Martin Willi
e3311e9b87
ikev1: implement mode config push mode
2013-09-04 10:33:38 +02:00
Tobias Brunner
8a0a1ae857
Delete IKE_SAs if responder does not initiate XAuth exchange within a certain time frame
2013-03-19 12:00:00 +01:00
Volker Rümelin
0ff8d20a89
Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier
...
This adds support for early versions of the draft that eventually
resulted in RFC 3947.
2012-12-19 11:03:42 +01:00
Martin Willi
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
Martin Willi
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
Martin Willi
cd55a3cb77
Use actual daemon name to enable XAuth/PSK with aggressive mode
2012-08-10 11:53:18 +02:00
Martin Willi
9d2968e272
As a responder, don't start a TRANSACTION request if we expect one from the initiator
2012-06-29 13:40:31 +02:00
Martin Willi
8ff45cfd99
Queue a mode config task as responder if we need a virtual IP
2012-06-27 11:42:56 +02:00
Martin Willi
c2a391746c
Add basic support for XAuth responder authentication
2012-06-27 11:42:56 +02:00
Martin Willi
0c32b9c62f
Enforce uniqueids=keep only for non-XAuth Main/Agressive Modes
2012-06-25 10:18:35 +02:00
Martin Willi
b31a56f128
Require a scary option to respond to Aggressive Mode PSK requests
...
While Aggressive Mode PSK is widely used, it is known to be subject
to dictionary attacks by passive attackers. We don't complain as
initiator to be compatible with existing (insecure) setups, but
require a scary strongswan.conf option if someone wants to use it
as responder.
2012-06-14 10:25:48 +02:00
Martin Willi
e5f0f9ff96
Enforce uniqueness policy in IKEv1 main and aggressive modes
2012-06-08 16:15:22 +02:00
Tobias Brunner
647cd741e8
Added support for IKEv1 IPComp proposals in SA payload.
2012-05-24 15:32:28 +02:00
Martin Willi
3c475660c5
Apply IDir before deriving keys as aggressive initiator
2012-05-23 12:27:47 +02:00
Tobias Brunner
1a624ff45a
Switch to alternative peer config in IKEv1 Main and Aggressive Mode.
2012-05-21 15:49:25 +02:00
Martin Willi
7ce504e182
Flush task queues explicitly, not implicitly if task returns ALREADY_DONE
2012-05-21 14:17:09 +02:00
Tobias Brunner
7a56c35fc9
Remove executable flag from source files.
2012-05-18 10:04:08 +02:00
Martin Willi
3624b09e21
Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helper
2012-03-20 17:31:37 +01:00
Martin Willi
f420f51f55
Invoke authorization hooks for IKEv1 connections
2012-03-20 17:31:36 +01:00
Martin Willi
2ddd45c9a7
Simplified DPD handling by using a task for a single message only
2012-03-20 17:31:35 +01:00
Clavister OpenSource
3e6b740336
Isakmp_dpd task added.
2012-03-20 17:31:35 +01:00
Martin Willi
37c12bd31e
Streamlined debug output when initiating IKEv1 IKE_SAs
2012-03-20 17:31:34 +01:00
Martin Willi
91c212fd6a
Select IKEv1 configurations by main/aggressive mode option
2012-03-20 17:31:34 +01:00
Martin Willi
ee325b555f
Implemented aggressive mode using Phase 1 helper class
2012-03-20 17:31:33 +01:00