c2a391746c
Add basic support for XAuth responder authentication
2012-06-27 11:42:56 +02:00
0c32b9c62f
Enforce uniqueids=keep only for non-XAuth Main/Agressive Modes
2012-06-25 10:18:35 +02:00
b31a56f128
Require a scary option to respond to Aggressive Mode PSK requests
...
While Aggressive Mode PSK is widely used, it is known to be subject
to dictionary attacks by passive attackers. We don't complain as
initiator to be compatible with existing (insecure) setups, but
require a scary strongswan.conf option if someone wants to use it
as responder.
2012-06-14 10:25:48 +02:00
e5f0f9ff96
Enforce uniqueness policy in IKEv1 main and aggressive modes
2012-06-08 16:15:22 +02:00
647cd741e8
Added support for IKEv1 IPComp proposals in SA payload.
2012-05-24 15:32:28 +02:00
3c475660c5
Apply IDir before deriving keys as aggressive initiator
2012-05-23 12:27:47 +02:00
1a624ff45a
Switch to alternative peer config in IKEv1 Main and Aggressive Mode.
2012-05-21 15:49:25 +02:00
7ce504e182
Flush task queues explicitly, not implicitly if task returns ALREADY_DONE
2012-05-21 14:17:09 +02:00
7a56c35fc9
Remove executable flag from source files.
2012-05-18 10:04:08 +02:00
3624b09e21
Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helper
2012-03-20 17:31:37 +01:00
f420f51f55
Invoke authorization hooks for IKEv1 connections
2012-03-20 17:31:36 +01:00
2ddd45c9a7
Simplified DPD handling by using a task for a single message only
2012-03-20 17:31:35 +01:00
3e6b740336
Isakmp_dpd task added.
2012-03-20 17:31:35 +01:00
37c12bd31e
Streamlined debug output when initiating IKEv1 IKE_SAs
2012-03-20 17:31:34 +01:00
91c212fd6a
Select IKEv1 configurations by main/aggressive mode option
2012-03-20 17:31:34 +01:00
ee325b555f
Implemented aggressive mode using Phase 1 helper class
2012-03-20 17:31:33 +01:00
Martin Willi