Martin Willi
a2f8fc9711
Use a dedicated IKEv1 vendor ID task to fix using IKEv2 payloads in IKEv1
2012-03-20 17:31:07 +01:00
Martin Willi
d08269c700
Added a get_rekey/reauth_time() jitter parameter to get time without randomization
2012-03-20 17:30:52 +01:00
Clavister OpenSource
e3bb68841a
IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t. This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode. This change should be reverted once we have a better method to initiate this exchange.
2012-03-20 17:30:51 +01:00
Martin Willi
384c1a32a2
XAUTH is initiated based on configuration, no need to call externally
2012-03-20 17:30:49 +01:00
Clavister OpenSource
df99e976be
Temp fix for compile error with XAUTH code.
2012-03-20 17:30:49 +01:00
Clavister OpenSource
23f4e4b42d
IKEv1 XAUTH: Added ability to configure XAUTH+PSK. Added task to handle XAUTH requests. Modified task_manager_v1 to enable it to initiate new tasks immediately after finishing a response.
2012-03-20 17:30:49 +01:00
Martin Willi
17ec1c74de
Don't compare initiator flag in IKE_SA manager, pass initiator parameter to IKE_SA constructor
2012-03-20 17:30:47 +01:00
Tobias Brunner
0cec72df40
Provide keymat_t to message_t to encrypt/decrypt data.
2012-03-20 17:30:45 +01:00
Martin Willi
a09972df2b
Added a generic TASK_ prefix to all task types
2012-03-20 17:30:45 +01:00
Martin Willi
744c080153
Initiate and respond to quick mode task (stub)
2012-03-20 17:30:45 +01:00
Martin Willi
26b55dc6c8
Implemented first two exchanges of Main Mode as initiator
2012-03-20 17:30:43 +01:00
Tobias Brunner
273f2f8054
Added factory function to create task_manager_t implementations.
2012-03-20 17:30:43 +01:00
Tobias Brunner
4b64a1a17d
Added factory function to create keymat_t implementations.
2012-03-20 17:30:43 +01:00
Tobias Brunner
0b611540ef
Store IKE version of an SA on ike_sa_t.
2012-03-20 17:30:43 +01:00
Tobias Brunner
6ab936f046
Use keymat_t as common interface, renamed current implementation to _v2.
2012-03-20 17:30:42 +01:00
Martin Willi
e69f7dcddf
Use task manager as generic interface, renamed implementation to _v2.
2012-03-20 17:30:41 +01:00
Tobias Brunner
4ed52db2bb
Allow creation of message_t objects for IKEv1 packets.
2012-03-20 17:30:40 +01:00
Tobias Brunner
72b2811204
Simplified some route lookups now that we store all peer addresses in a list.
2012-03-09 10:22:21 +01:00
Tobias Brunner
94bbc60256
Renamed list of additional peer addresses as it now stores all known addresses.
2012-03-09 10:17:42 +01:00
Martin Willi
4d7a2128b6
Re-resolve hosts on additional keyingtries
2012-03-06 16:05:28 +01:00
Martin Willi
fbaf5cd213
Be a little more verbose before starting IKE_SA reauthentication
2012-03-05 18:06:14 +01:00
Martin Willi
a07b69734b
Send an AUTH_LIFETIME update after updating the lifetime, but can not reauth actively
2012-03-05 18:06:14 +01:00
Martin Willi
bdcf441703
Set hard timeouts when setting a lifetime
2012-03-05 18:06:13 +01:00
Martin Willi
e9fcf1c6cc
Fix IKE_SA timeout debug output on 64bit platforms
2012-03-05 18:06:13 +01:00
Martin Willi
85dd6a8deb
Trigger DPD not before IKE_SA state gets updated
2012-02-02 10:35:50 +01:00
Martin Willi
916cdca851
Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state
2012-02-02 10:34:04 +01:00
Thomas Egerer
dbd2169569
Change order of destroy/get_ref function calls
...
Since DESTROY_IF might destroy the peer_cfg, a get_ref on a freed object
is subject to fail.
2011-11-04 11:11:17 +01:00
Tobias Brunner
7ab19d571d
Throw an alert when the peer address cannot be resolved during initiation.
2011-08-12 09:59:27 +02:00
Tobias Brunner
5baaaa5ed5
Properly initialize ike_sa_t.
2011-08-01 13:08:15 +02:00
Martin Willi
5d6b981572
Inherit authentication information during IKE_SA rekeying
2011-07-25 14:19:17 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Tobias Brunner
572abc6cbd
Replaced ike_sa_t.create_additional_address_iterator with enumerator.
2011-07-06 09:43:45 +02:00
Tobias Brunner
4bbce1ef37
Replaced ike_sa_t.create_child_sa_iterator with enumerator.
...
This required two new methods on ike_sa_t. One returns the number of
CHILD_SAs and one allows to remove a CHILD_SA.
