Martin Willi
|
c60246a618
|
Support inactivity timeout in IKEv1 CHILD_SAs
|
2012-03-20 17:31:39 +01:00 |
Martin Willi
|
a0c17d4157
|
Use a dedicated PRF for HASH/SIG payloads using ECDSA specific hasher
|
2012-03-20 17:31:39 +01:00 |
Martin Willi
|
4c685e8850
|
Select public key auth method by checking what key we have
|
2012-03-20 17:31:39 +01:00 |
Martin Willi
|
83b152dd4f
|
Support ECDSA signatures in IKEv1 pubkey authenticator
|
2012-03-20 17:31:39 +01:00 |
Martin Willi
|
5be386ff8e
|
Exchange certificates when using IKEv1 ECDSA authentication
|
2012-03-20 17:31:39 +01:00 |
Martin Willi
|
5aef6bd0f3
|
Accept NULL auth_cfg_t passed to credential_manager_t.get_private()
|
2012-03-20 17:31:39 +01:00 |
Martin Willi
|
6261c0c3b7
|
Support encoding of IKEv1 ECDSA proposals
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
c8d46f2959
|
Dropped support of deprecated authby=eap and eap= options
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
c791def8c1
|
Added support for authby/xauth_server legacy options
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
c390569a76
|
Renamed CONFIGURATION_ATTRIBUTE_LENGTH to streamline it with other ATTRIBUTE rules
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
05cb240215
|
Use ATTRIBUTE_VALUE rule in configuration attribute to parse it with correct length
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
a994050e9c
|
Don't re-resolve addresses during initiate if they have already been set
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
aa3b53e716
|
Adopt children after syncing a rekeyed IKEv1 SA
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
fed5c33440
|
Synchronize IKEv1 DPD sequence numbers
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
fd6fbf1764
|
Setting message ID on task manager sets DPD sequence numbers in IKEv1
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
783c496966
|
Update state before triggering DPD, as we cancel it if PASSIVE
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
a46b8e16ad
|
Set thread specific SA on bus for each enumerated IKE_SA
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
b226fd300d
|
Sync remote virtual IP for IKEv1 SAs
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
868d92a402
|
Sync new IKE_SA condition/extension flags
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
c8531b7e69
|
Added support for Phase1 IV synchronization to HA plugin
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
47b8f6ef4b
|
Invoke bus_t.message hook twice, once plain and parsed, once encoded and encrypted
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
ae92641806
|
Create IKEv1 keymat hasher explicitly on sync
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
a0fa7a7f64
|
Clear initiator flag when checking out initial IKEv1 SA from message
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
8bcd9bd161
|
Added support to sync IKEv1 SAs key material in HA plugin
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
23f9e7a18d
|
Pass IKEv1 specific keymat to ike_keys hook
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
264514826c
|
Use a more complete implementation of a HA specific diffie_hellman_t
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
5763367cac
|
Show IKE version in ipsec statusall
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
c3f1839ab7
|
Apply proposal to a HA synced IKE_SA
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
3624b09e21
|
Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helper
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
6bc6f67b0f
|
Updated HA plugin to new IKEv2 specific keymat functions
|
2012-03-20 17:31:37 +01:00 |
Martin Willi
|
3957a6e4f3
|
Get a reference for the child_cfg passed to child_create_create()
|
2012-03-20 17:31:36 +01:00 |
Martin Willi
|
696fa8e003
|
Invoke bus_t.narrow hook in quick mode exchange
|
2012-03-20 17:31:36 +01:00 |
Martin Willi
|
f420f51f55
|
Invoke authorization hooks for IKEv1 connections
|
2012-03-20 17:31:36 +01:00 |
Martin Willi
|
1a0648490c
|
Invoke ike_updown hooks for reauthenticated IKEv1 SAs
|
2012-03-20 17:31:36 +01:00 |
Martin Willi
|
b6ac063c36
|
Don't invoke a child_updown hook when a quick mode to delete has been rekeyed
|
2012-03-20 17:31:36 +01:00 |
Martin Willi
|
669d8bded2
|
Invoke child_rekey hook instead of child_updown when rekeying a quick mode
|
2012-03-20 17:31:36 +01:00 |
Martin Willi
|
5b7fc76861
|
Don't invoke updown hook when flushing SAs for IKEv1, tasks will do it
|
2012-03-20 17:31:36 +01:00 |
Martin Willi
|
c654d949f3
|
Fix "incoming" flag passed to bus_t.message() hook
|
2012-03-20 17:31:36 +01:00 |
Martin Willi
|
477559cab5
|
Continue with next exchange after sending an INFORMATIONAL
|
2012-03-20 17:31:36 +01:00 |
Martin Willi
|
1b82eb23a2
|
Handle retransmission of DPD exchange, both as initiator and responder
|
2012-03-20 17:31:36 +01:00 |
Martin Willi
|
11aadd7722
|
Disable DPD checking for peers not supporting it
|
2012-03-20 17:31:35 +01:00 |
Martin Willi
|
214d4e4090
|
Added missing DPD task name
|
2012-03-20 17:31:35 +01:00 |
Martin Willi
|
ff6b084ac4
|
Confirm message reception time only if DPD sequence number valid
|
2012-03-20 17:31:35 +01:00 |
Martin Willi
|
2ddd45c9a7
|
Simplified DPD handling by using a task for a single message only
|
2012-03-20 17:31:35 +01:00 |
Martin Willi
|
5ac4c2e1a9
|
Added missing short enum names for DPD notify types
|
2012-03-20 17:31:35 +01:00 |
Martin Willi
|
bb2d4e1882
|
Print IKEv1 notify types in message summary
|
2012-03-20 17:31:35 +01:00 |
Martin Willi
|
5f2f864efc
|
Support IKEv1 notifies in message_t.get_notify()
|
2012-03-20 17:31:35 +01:00 |
Martin Willi
|
3fca5bd123
|
Check if we have an RNG for IKEv1 task manager before using it
|
2012-03-20 17:31:35 +01:00 |
Martin Willi
|
31689338d6
|
Remove unused DPD sequence number getter on task manager
|
2012-03-20 17:31:35 +01:00 |
Martin Willi
|
1e624ce876
|
Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE state
|
2012-03-20 17:31:35 +01:00 |