Martin Willi
49032d15be
stroke: stop enumerating IKE_SAs in statusall if output stream gets closed
...
If the output stream is not interested in more information, it can close the
the stream. Checking for stream errors avoids useless enumeration of IKE_SAs,
saving resources. This allows to use "ipsec statusall | head" to monitor the
daemon, or stop enumerating IKE_SAs after a specific entry has been found.
2013-08-23 14:27:17 +02:00
Martin Willi
b4b3959b22
stream-service: move CAP_CHOWN check from plugins to service constructor
...
A plugin service can be a TCP socket now, so it does not make much sense
to strictly check for CAP_CHOWN.
2013-07-18 16:00:31 +02:00
Martin Willi
065907b99d
stroke: use a stream service to handle stroke requests
2013-07-18 16:00:29 +02:00
Tobias Brunner
dfc9902013
capabilities: Some plugins don't actually require capabilities at runtime
2013-07-18 15:25:35 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Martin Willi
553bb78730
child-sa: replace get_traffic_selectors() with create_ts_enumerator()
...
Not directly returning a linked list allows us to change the internals of
the CHILD_SA transparently.
2013-07-17 17:20:18 +02:00
Tobias Brunner
591f923134
stroke: Add certificates extracted from PKCS#12 files to correct credential set
...
Only keys and shared secrets are moved from the temporary credential set after
loading all secrets.
2013-07-15 10:59:13 +02:00
Tobias Brunner
d27f225d9a
Use strpfx() helper where appropriate
2013-07-08 18:49:30 +02:00
Tobias Brunner
4c74fa664b
Reuse reqid for trap policies installed for dpd|closeaction=hold
2013-07-01 09:58:25 +02:00
Tobias Brunner
b7b5432ff8
stroke: Changed how proto/port are specified in left|rightsubnet
...
Using a colon as separator conflicts with IPv6 addresses.
2013-06-28 15:10:09 +02:00
Tobias Brunner
1091edede8
capabilities: CAP_CHOWN might be required by many plugins opening UNIX sockets
...
But as the sockets will be created with the user/group of the running
process this might not be required as no change may be needed.
2013-06-25 17:16:33 +02:00
Tobias Brunner
a2eb581781
capabilities: Move global capabilities_t instance to libstrongswan
2013-06-25 17:16:32 +02:00
Martin Willi
483a258ad8
stroke: support %dynamic in left/rightsubnet for dynamic selectors
...
This has the same meaning as omitting left/rightsubnet, i.e. replace it
by the IKE address. Supporting %dynamic allows configurations with multiple
dynamic selectors in a left/rightsubnet, each with potentially different
proto/port selectors.
2013-06-19 16:36:01 +02:00
Martin Willi
4a7c29bf02
stroke: support a specific proto/port for each net defined in left/rightsubnet
2013-06-19 16:36:01 +02:00
Martin Willi
de2debf8e0
stroke: add exportconn{cert,chain} commands in addition to exportx509
...
The new commands either export a single end entity certificate or the
full trust chain for a specific connection name.
2013-06-19 16:27:19 +02:00
Tobias Brunner
49d7a98f47
Refactored plugin-loader with improved dependency resolution
...
With the new implementation the plugins don't have to be listed in any
special order, dependencies are properly resolved. The order only
matters if two plugins provide the same feature.
2013-06-11 11:18:19 +02:00
Tobias Brunner
6040eff900
stroke: Add second password if provided
2013-05-08 15:02:41 +02:00
Tobias Brunner
1c080407b2
stroke: Fail silently if another builder calls PW callback after giving up
...
Also reduced the number of tries to 3.
2013-05-08 15:02:41 +02:00
Tobias Brunner
4a64c3e9a0
stroke: Cache passwords so the user is not prompted multiple times for the same password
...
To verify/decrypt a PKCS#12 container a password might be needed
multiple times. If it was entered correctly we don't want to bother the
user again with another password prompt.
The passwords for MAC creation and encryption could be different so the
user might be prompted multiple times after all.
2013-05-08 15:02:41 +02:00
Tobias Brunner
e240b03e68
stroke: Fix prompt and error messages in passphrase callback
2013-05-08 15:02:41 +02:00
Tobias Brunner
7971278c92
stroke: Load credentials from PKCS#12 files (P12 token)
2013-05-08 15:02:41 +02:00
Tobias Brunner
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
Tobias Brunner
fa1d3d39dc
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
...