2011-07-06 09:43:45 +02:00
Tobias Brunner
e26304348c
Replaced simple iterator usages.
2011-07-06 09:43:45 +02:00
Martin Willi
a4c040d536
Added strongswan.conf option to override half open IKE_SA timeout
2011-05-16 15:24:15 +02:00
Tobias Brunner
68447302d6
Typo fixed.
2011-04-28 12:50:30 +02:00
Martin Willi
3ced6b51e4
Move establish/inherit of rekeyed IKE_SAs to delete messages
...
Having the inherit() function delayed to the IKE_SA establish procedure
was problematic. The task destroy function was never a good place and
results in locking/cleanup problems. After establishing the SA, it
should be really checked in ASAP to avoid any triggered DPD checks
to get lost.
2011-03-15 15:20:09 +01:00
Martin Willi
e44ebdcfc8
Slightly change IKE_SA destruction order to inherit properly during ike_rekey task destruction
2011-02-28 10:31:36 +00:00
Martin Willi
2082417df3
Force port update as responder when initiator switches to 4500 in IKE_AUTH
2011-01-12 14:37:15 +01:00
Martin Willi
9ca5d0280e
Moved check if packet already encoded to ike_sa, avoids message() hook invocation twice
2011-01-05 16:45:52 +01:00
Martin Willi
c67de660d2
Move critical bit checking to ike_sa, notify payload includes unsupported payload type
2011-01-05 16:45:44 +01:00
Martin Willi
89fda1abb5
Moved message()-hook invocation to generate_message(), catch pre-generated IKE_SA_INITs, too
2011-01-05 16:45:41 +01:00
Martin Willi
6c2d466b90
Support manually triggerd DPD check, even if DPD disabled in config
2011-01-05 16:45:40 +01:00
Tobias Brunner
5774408898
Change behavior of responder during roaming.
...
If the current source address is not available anymore, the responder
uses ike_mobike_t.roam, thus, uses multiple address combinations when
trying to notify the initiator.
2010-10-12 11:11:05 +02:00
Tobias Brunner
261b2572d1
Send list of additional addresses even if current path is still valid.
2010-10-12 11:11:05 +02:00
Tobias Brunner
bab56a4abb
Extracted path checking in ike_sa_t.roam into separate functions.
2010-10-12 11:11:05 +02:00
Tobias Brunner
13876431d6
Explicitly configure MOBIKE tasks to update the list of additional addresses.
2010-10-12 11:11:05 +02:00
Tobias Brunner
cd26eedc5c
Do not update hosts based on retransmitted messages.
2010-10-12 11:11:04 +02:00
Tobias Brunner
d5bd775126
Do not update remote host if we are behind a NAT.
2010-10-12 11:11:04 +02:00
Tobias Brunner
bb381e26c6
Refer to scheduler and processor via lib and not hydra.
2010-09-02 19:04:18 +02:00
Tobias Brunner
f6659688ab
Refer to kernel interface via hydra and not charon.
2010-09-02 19:01:25 +02:00
Tobias Brunner
61e8e73206
Refer to scheduler via hydra and not charon.
2010-09-02 19:01:24 +02:00
Tobias Brunner
c5f7146b17
Refer to processor via hydra and not charon.
2010-09-02 19:01:22 +02:00
Tobias Brunner
277f02ce9e
Slightly refactored port floating.
...
In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
2010-08-30 13:42:58 +02:00
Martin Willi
b519071299
Use AEAD wrapper for encryption payload encryption/decryption
2010-08-19 19:02:33 +02:00
Martin Willi
02571374c4
Recreate IKE_SA_INIT related tasks only if they have completed
2010-06-30 13:48:47 +02:00
Martin Willi
550d9085fa
Flush auth configs, create new keymat during SA reset
2010-06-07 14:59:39 +02:00
Martin Willi
dbdb69f908
Recreate IKE_INIT/IKE_NATD/IKE_VENDOR tasks if we reset SA during IKE_AUTH
2010-06-07 14:58:57 +02:00
Martin Willi
ea340ee840
Wrap task enumerator in ike_sa
2010-06-07 11:37:55 +02:00
Martin Willi
8bced61b76
Migrated ike_sa_t to INIT/METHOD macros
2010-06-07 09:30:27 +00:00
Martin Willi
fe02d99b96
Use wrapped getters for close/dpd action
2010-06-02 11:48:51 +02:00
Martin Willi
84aa96e5f5
Invoke updown hook if IKE_SA delete is enforced in deleting state
2010-04-06 12:11:28 +02:00
Martin Willi
045833c79d
Release virtual IPs with the same identity as we acquired it
2010-03-25 14:29:10 +01:00
Tobias Brunner
58f86d0f0f
Changed all usages of lib->attributes to hydra->attributes.
2010-03-24 18:54:26 +01:00
Tobias Brunner
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00