Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
533efa91e2
eap-radius: Add RADIUS Accounting session ID to Access-Request messages
...
This allows e.g. associating database entries for IP leases and
accounting directly from the start.
Fixes #2853 .
2018-12-17 09:46:09 +01:00
Tobias Brunner
655924074b
eap-radius: Optionally send Class attributes in RADIUS accounting messages
...
If enabled, add the RADIUS Class attributes received in Access-Accept messages
to RADIUS accounting messages as suggested by RFC 2865 section 5.25.
Fixes #2451 .
2017-11-02 09:57:05 +01:00
Andreas Steffen
b12c53ce77
Use standard unsigned integer types
2016-03-24 18:52:48 +01:00
Tobias Brunner
00c2c87b06
eap-radius: Fix creation of host_t objects based on Framed-IPv6-Address attributes
...
Fixes ec490e68ae
("eap-radius: Add support for some basic IPv6-specific RADIUS attributes").
References #1001 .
2015-08-28 16:52:57 +02:00
Tobias Brunner
ec490e68ae
eap-radius: Add support for some basic IPv6-specific RADIUS attributes
...
These are defined in RFC 6911.
Fixes #1001 .
2015-08-17 11:23:33 +02:00
Tobias Brunner
de622eb1f9
eap-radius: Forward Cisco and Microsoft specific DNS/NBNS attributes
...
Fixes #677 .
2014-09-09 10:56:16 +02:00
Tobias Brunner
d223fe807a
libcharon: Use lib->ns instead of charon->name
2014-02-12 14:34:32 +01:00
Tobias Brunner
feb3c4ff22
eap-radius: Forward RAT_FRAMED_IP_NETMASK as INTERNAL_IP4_NETMASK
2013-10-11 15:52:22 +02:00
Tobias Brunner
1a809e46f8
eap-radius: Forward UNITY_SPLIT_INCLUDE or UNITY_LOCAL_LAN attributes
...
Depending on the value of the CVPN3000-IPSec-Split-Tunneling-Policy(55)
radius attribute, the subnets in the CVPN3000-IPSec-Split-Tunnel-List(27)
attribute are sent in either a UNITY_SPLIT_INCLUDE (if the value is 1)
or a UNITY_LOCAL_LAN (if the value is 2).
So if the following attributes would be configured for a RADIUS user
CVPN3000-IPSec-Split-Tunnel-List := "10.0.1.0/255.255.255.0,10.0.2.0/255.255.255.0"
CVPN3000-IPSec-Split-Tunneling-Policy := 1
A UNITY_SPLIT_INCLUDE configuration payload containing these two subnets
would be sent to the client during the ModeCfg exchange.
2013-10-11 15:52:22 +02:00
Tobias Brunner
66229619cf
eap-radius: Forward UNITY_DEF_DOMAIN and UNITY_SPLITDNS_NAME attributes
...
The contents of the CVPN3000-IPSec-Default-Domain(28) and
CVPN3000-IPSec-Split-DNS-Names(29) radius attributes are forwarded in
the corresponding Unity configuration attributes.
2013-10-11 15:52:22 +02:00
Martin Willi
9aeb6cea4c
eap-radius: export function to build common attributes of Access-Request
2013-07-29 09:00:48 +02:00
Martin Willi
94ec80e74c
eap-radius: export function to process common attributes of Access-Accept
2013-07-29 09:00:48 +02:00
Martin Willi
69620a48e8
eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPs
...
Fixes some corner cases if multiple tunnels use the same peer identity.
