charon-cmd: add IKEv1 aggressive mode profiles

author: Martin Willi <martin@revosec.ch> 2013-06-20 11:01:37 +0200
committer: Martin Willi <martin@revosec.ch> 2013-06-20 11:01:37 +0200
commit: e044a1a9e5088854290e0160f8ab370f2965a945 (patch)
tree: 66b980050cadc2bdca5e3d95b4f73ceafec906ae
parent: 40b0a15cb51976e6bf74cee77bc0d8ed7d73da0a (diff)
download: strongswan-e044a1a9e5088854290e0160f8ab370f2965a945.tar.bz2
strongswan-e044a1a9e5088854290e0160f8ab370f2965a945.tar.xz
3 files changed, 35 insertions, 10 deletions
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
index e48f54887..435d94321 100644
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
@@ -38,19 +38,27 @@ enum profile_t {
 	PROF_V2_EAP,
 	PROF_V2_PUB_EAP,
 	PROF_V1_PUB,
+	PROF_V1_PUB_AM,
 	PROF_V1_XAUTH,
+	PROF_V1_XAUTH_AM,
 	PROF_V1_XAUTH_PSK,
+	PROF_V1_XAUTH_PSK_AM,
 	PROF_V1_HYBRID,
+	PROF_V1_HYBRID_AM,
 };
 
-ENUM(profile_names, PROF_V2_PUB, PROF_V1_HYBRID,
+ENUM(profile_names, PROF_V2_PUB, PROF_V1_HYBRID_AM,
 	"ikev2-pub",
 	"ikev2-eap",
 	"ikev2-pub-eap",
 	"ikev1-pub",
+	"ikev1-pub-am",
 	"ikev1-xauth",
+	"ikev1-xauth-am",
 	"ikev1-xauth-psk",
+	"ikev1-xauth-psk-am",
 	"ikev1-hybrid",
+	"ikev1-hybrid-am",
 );
 
 /**
@@ -121,6 +129,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
 	peer_cfg_t *peer_cfg;
 	u_int16_t local_port, remote_port = IKEV2_UDP_PORT;
 	ike_version_t version = IKE_ANY;
+	bool aggressive = FALSE;
 
 	switch (this->profile)
 	{
@@ -130,6 +139,12 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
 		case PROF_V2_PUB_EAP:
 			version = IKEV2;
 			break;
+		case PROF_V1_PUB_AM:
+		case PROF_V1_XAUTH_AM:
+		case PROF_V1_XAUTH_PSK_AM:
+		case PROF_V1_HYBRID_AM:
+			aggressive = TRUE;
+			/* FALL */
 		case PROF_V1_PUB:
 		case PROF_V1_XAUTH:
 		case PROF_V1_XAUTH_PSK:
@@ -150,7 +165,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
 					CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
 					36000, 0, /* rekey 10h, reauth none */
 					600, 600, /* jitter, over 10min */
-					TRUE, FALSE, /* mobike, aggressive */
+					TRUE, aggressive, /* mobike, aggressive */
 					30, 0, /* DPD delay, timeout */
 					FALSE, NULL, NULL); /* mediation */
 	peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
@@ -211,6 +226,8 @@ static bool add_auth_cfgs(private_cmd_connection_t *this, peer_cfg_t *peer_cfg)
 		case PROF_V2_PUB_EAP:
 		case PROF_V1_PUB:
 		case PROF_V1_XAUTH:
+		case PROF_V1_PUB_AM:
+		case PROF_V1_XAUTH_AM:
 			if (!this->key_seen)
 			{
 				DBG1(DBG_CFG, "missing private key for profile %N",
@@ -238,20 +255,24 @@ static bool add_auth_cfgs(private_cmd_connection_t *this, peer_cfg_t *peer_cfg)
 			add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_ANY);
 			break;
 		case PROF_V1_PUB:
+		case PROF_V1_PUB_AM:
 			add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_PUBKEY);
 			add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_PUBKEY);
 			break;
 		case PROF_V1_XAUTH:
+		case PROF_V1_XAUTH_AM:
 			add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_PUBKEY);
 			add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_XAUTH);
 			add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_PUBKEY);
 			break;
 		case PROF_V1_XAUTH_PSK:
+		case PROF_V1_XAUTH_PSK_AM:
 			add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_PSK);
 			add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_XAUTH);
 			add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_PSK);
 			break;
 		case PROF_V1_HYBRID:
+		case PROF_V1_HYBRID_AM:
 			add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_XAUTH);
 			add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_PUBKEY);
 			break;
diff --git a/src/charon-cmd/cmd/cmd_options.c b/src/charon-cmd/cmd/cmd_options.c
index e7dbff7e0..16b6b65c1 100644
--- a/src/charon-cmd/cmd/cmd_options.c
+++ b/src/charon-cmd/cmd/cmd_options.c
@@ -52,12 +52,16 @@ cmd_option_t cmd_options[CMD_OPT_COUNT] = {
 	  "remote traffic selector to propose for remote side", {}},
 	{ CMD_OPT_PROFILE, "profile", required_argument, "name",
 	  "authentication profile to use, where name is one of:", {
-		"ikev2-pub:       IKEv2 with public key client authentication",
-		"ikev2-eap:       IKEv2 with client EAP",
-		"ikev2-pub-eap:   IKEv2 with public key client authentication + client EAP",
-		"ikev1-pub:       IKEv1 public key authentication",
-		"ikev1-xauth:     IKEv1 public key authentication + initiator XAuth",
-		"ikev1-xauth-psk: IKEv1 PSK authentication + initiator XAuth (INSECURE!)",
-		"ikev1-hybrid:    IKEv1 public key responder only + initiator XAuth",
+		"ikev2-pub:          IKEv2 with public key client authentication",
+		"ikev2-eap:          IKEv2 with client EAP",
+		"ikev2-pub-eap:      IKEv2 with public key client authentication + client EAP",
+		"ikev1-pub:          IKEv1 public key authentication",
+		"ikev1-pub-am:             use Aggressive Mode",
+		"ikev1-xauth:        IKEv1 public key authentication + initiator XAuth",
+		"ikev1-xauth-am:           use Aggressive Mode",
+		"ikev1-xauth-psk:    IKEv1 PSK authentication + initiator XAuth (INSECURE!)",
+		"ikev1-xauth-psk-am:       use Aggressive Mode",
+		"ikev1-hybrid:       IKEv1 public key responder only + initiator XAuth",
+		"ikev1-hybrid-am:          use Aggressive Mode",
 	}},
 };
diff --git a/src/charon-cmd/cmd/cmd_options.h b/src/charon-cmd/cmd/cmd_options.h
index 7a6080f3a..f0cf32a04 100644
--- a/src/charon-cmd/cmd/cmd_options.h
+++ b/src/charon-cmd/cmd/cmd_options.h
@@ -62,7 +62,7 @@ struct cmd_option_t {
 	/** short description to option */
 	const char *desc;
 	/** additional description lines */
-	const char *lines[8];
+	const char *lines[12];
 };
 
 /**
author	Martin Willi <martin@revosec.ch>	2013-06-20 11:01:37 +0200
committer	Martin Willi <martin@revosec.ch>	2013-06-20 11:01:37 +0200
commit	e044a1a9e5088854290e0160f8ab370f2965a945 (patch)
tree	66b980050cadc2bdca5e3d95b4f73ceafec906ae
parent	40b0a15cb51976e6bf74cee77bc0d8ed7d73da0a (diff)
download	strongswan-e044a1a9e5088854290e0160f8ab370f2965a945.tar.bz2 strongswan-e044a1a9e5088854290e0160f8ab370f2965a945.tar.xz