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
Tobias Brunner
c0bbddfa42
Try to load raw keys from ipsec.conf as PKCS#1 blob first
...
The DNSKEY builder is quite eager and parses pretty much anything
as RSA key, so this has to be done before.
2013-05-07 14:08:51 +02:00
Martin Willi
7f4f1e8249
List all stroke counters when "all" is given, and report if connection not known
2013-04-03 14:58:08 +02:00
Tobias Brunner
eca499f3d9
Load raw keys before possibly destroying the identity
...
If no identity (or %any) is configured the identification_t object is
destroyed and an invalid object was associated with the created pubkey
certificate.
Actually using %any does not work as the certificate would not match
when the client later provides an identity.
2013-04-01 13:48:34 +02:00
Andreas Steffen
9fa9f68d8d
enforce singular of packets
2013-03-22 21:14:04 +01:00
Tobias Brunner
1a71178940
Avoid a race condition when reloading secrets from ipsec.secrets
...
With the previous implementation that cleared the secrets in the active
credential set and then loaded the secrets, IKE SA establishment would
fail (as initiator or responder) if secrets are concurrently reloaded
and the required secret was not yet loaded.
2013-03-20 15:27:34 +01:00
Martin Willi
824864f4e0
Don't try to mmap() empty ipsec.secret files
2013-03-19 13:46:16 +01:00
Martin Willi
41131528a9
In stroke counters, check if we have an IKE_SA before getting the name from it
...
Fixes a segfault when receiving an invalid IKE SPI, where we don't have an
IKE_SA for the raised alert.
2013-03-19 11:20:35 +01:00
Tobias Brunner
6cf79c1e9d
Algorithms are not really specific to an IKE version
...
But not all of them can be used with IKEv1.
Fixes #314 .
2013-03-18 12:20:47 +01:00
Martin Willi
d29246cabe
Merge branch 'radius-ext'
...
Bring some extensions to eap-radius, namely a virtual IP address provider based
on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting
updates and the reporting of sent/received packets.
2013-03-18 10:13:36 +01:00
Martin Willi
048872f2f7
Merge branch 'stroke-counters'
...
Extend stroke counters functionality by connection specific counters, and
a resetcounters command to reset the global or connection counters.
2013-03-18 10:12:22 +01:00
Martin Willi
e85c0f6b84
Merge branch 'stroke-timeout'
...
Add a strongswan.conf timeout option for stroke control commands.
2013-03-18 10:11:46 +01:00
Martin Willi
cf729248b2
Add a "resetcounters" command to ipsec, clearing global or connection counters
2013-03-15 10:55:22 +01:00
Martin Willi
d022322bed
Add connection name specific stroke counters
2013-03-15 10:41:04 +01:00
Martin Willi
d28391a244
Report the number of processed packets in "ipsec statusall"
2013-03-14 14:20:54 +01:00
Martin Willi
d954a2081b
child_sa_t.get_usestats() can additionally return the number of processed packets
2013-03-14 14:20:54 +01:00
Martin Willi
5807f9cfcd
Add a stroke command timeout option, and report status of completed command
2013-03-07 11:59:30 +01:00
Martin Willi
e82deaf6ce
Merge branch 'multi-cert'
...
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
2013-03-01 11:35:32 +01:00
Martin Willi
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
Martin Willi
cd41b951ee
Pass complete port range over stroke interface for more flexibility
2013-02-21 11:52:33 +01:00
Martin Willi
a1db77de7c
Use a complete port range in traffic_selector_create_from_{subnet,cidr}
2013-02-21 11:52:33 +01:00
Martin Willi
e212033ef2
Merge branch 'ike-dscp'
2013-02-14 17:11:35 +01:00
Tobias Brunner
96a2d2077b
Fix 'stroke loglevel any'
...
Before b46a5cd4
this worked if debug_t was unsigned. In that case -1,
as returned by enum_from_name(), would result in a large positive number.
So any unknown debug group (including 'any') had the same effect that
was only intended for 'any'.
