3451ecd7ac
Added log message if peer does not accept/provide IPComp proposal.
2012-05-24 15:32:28 +02:00
47b448b807
Added support to negotiate IPComp during Quick Mode.
2012-05-24 15:32:28 +02:00
647cd741e8
Added support for IKEv1 IPComp proposals in SA payload.
2012-05-24 15:32:28 +02:00
00e11bcefd
Fix memleak during Quick Mode in case no SPI can be allocated from kernel.
2012-05-24 15:32:27 +02:00
3c475660c5
Apply IDir before deriving keys as aggressive initiator
2012-05-23 12:27:47 +02:00
523ce7c20c
Use received identity to look up PSK as aggressive responder
2012-05-23 12:18:45 +02:00
51754f6654
Check if we actually have an initiating packet to free while processing responses
2012-05-23 11:50:12 +02:00
1a624ff45a
Switch to alternative peer config in IKEv1 Main and Aggressive Mode.
2012-05-21 15:49:25 +02:00
17949695bf
Cancel pending retransmits when flushing active task queue
2012-05-21 14:57:33 +02:00
4ce92ef350
Cancel active quick mode task when receiving INFORMATIONAL error
2012-05-21 14:57:33 +02:00
7ce504e182
Flush task queues explicitly, not implicitly if task returns ALREADY_DONE
2012-05-21 14:17:09 +02:00
cbc1a20ffe
Wrap task managers flush_queue() in IKE_SA
2012-05-21 14:05:01 +02:00
a5c799602f
Make task managers flush_queue() method public
2012-05-21 14:02:35 +02:00
7a56c35fc9
Remove executable flag from source files.
2012-05-18 10:04:08 +02:00
22bf44c8b9
Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, tasks etc.).
2012-05-18 10:04:08 +02:00
afaf1bdf5e
Use nonce_gen instead of rng to generate nonces
...
Replace usage of rng plugin with nonce generator to create nonces in
IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
2012-05-18 08:15:41 +02:00
5338fe5e79
Add create_nonce_gen function to keymat interface
...
This function returns a nonce generator object.
2012-05-18 08:15:41 +02:00
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
24742c0f83
Moved IKEv1 DPD processing to task manager, fix sequence issues
2012-05-15 17:00:12 +02:00
4b38c22c00
Schedule a DPD timeout job that enforces the IKE message timeout policy
2012-05-15 14:46:02 +02:00
ebf829f2eb
Send unanswered follow up R_U_THERE messages with the same DPD seq
2012-05-15 14:46:02 +02:00
57a8418c88
Do not send IKEv1 DPD retransmit, but create a new INFORMATIONAL
2012-05-15 14:46:02 +02:00
44bd9b48c8
allow private algorithms
2012-05-05 23:25:51 +02:00
f7cd1cde70
vendor ID cosmetics
2012-05-05 18:13:05 +02:00
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
7e84c4275c
Removed auth_cfg_t.replace_value() and replaced usages with add().
...
replace_value() was used to replace identities. Since for these the latest is
now returned by get(), adding the new identity with add() is sufficient.
2012-04-18 18:50:14 +02:00
d0d600e1ef
Added a note about DH/keymat lifecycle for custom implementations
2012-04-17 10:02:21 +02:00
a59a03670b
Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE
2012-04-17 10:02:21 +02:00
4837d2a981
Fix iteration through half-open IKE_SA table
2012-04-16 16:47:17 +02:00
7fd6c078b6
Use IP address as ID as responder if not configured or no IDr received.
2012-04-16 14:09:51 +02:00
b241a37411
Fall back on IP address as IDi if none is configured at all.
2012-04-16 13:44:27 +02:00
b447af658c
Use auth_cfg_t.replace_value where appropriate.
2012-04-16 13:44:27 +02:00
4b32bde48e
Fixed IDi in case neither left nor leftid is configured.
2012-04-16 13:44:27 +02:00
10f24e6599
Don't invoke child_updown hook twice as responder
2012-04-11 17:45:12 +02:00
ae9ce83511
Properly initialize src in ike_sa_t.is_any_path_valid().
2012-04-06 10:54:44 +02:00
89a5881c63
Added another bunch of commonly used IKEv1 NATT vendor IDs
2012-04-04 10:32:15 +02:00
4e5b7e09ee
added IKEv2 Generic Secure Password Authentication Method
2012-04-03 12:49:05 +02:00
83d77866f4
Store authentication info of a XAUTH round on IKE_SA
2012-03-22 09:06:31 +01:00
79f39ecf5d
Added a getter for CHILD_SA marks
2012-03-22 09:06:12 +01:00
3de54af7ec
Define a special XFRM mark_t.value that dynamically uses the CHILD_SA reqid
2012-03-22 09:05:56 +01:00
4f3cf61dfd
Reply with received configuration payload identifier in Mode Config
2012-03-20 18:06:29 +01:00
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
d112a7e1fe
Properly handle retransmitted initial IKE messages.
...
This change allows to properly handle retransmits of initial IKE
messages when we've already processed them (i.e. our response is now resent
immediately).
2012-03-20 17:31:41 +01:00
de9357bb44
Implemented table of init hashes without linked_list_t.
2012-03-20 17:31:41 +01:00
6f0cca20d8
Implemented table of connected peers without linked_list_t.
2012-03-20 17:31:41 +01:00
3489370458
Implemented table of half open IKE_SAs without linked_list_t.
2012-03-20 17:31:41 +01:00
e49bb4e3e3
Don't use linked_list_t for buckets in main IKE_SA hash table.
2012-03-20 17:31:41 +01:00
894c52cba2
Fixed deadlock if checkin_and_destroy is called during shutdown.
2012-03-20 17:31:40 +01:00
4b2f428f40
Do not clone hashes of initial IKE messages when storing them in the hash table.
2012-03-20 17:31:40 +01:00
Tobias Brunner