cf62d073f1
Move ike_version_t definition from peer_cfg_t to ike_cfg_t
2012-10-24 10:17:36 +02:00
6676769e8c
Make sure we propose a dynamic TS if we don't have hosts to derive a TS from
...
7ee37114
2012-09-21 18:14:17 +02:00
7ee37114c9
Derive a dynamic TS to multiple virtual IPs
2012-09-18 17:11:03 +02:00
4c57c63062
Added possibility to register custom proposal keywords
...
Keyword lookup and registration are handled via the new lib->proposal object.
2012-09-13 15:44:46 +02:00
995875210a
Removed len argument from proposal_get_token()
...
Also use enumerators instead of lexparser.h to parse proposal strings.
2012-09-13 15:44:01 +02:00
455accc687
Ensure traffic selectors are dynamic before calling set_address() when deriving them
2012-09-12 18:13:47 +02:00
f4cc7ea11b
Add uniqueids=never to ignore INITIAL_CONTACT notifies
...
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received. With this new option
it also ignores these notifies.
2012-09-10 17:37:18 +02:00
1323dc1138
Merge branch 'multi-vip'
...
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
2012-08-31 12:55:56 +02:00
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
a21fac9a85
Log configured IKE_SA proposals as initiator
2012-08-24 13:43:14 +02:00
d2b4dff5dd
Log configured CHILD_SA proposals as initiator
2012-08-24 13:43:14 +02:00
9c2f08860d
Add DH group 15 (MODP-3072) to IKE proposal
2012-08-06 11:22:33 +02:00
1b40b74de0
Pass opaque data to printf hooks and print_in_hook()
2012-07-13 13:23:29 +02:00
1d315bddd3
implemented the right|leftallowany feature
2012-06-08 21:24:41 +02:00
7a75cae856
Added support for IKEv1 IPComp proposals in proposal substructure.
2012-05-24 15:32:27 +02:00
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
bad192069f
Make AES-CMAC actually usable for IKEv2.
2012-04-04 10:51:46 +02:00
5ce59d4c06
Added an aggressive mode peer_cfg option
2012-03-20 17:31:34 +01:00
986237603f
Fix ike_version_t enum names
2012-03-20 17:31:29 +01:00
15a682f4c2
Separated libcharon/sa directory with ikev1 and ikev2 subfolders
2012-03-20 17:31:26 +01:00
ac009df132
Pass IKE version to peer config enumerator, filter configs
2012-03-20 17:31:25 +01:00
d94c923648
Support an "any" IKE version for both IKEv1 or IKEv2
2012-03-20 17:31:25 +01:00
e6503db2cf
Fixed SIGSEGV when logging peer config matches.
2012-03-20 17:31:20 +01:00
033dfba01f
Log peer cfg enumeration externally for flexibility
2012-03-20 17:31:17 +01:00
d7376e2ab4
Accept NULL identities passed to peer config enumeration
2012-03-20 17:31:17 +01:00
d08269c700
Added a get_rekey/reauth_time() jitter parameter to get time without randomization
2012-03-20 17:30:52 +01:00
f7a8fcedc0
Use enum to define IKE version on peer_cfg_t.
...
Replaced all those magic numbers.
2012-03-20 17:30:41 +01:00
dc299da8e5
Added additional debug info to peer config matching
2011-10-11 09:46:24 +02:00
6b444c5934
Migrated peer_cfg_t to INIT/METHOD macros.
2011-08-03 15:17:34 +02:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
47daa0e6fe
Replaced more complex iterator usages.
2011-07-06 09:43:45 +02:00
390b38b8c9
Add NO_EXT_SEQ_NUMBER to proposal only if it has not been specified in string
2011-04-20 12:26:58 +02:00
f8b26c452a
Added proposal keywords for ESN support
2011-04-20 12:26:58 +02:00
4536e669a8
Filter out non-matching ike_cfg in backend manager, so backends don't have to
2011-02-03 10:12:16 +01:00
1038d9fee5
Added a null-safe strdup variant
2011-01-05 16:46:02 +01:00
37788b1d06
Added a TFC padding option to child_cfg
2010-12-20 09:45:39 +01:00
5932f41fcc
trace back crypto algorithms to the plugins that registered them
2010-12-18 16:31:12 +01:00
a072c34a63
check for malformed IKE and ESP proposals
2010-12-01 09:50:30 +01:00
c616d84c3f
start and route connections defined in an SQL database via start_action field and ipsec up %startall command
2010-11-28 11:57:49 +01:00
31f6f1513d
Migrated child_cfg_t to INIT/METHOD macros
2010-11-26 16:32:15 +01:00
efc1c86e21
Migrated backend_manager_t to INIT/METHOD macros
2010-11-25 22:43:19 +01:00
bb16217581
Store proposal number in proposal_t to reuse it in the selected proposal
...
According to RFC 5996 3.3.1, we MUST reuse the proposal number of
the selected proposal in the SA payload reply.
2010-10-28 15:08:14 +02:00
d454c586ab
Migrated proposal_t to INIT/METHOD macros
2010-10-28 13:06:20 +00:00
08c0d340b8
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.
...
Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.
2010-09-02 19:01:25 +02:00
6f449d2efd
Moved kernel interface to libhydra.
2010-09-02 19:01:25 +02:00
08a5a708fc
Include CCM/GCM algorithms in IKEv2 proposals, if supported
2010-08-19 19:05:05 +02:00
7fc4b0814f
Make function to test if an encryption algorithm is an AEAD alg public
2010-08-19 19:02:16 +02:00
c7776e0aa8
Support Camellia XCBC algorithms in proposal
2010-08-13 17:11:54 +02:00
Martin Willi