnets and ranges as external load-tester addresses
2013-03-11 15:16:13 +01:00
0897cda33b
Add a constructor to create in-memory pools from an address range
2013-03-11 15:12:47 +01:00
d3f5a05e29
When adding Netlink attributes, increase header length with potential alignment
...
If the payload is unaligned, we must make sure the total netlink message
length includes the added alignment for the first attribute.
2013-03-11 12:32:21 +01:00
8f727d8007
Clean up IKE_SA state if IKE_SA_INIT request does not have message ID 0
2013-03-11 11:30:47 +01:00
0235914d2f
Ignore fourth Qick Mode message sent by Windows servers.
...
Initial patch by Paul Stewart, fixes #289 .
2013-03-11 10:53:55 +01:00
f361a85ebb
added ITA Echo PA-TNC Subtype and ITA Echo Attribute type
2013-03-11 09:30:20 +01:00
e99cf029dc
version bump to 5.0.3dr4
2013-03-11 09:29:22 +01:00
a498c7a9c3
moved ar_id from imv_agent to imv_state
2013-03-11 08:54:02 +01:00
Tobias Brunner