Martin Willi
c2a391746c
Add basic support for XAuth responder authentication
2012-06-27 11:42:56 +02:00
Martin Willi
0c32b9c62f
Enforce uniqueids=keep only for non-XAuth Main/Agressive Modes
2012-06-25 10:18:35 +02:00
Martin Willi
b31a56f128
Require a scary option to respond to Aggressive Mode PSK requests
...
While Aggressive Mode PSK is widely used, it is known to be subject
to dictionary attacks by passive attackers. We don't complain as
initiator to be compatible with existing (insecure) setups, but
require a scary strongswan.conf option if someone wants to use it
as responder.
2012-06-14 10:25:48 +02:00
Martin Willi
e5f0f9ff96
Enforce uniqueness policy in IKEv1 main and aggressive modes
2012-06-08 16:15:22 +02:00
Tobias Brunner
647cd741e8
Added support for IKEv1 IPComp proposals in SA payload.
2012-05-24 15:32:28 +02:00
Martin Willi
3c475660c5
Apply IDir before deriving keys as aggressive initiator
2012-05-23 12:27:47 +02:00
Tobias Brunner
1a624ff45a
Switch to alternative peer config in IKEv1 Main and Aggressive Mode.
2012-05-21 15:49:25 +02:00
Martin Willi
7ce504e182
Flush task queues explicitly, not implicitly if task returns ALREADY_DONE
2012-05-21 14:17:09 +02:00
Tobias Brunner
7a56c35fc9
Remove executable flag from source files.
2012-05-18 10:04:08 +02:00
Martin Willi
3624b09e21
Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helper
2012-03-20 17:31:37 +01:00
Martin Willi
f420f51f55
Invoke authorization hooks for IKEv1 connections
2012-03-20 17:31:36 +01:00
Martin Willi
2ddd45c9a7
Simplified DPD handling by using a task for a single message only
2012-03-20 17:31:35 +01:00
Clavister OpenSource
3e6b740336
Isakmp_dpd task added.
2012-03-20 17:31:35 +01:00
Martin Willi
37c12bd31e
Streamlined debug output when initiating IKEv1 IKE_SAs
2012-03-20 17:31:34 +01:00
Martin Willi
91c212fd6a
Select IKEv1 configurations by main/aggressive mode option
2012-03-20 17:31:34 +01:00
Martin Willi
ee325b555f
Implemented aggressive mode using Phase 1 helper class
2012-03-20 17:31:33 +01:00