| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
sainfo matching needs to allow wildcard matching.
|
|
|
|
|
| |
It was missing some ulport swaps that caused isakmp quick mode
as responder to fail under certain cases.
|
|
|
|
| |
Remove one patch merged upstream.
|
|
|
|
|
|
| |
* improve handling of setups where single node participates to
multiple dmvpn networks. enable using of grekey in setkey,
SPD and sainfo; also match remoteconfs using sainfo ph1id
|
| |
|
| |
|
|
|
|
| |
* remove patches merged upstream
|
|
|
|
|
| |
the old one could crash under some rare circumstances (deleting
responder mode ph1 in very early state).
|
|
|
|
|
|
|
| |
if phase1 rekeying is enabled, remote side deleting the last
phase1 will result in deletion of all the ipsec-sa's and will
execute the phase1_dead script hook too (so every one knows
the traffic between the two nodes has ceased).
|
|
|
|
|
|
|
|
| |
* update adminport to work with huge replies
* defer handling of DH calculations for isakmp identity reponse
(this helps to handle things in right order if we are getting
multiple simultaneous connection requests; this also makes
the previous receive buffer size change mostly irrelevant)
|
|
|
|
|
| |
remove patches committed upstream. and add a patch for dpd related
minor fix.
|
|
|
|
|
| |
will fix certain racoonctl errors if there are multiple simultaneous
connections and the system socket buffer size is set low.
|
|
|
|
|
| |
this fixing behaviour on long backbuffer of packets to start
dropping packets instead of processing them late.
|
|
|
|
|
|
| |
Use the highlevel EVP and HMAC functions to calculate oneshot
digest and HMAC. This enable the use of crypto accelerators for
these operations.
|
| |
|
| |
|
|
|
|
| |
it improves admin port responsiveness under high load.
|
|
|
|
| |
fixes #261
|
|
|
|
|
| |
the patch should fix reconnection on unstable lines but contained a
memory leak. This is an update of the same patch.
|
|
|
|
|
|
|
| |
Reset remote node contacted state if all related security associates
are purged.
Fixes issues with unstable internet connections.
|
|
|
|
| |
so opennhrp start after racoon.
|
| |
|
|
|
|
| |
remove the patch merged upstream.
|
|
|
|
|
|
| |
remove patches merged upstream, minor fix to reverse-connect
patch and add new "phase1 hints when rekeying" patch to help
rekeying in some nat scenarios.
|
| |
|
|
|
|
| |
append e.g. '-k' option to the setkey command by modifying their /etc/conf.d/racoon file
|
|
and fixed misc build issues
|