ike: support multiple addresses, ranges and subnets in IKE address config

Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.

1 files changed, 4 insertions, 6 deletions

diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index e852e3f47..d048b003b 100644
--- a/src/libcharon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -102,10 +102,9 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
 		DESTROY_IF(e);
 		return NULL;
 	}
-	ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE,
-							 "0.0.0.0", FALSE,
+	ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0",
 							 charon->socket->get_port(charon->socket, FALSE),
-							 address, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
+							 address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
 	ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
 	med_cfg = peer_cfg_create(
 		"mediation", ike_cfg,
@@ -377,10 +376,9 @@ medcli_config_t *medcli_config_create(database_t *db)
 		.db = db,
 		.rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200),
 		.dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300),
-		.ike = ike_cfg_create(IKEV2, FALSE, FALSE,
-							  "0.0.0.0", FALSE,
+		.ike = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0",
 							  charon->socket->get_port(charon->socket, FALSE),
-							  "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+							  "0.0.0.0", IKEV2_UDP_PORT,
 							  FRAGMENTATION_NO, 0),
 	);
 	this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));