2013-02-13 12:18:20 +01:00
Martin Willi
7fbe516f88
Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets
2013-02-06 15:36:36 +01:00
Martin Willi
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
Tobias Brunner
9ccfeb8ca1
Use proper buffer sizes for parse_smartcard()
2013-01-24 23:35:42 +01:00
Martin Willi
78af36db50
Load multiple comma seperarated certificates in the leftcert option
2013-01-18 09:33:15 +01:00
Martin Willi
c4a49008e8
Don't handle right=%any6 as "loose" identity, but as %any
2013-01-14 10:33:14 +01:00
Tobias Brunner
21235e1ec2
Merge branch 'ikev1-fragmentation'
...
This adds support for the proprietary IKEv1 fragmentation extension.
Conflicts:
NEWS
2013-01-12 11:58:26 +01:00
Volker Rümelin
10eee5fcba
Fixed some typos in comments
2013-01-11 10:21:51 +01:00
Tobias Brunner
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Martin Willi
1efd6c6f2a
Make use of new CIDR string ts constructor where appropriate
2012-10-24 13:25:08 +02:00
Martin Willi
4ce55ffb0b
Use explicit, larger buffer sizes for smartcard keyids and modules
2012-10-24 13:07:53 +02:00
Martin Willi
794d713dca
Support loading cacert certificates in ipsec.conf ca sections from smartcard
2012-10-24 13:07:53 +02:00
Martin Willi
2abe404927
Refactored stroke smartcard token parsing, support module and slot in leftcert option
2012-10-24 13:07:53 +02:00
Martin Willi
9687cb5100
Load ipsec.conf %smartcard leftcerts with pkcs11 builder
2012-10-24 13:07:52 +02:00
Martin Willi
0c4b9f7cda
Add a "ipsec listcounters" command to stroke
2012-10-24 11:34:31 +02:00
Martin Willi
f9332e0a8b
Add a print method for stroke counters
2012-10-24 11:34:31 +02:00
Martin Willi
fc4d1568d1
Add stroke message type counters
2012-10-24 11:34:30 +02:00
Martin Willi
5715af7508
Add stroke counters for invalid IKE messages
2012-10-24 11:34:30 +02:00
Martin Willi
81e0e10344
Add stroke CHILD_SA rekeying counter
2012-10-24 11:34:30 +02:00
Martin Willi
a32a8d4a67
Add stroke IKE rekey counters
2012-10-24 11:34:30 +02:00
Martin Willi
47904e3c74
Define stroke counter types to implement
2012-10-24 11:34:11 +02:00
Martin Willi
8554895b95
Add a stub for IKE event counters in stroke
2012-10-24 11:34:11 +02:00
Martin Willi
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
Martin Willi
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
Tobias Brunner
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
Martin Willi
82f3549fe2
Fix leak of PINs from ipsec.secrets
2012-10-09 11:54:00 +02:00
Tobias Brunner
a05f3b2021
Make sure first argument is an int when using %.*s to print e.g. chunks
2012-09-28 18:01:49 +02:00
Tobias Brunner
4106aea8e4
Made IP address enumeration more flexible
...
Also added an option to enumerate addresses on ignored interfaces.
2012-09-21 18:16:26 +02:00
Tobias Brunner
9ba36c0f7f
Make it easy to check if an address is locally usable via changed get_interface() method
2012-09-21 18:16:26 +02:00
Tobias Brunner
aed33805ce
Don't ignore loopback devices and allow addresses on them being enumerated
2012-09-21 18:16:26 +02:00
Tobias Brunner
8c19323c37
Make stroke user-creds work with XAuth configs
2012-09-18 16:56:17 +02:00
Tobias Brunner
b7a500e985
Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>
2012-09-18 14:40:41 +02:00
Martin Willi
1e04488f32
Check for an existing lease in all stroke pools before creating a new one
2012-09-11 16:18:28 +02:00
Martin Willi
28a3d5bfbd
Pass full pool list to release_address
2012-09-11 16:18:28 +02:00
Martin Willi
594c58e111
Pass the full list of pools to acquire_address, enumerate in providers
...
If the provider has access to the full pool list, it can enumerate
them twice, for example to search for existing leases first, and
only search for new leases in a second step.
Fixes lease enumeration in attr-sql using multiple pools.
2012-09-11 16:18:28 +02:00
Tobias Brunner
f4cc7ea11b
Add uniqueids=never to ignore INITIAL_CONTACT notifies
...
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received. With this new option
it also ignores these notifies.
2012-09-10 17:37:18 +02:00
Tobias Brunner
383c174a79
Print the name of mem pools instead of the confusing <base>/<size>
2012-09-10 12:42:09 +02:00
Martin Willi
1323dc1138
Merge branch 'multi-vip'
...
