Tobias Brunner
3451ecd7ac
Added log message if peer does not accept/provide IPComp proposal.
2012-05-24 15:32:28 +02:00
Tobias Brunner
47b448b807
Added support to negotiate IPComp during Quick Mode.
2012-05-24 15:32:28 +02:00
Tobias Brunner
647cd741e8
Added support for IKEv1 IPComp proposals in SA payload.
2012-05-24 15:32:28 +02:00
Tobias Brunner
00e11bcefd
Fix memleak during Quick Mode in case no SPI can be allocated from kernel.
2012-05-24 15:32:27 +02:00
Martin Willi
3c475660c5
Apply IDir before deriving keys as aggressive initiator
2012-05-23 12:27:47 +02:00
Martin Willi
523ce7c20c
Use received identity to look up PSK as aggressive responder
2012-05-23 12:18:45 +02:00
Martin Willi
51754f6654
Check if we actually have an initiating packet to free while processing responses
2012-05-23 11:50:12 +02:00
Tobias Brunner
1a624ff45a
Switch to alternative peer config in IKEv1 Main and Aggressive Mode.
2012-05-21 15:49:25 +02:00
Martin Willi
17949695bf
Cancel pending retransmits when flushing active task queue
2012-05-21 14:57:33 +02:00
Martin Willi
4ce92ef350
Cancel active quick mode task when receiving INFORMATIONAL error
2012-05-21 14:57:33 +02:00
Martin Willi
7ce504e182
Flush task queues explicitly, not implicitly if task returns ALREADY_DONE
2012-05-21 14:17:09 +02:00
Martin Willi
cbc1a20ffe
Wrap task managers flush_queue() in IKE_SA
2012-05-21 14:05:01 +02:00
Martin Willi
a5c799602f
Make task managers flush_queue() method public
2012-05-21 14:02:35 +02:00
Tobias Brunner
7a56c35fc9
Remove executable flag from source files.
2012-05-18 10:04:08 +02:00
Tobias Brunner
22bf44c8b9
Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, tasks etc.).
2012-05-18 10:04:08 +02:00
Adrian-Ken Rueegsegger
afaf1bdf5e
Use nonce_gen instead of rng to generate nonces
...
Replace usage of rng plugin with nonce generator to create nonces in
IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
2012-05-18 08:15:41 +02:00
Adrian-Ken Rueegsegger
5338fe5e79
Add create_nonce_gen function to keymat interface
...
This function returns a nonce generator object.
2012-05-18 08:15:41 +02:00
Andreas Steffen
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
Martin Willi
24742c0f83
Moved IKEv1 DPD processing to task manager, fix sequence issues
2012-05-15 17:00:12 +02:00
Martin Willi
4b38c22c00
Schedule a DPD timeout job that enforces the IKE message timeout policy
2012-05-15 14:46:02 +02:00
Martin Willi
ebf829f2eb
Send unanswered follow up R_U_THERE messages with the same DPD seq
2012-05-15 14:46:02 +02:00
Martin Willi
57a8418c88
Do not send IKEv1 DPD retransmit, but create a new INFORMATIONAL
2012-05-15 14:46:02 +02:00
Andreas Steffen
44bd9b48c8
allow private algorithms
2012-05-05 23:25:51 +02:00
Andreas Steffen
f7cd1cde70
vendor ID cosmetics
2012-05-05 18:13:05 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Martin Willi
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
Tobias Brunner
7e84c4275c
Removed auth_cfg_t.replace_value() and replaced usages with add().
...
replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.
2012-04-18 18:50:14 +02:00
Martin Willi
d0d600e1ef
Added a note about DH/keymat lifecycle for custom implementations
2012-04-17 10:02:21 +02:00
Martin Willi
a59a03670b
Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE
2012-04-17 10:02:21 +02:00
Martin Willi
4837d2a981
Fix iteration through half-open IKE_SA table
2012-04-16 16:47:17 +02:00
Tobias Brunner
7fd6c078b6
Use IP address as ID as responder if not configured or no IDr received.
2012-04-16 14:09:51 +02:00
Tobias Brunner
b241a37411
Fall back on IP address as IDi if none is configured at all.
2012-04-16 13:44:27 +02:00
Tobias Brunner
b447af658c
Use auth_cfg_t.replace_value where appropriate.
2012-04-16 13:44:27 +02:00
Tobias Brunner
4b32bde48e
Fixed IDi in case neither left nor leftid is configured.
2012-04-16 13:44:27 +02:00
Martin Willi
10f24e6599
Don't invoke child_updown hook twice as responder
2012-04-11 17:45:12 +02:00
Tobias Brunner
ae9ce83511
Properly initialize src in ike_sa_t.is_any_path_valid().
2012-04-06 10:54:44 +02:00
Martin Willi
89a5881c63
Added another bunch of commonly used IKEv1 NATT vendor IDs
2012-04-04 10:32:15 +02:00
Andreas Steffen
4e5b7e09ee
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:49:05 +02:00
Martin Willi
83d77866f4
Store authentication info of a XAUTH round on IKE_SA
2012-03-22 09:06:31 +01:00
Martin Willi
79f39ecf5d
Added a getter for CHILD_SA marks
2012-03-22 09:06:12 +01:00
Martin Willi
3de54af7ec
Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqid
2012-03-22 09:05:56 +01:00
Martin Willi
4f3cf61dfd
Reply with received configuration payload identifier in Mode Config
2012-03-20 18:06:29 +01:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Tobias Brunner
d112a7e1fe
Properly handle retransmitted initial IKE messages.
...
This change allows to properly handle retransmits of initial IKE
messages when we've already processed them (i.e. our response is now resent
immediately).
2012-03-20 17:31:41 +01:00
Tobias Brunner
de9357bb44
Implemented table of init hashes without linked_list_t.
2012-03-20 17:31:41 +01:00
Tobias Brunner
6f0cca20d8
Implemented table of connected peers without linked_list_t.
2012-03-20 17:31:41 +01:00
Tobias Brunner
3489370458
Implemented table of half open IKE_SAs without linked_list_t.
2012-03-20 17:31:41 +01:00
Tobias Brunner
e49bb4e3e3
Don't use linked_list_t for buckets in main IKE_SA hash table.
2012-03-20 17:31:41 +01:00
Tobias Brunner
894c52cba2
Fixed deadlock if checkin_and_destroy is called during shutdown.
2012-03-20 17:31:40 +01:00
Tobias Brunner
4b2f428f40
Do not clone hashes of initial IKE messages when storing them in the hash table.
2012-03-20 17:31:40 +01:00