2013-05-06 14:56:01 +02:00
Martin Willi
b2b99e61c8
eap-radius: Add an option to exclude ports from Called/Calling-Station-Id
2013-04-10 13:48:03 +02:00
Martin Willi
d019764ab6
Add support for RADIUS Interim accounting updates
2013-03-14 16:35:11 +01:00
Martin Willi
1ba1cd0c9b
Add an option to delete any established IKE_SA if RADIUS server is not responding
2013-03-14 15:42:30 +01:00
Martin Willi
003452d18f
Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-Request
2013-03-13 15:20:11 +01:00
Martin Willi
02bf38890d
Forward Cisco Banner received from RADIUS to Unity capable clients
2013-03-12 20:37:35 +01:00
Martin Willi
f4c8e6def7
In eap-radius, hand out received Framed-IP-Address attributes as virtual IP
2013-03-12 17:44:13 +01:00
Tobias Brunner
d2c8bc4df0
Handle type of first EAP-RADIUS response more sophisticated
2012-10-18 14:48:11 +02:00
Tobias Brunner
a05f3b2021
Make sure first argument is an int when using %.*s to print e.g. chunks
2012-09-28 18:01:49 +02:00
Tobias Brunner
42500c274a
Use name from initialization to access settings in libcharon.
...
Also fixes several whitespace errors.
2012-05-03 13:57:04 +02:00
Andreas Steffen
ff4e447954
use RADIUS_TUNNEL_TYPE_ESP defined in header file
2012-03-13 17:00:37 +01:00
Andreas Steffen
4853efe891
define MAX_RADIUS_ATTRIBUTE_SIZE
2012-03-13 16:27:17 +01:00
Martin Willi
f0f94e2ce6
Moved generic RADIUS protocol support to a dedicated libradius
2012-03-05 18:08:04 +01:00
Martin Willi
990fda9d88
Removed libcharon dependencies from generic RADIUS protocol support
2012-03-05 18:06:15 +01:00
Martin Willi
99cb353968
Forward specifcied RADIUS attributes between AAA backend and client
2012-03-05 18:06:15 +01:00
Martin Willi
3bc1829211
Rename RADIUS message constructors to handle both, requests and responses
2012-03-05 18:06:13 +01:00
Martin Willi
c61341a58f
Set IKE_SA lifetime based on RADIUS Session-Timeout attribute
2012-03-05 18:06:13 +01:00
Martin Willi
370de553f8
RADIUS message constructor accepts a message code parameter
2012-01-30 19:11:08 +01:00
Andreas Steffen
20c428b670
added level 3 debug output of forwarded EAP payloads
2011-04-21 19:52:49 +02:00
Martin Willi
5b0bcfb1fc
Revert alloc_str changes
...
This reverts commit fdead26ffe
.
This reverts commit 3e2419ebe3
.
This reverts commit 17ce69b47a
.
2011-04-21 13:35:31 +02:00
Martin Willi
3e2419ebe3
Use thread save settings alloc_str function where appropriate
2011-04-21 10:48:16 +02:00
Andreas Steffen
ab5e087309
implemented get|set_identifier() for eap_radius_t
2011-04-05 15:57:00 +02:00
Martin Willi
962300b920
Show result of RADIUS authentication along with EAP identity
2010-10-07 11:14:09 +02:00
Andreas Steffen
a1edf4d33e
use group membership to implement access/isolate redirection in filter-based TNC scenario
2010-10-05 20:40:36 +02:00
Andreas Steffen
b540d19133
moved CHILD_SA selection out of attribute loop
2010-10-05 08:02:07 +02:00
Andreas Steffen
28b23fef11
receive name of preferred CHILD_SA via RADIUS Filter-Id attribute
2010-10-05 07:58:07 +02:00
Martin Willi
ba31fe1fd6
Use a seperate section for each nested struct member in INIT macro
2010-08-18 12:15:03 +02:00
Martin Willi
ce7967c50c
Implemented support for multiple RADIUS servers
2010-07-21 17:25:09 +02:00
Martin Willi
58d2ef6e14
Migrated eap-radius plugin to INIT/METHOD macros
2010-07-21 17:09:27 +02:00
Martin Willi
52f97c3893
Do not interpret long class attributes (such as from NPS) as group
2010-07-09 13:53:43 +02:00
Martin Willi
a4c0da1669
Added support for group membership information containted in the RADIUS class attribute
2010-07-05 09:41:04 +02:00
Tobias Brunner
08c5572602
Moving charon to libcharon.
2010-03-19 13:34:52 +01:00