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
2012-08-31 12:55:56 +02:00
Tobias Brunner
7240914955
Use eap_vendor_type_from_string() in stroke
2012-08-31 11:40:28 +02:00
Martin Willi
d55fe264d1
Pass all configured pool names to attribute provider enumerator
2012-08-30 16:43:43 +02:00
Martin Willi
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
Martin Willi
96c2b3cf89
Support multiple addresses/pools in left/rightsourceip
2012-08-30 16:43:42 +02:00
Martin Willi
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
Martin Willi
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
Martin Willi
63e460542c
Add a stroke attribute_handler requesting DNS servers given with leftdns
2012-08-21 09:38:01 +02:00
Martin Willi
9937ca069a
Serve ipsec.conf rightdns servers through stroke attribute provider
2012-08-21 09:38:01 +02:00
Martin Willi
17319aa28d
Add a left/rightdns keyword to configure connection specific DNS attributes
2012-08-21 09:38:00 +02:00
Tobias Brunner
b223d517c8
Replaced usages of CHARON_*_PORT with calls to get_port().
2012-08-08 15:12:25 +02:00
Tobias Brunner
e7ea057fd2
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
2012-08-08 15:07:43 +02:00
Martin Willi
874f7c7e2c
Don't add ANY identity constraint to auth config, as XAuth rounds don't use one
2012-07-26 12:38:34 +02:00
Martin Willi
46df61dff7
Add an ipsec.conf leftgroups2 parameter for the second authentication round
2012-07-26 11:51:58 +02:00
Martin Willi
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
Tobias Brunner
8d98f7fef6
Avoid that any % characters (e.g. in %any) are evaluated when logging via stroke
2012-07-12 16:58:00 +02:00
Martin Willi
0619ddfaa4
Refactored heavily #ifdefd capability code to its own libstrongswan class
2012-07-04 11:01:40 +02:00
Martin Willi
0f018a7324
Show some uname() info in "ipsec statusall"
2012-06-28 11:56:40 +02:00
Martin Willi
dc6d259635
Show remote EAP/XAuth identity in "statusall" on a separate line
2012-06-27 11:42:00 +02:00
Tobias Brunner
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
Martin Willi
dd1381e7d3
Show EAP/XAuth identity in "ipsec status", if available
2012-06-25 10:18:35 +02:00
Martin Willi
e2dd114f37
Select requested virtual IP family based on remote TS, if no local TS available
2012-06-20 10:02:01 +02:00
Martin Willi
137035cc78
Show what kind of *Swan we run in "ipsec status"
2012-06-14 10:25:48 +02:00
Martin Willi
e35bbb9740
Added signature scheme options left/rightauth
2012-06-12 15:01:39 +02:00
Martin Willi
a37f2d2006
certificate_t->issued_by takes an argument to receive signature scheme
2012-06-12 14:24:49 +02:00
Andreas Steffen
1d315bddd3
implemented the right|leftallowany feature
2012-06-08 21:24:41 +02:00
Martin Willi
21043198ff
Show expiration time of rekeyed CHILD_SAs in statusall
2012-06-05 10:29:43 +02:00
Andreas Steffen
2ac996cb71
list IKEv1 Aggressive Mode in ipsec statusall
2012-05-23 11:12:27 +02:00
Tobias Brunner
5c162dd944
List registered nonce generators in statusall output.
2012-05-18 08:15:41 +02:00
Andreas Steffen
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
Andreas Steffen
1e26235a0d
fixed feature dependencies for CERT_TRUSTED_PUBKEY
2012-05-05 08:54:36 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Andreas Steffen
2ee11fd42d
display (soft) same as (not loaded)
2012-05-03 11:54:56 +02:00
Andreas Steffen
493c468d4d
charon is now an IKE daemon
2012-05-03 11:49:30 +02:00
Martin Willi
c9931135d1
stroke plugin sdepends on building CERT_ANY certificates
2012-05-03 11:07:21 +02:00
Tobias Brunner
ead92870b8
Loggers specify what log messages they want to receive during registration.
...
This also allows us to generate the log message only once for all
loggers that need it (avoids calls to custom printf specifier callbacks).
To update the log levels loggers can simply be registered again.
2012-05-02 14:45:38 +02:00
Martin Willi
daab152afa
Add plugin features support to stroke plugin
2012-05-02 14:05:52 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Andreas Steffen
552557a65d
add AUTH_RULE_SUBJECT_CERT for raw public keys
2012-04-30 13:40:48 +02:00
Andreas Steffen
3577ec76a5
output validity of raw public key if available
2012-04-30 09:47:34 +02:00
Andreas Steffen
5f1931ada1
added support for raw RSA public keys to stroke
2012-04-30 00:31:42 +02:00
Tobias Brunner
7e84c4275c
Removed auth_cfg_t.replace_value() and replaced usages with add().
...
replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.
2012-04-18 18:50:14 +02:00
Tobias Brunner
80067cf9e6
Store password with remote ID to tie it stronger to a specific connection.
2012-04-18 13:32:49 +02:00
Tobias Brunner
9f1b303afc
Added stroke user-creds command, to set username/password for a connection.
2012-04-17 14:20:58 +02:00
Tobias Brunner
7b00fdeb84
Added method to add additional shared secrets to stroke_cred_t.
2012-04-17 14:20:58 +02:00
Tobias Brunner
4c31657d2c
Typo fixed.
2012-04-17 14:20:58 +02:00
Andreas Steffen
4626e49ad9
remove leading zero in ASN.1 encoded serial numbers
2012-04-05 09:04:11 +02:00
Andreas Steffen
320fd5fe62
moved chunk_skip_zero to chunk.h
2012-04-03 14:12:50 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Martin Willi
5aef6bd0f3
Accept NULL auth_cfg_t passed to credential_manager_t.get_private()
2012-03-20 17:31:39 +01:00
Martin Willi
c791def8c1
Added support for authby/xauth_server legacy options
2012-03-20 17:31:38 +01:00
Martin Willi
5763367cac
Show IKE version in ipsec statusall
2012-03-20 17:31:37 +01:00
Martin Willi
e129168ba6
Added a "aggressive" ipsec.conf connection option
2012-03-20 17:31:34 +01:00
Martin Willi
5ce59d4c06
Added an aggressive mode peer_cfg option
2012-03-20 17:31:34 +01:00
Martin Willi
747f837cce
Added a flag to register local credential sets exclusively, disabling all others
2012-03-20 17:31:28 +01:00
Martin Willi
ac009df132
Pass IKE version to peer config enumerator, filter configs
2012-03-20 17:31:25 +01:00
Martin Willi
d94c923648
Support an "any" IKE version for both IKEv1 or IKEv2
2012-03-20 17:31:25 +01:00
Tobias Brunner
f29a4f1c64
Added support for iKEIntermediate X.509 extended key usage flag.
...
Mac OS X requires server certificates to have this flag set.
2012-03-20 17:31:24 +01:00
Martin Willi
5f6a37eb9b
Be a little more verbose about XAuth configs in ipsec statusall
2012-03-20 17:31:23 +01:00
Martin Willi
21a4fc832e
Pass ipsec.conf xauth_identity option via stroke to charon configurations
2012-03-20 17:31:23 +01:00
Tobias Brunner
0a43f4b6c4
Log configured IKE version in stroke plugin.
2012-03-20 17:31:20 +01:00
Martin Willi
cbda13f6fe
Accept a xauth backend name appended to left/rightauth
2012-03-20 17:31:15 +01:00
Martin Willi
96c9159d96
Use a second authentication config to configure XAUTH authentication
2012-03-20 17:31:15 +01:00
Martin Willi
b4e815354c
Map auth_class to auth method and IKEv1 proposal attribute
2012-03-20 17:30:53 +01:00
Clavister OpenSource
23f4e4b42d
IKEv1 XAUTH: Added ability to configure XAUTH+PSK. Added task to handle XAUTH requests. Modified task_manager_v1 to enable it to initiate new tasks immediately after finishing a response.
2012-03-20 17:30:49 +01:00
Martin Willi
cf1772f685
Do not ignore configs for IKEv1 in charon anymore
2012-03-20 17:30:43 +01:00
Tobias Brunner
f7a8fcedc0
Use enum to define IKE version on peer_cfg_t.
...
Replaced all those magic numbers.
2012-03-20 17:30:41 +01:00
Martin Willi
bc403eb1e5
Fixed crash and locking issues while unrouting connections via stroke
2012-03-13 10:56:22 +01:00