diff options
| author | Martin Willi <martin@revosec.ch> | 2013-12-23 18:45:13 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2014-06-04 16:32:10 +0200 |
| commit | a4f3b363dabd2ba435ba2cded4cbb0ecce0304e1 (patch) | |
| tree | 0a09de5655bff28d5c5321e9d885c6f0c914acbf /src/libcharon/plugins | |
| parent | 6de788704b0cb4b087719341f0900b1b1992cdb0 (diff) | |
| download | strongswan-a4f3b363dabd2ba435ba2cded4cbb0ecce0304e1.tar.bz2 strongswan-a4f3b363dabd2ba435ba2cded4cbb0ecce0304e1.tar.xz | |
kernel-wfp: Set flag to get UDP encapsulation with tunnel mode working
Having this flag set fixes connections initiated by the Windows host, but
unfortunately does not yet fix incoming connections. Connection state issue?
We still see 0xc00000e2 error events, translating to INTERNAL_ERROR.
Diffstat (limited to 'src/libcharon/plugins')
| -rw-r--r-- | src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h | 21 | ||||
| -rw-r--r-- | src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c | 1 |
2 files changed, 22 insertions, 0 deletions
diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h b/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h index 9c9addbea..a2aa1d80b 100644 --- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h +++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_compat.h @@ -86,6 +86,27 @@ enum { FWPM_FILTER_FLAG_DISABLED = (1<<5), }; +/* missing in MinGW */ +enum { + IPSEC_SA_BUNDLE_FLAG_ND_SECURE = (1<< 0), + IPSEC_SA_BUNDLE_FLAG_ND_BOUNDARY = (1<< 1), + IPSEC_SA_BUNDLE_FLAG_ND_PEER_NAT_BOUNDARY = (1<< 2), + IPSEC_SA_BUNDLE_FLAG_GUARANTEE_ENCRYPTION = (1<< 3), + IPSEC_SA_BUNDLE_FLAG_NLB = (1<< 4), + IPSEC_SA_BUNDLE_FLAG_NO_MACHINE_LUID_VERIFY = (1<< 5), + IPSEC_SA_BUNDLE_FLAG_NO_IMPERSONATION_LUID_VERIFY = (1<< 6), + IPSEC_SA_BUNDLE_FLAG_NO_EXPLICIT_CRED_MATCH = (1<< 7), + IPSEC_SA_BUNDLE_FLAG_ALLOW_NULL_TARGET_NAME_MATCH = (1<< 9), + IPSEC_SA_BUNDLE_FLAG_CLEAR_DF_ON_TUNNEL = (1<<10), + IPSEC_SA_BUNDLE_FLAG_ASSUME_UDP_CONTEXT_OUTBOUND = (1<<11), + IPSEC_SA_BUNDLE_FLAG_ND_PEER_BOUNDARY = (1<<12), + IPSEC_SA_BUNDLE_FLAG_SUPPRESS_DUPLICATE_DELETION = (1<<13), + IPSEC_SA_BUNDLE_FLAG_PEER_SUPPORTS_GUARANTEE_ENCRYPTION = (1<<14), + IPSEC_SA_BUNDLE_FLAG_FORCE_INBOUND_CONNECTIONS = (1<<15), + IPSEC_SA_BUNDLE_FLAG_FORCE_OUTBOUND_CONNECTIONS = (1<<16), + IPSEC_SA_BUNDLE_FLAG_FORWARD_PATH_INITIATOR = (1<<17), +}; + DWORD WINAPI FwpmIPsecTunnelAdd0(HANDLE, UINT32, const FWPM_PROVIDER_CONTEXT0*, const FWPM_PROVIDER_CONTEXT0*, UINT32, const FWPM_FILTER_CONDITION0*, PSECURITY_DESCRIPTOR); diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c index b6d7d7a58..d471a0010 100644 --- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c +++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c @@ -913,6 +913,7 @@ static bool install_sa(private_kernel_wfp_ipsec_t *this, entry_t *entry, } else { + bundle.flags |= IPSEC_SA_BUNDLE_FLAG_ASSUME_UDP_CONTEXT_OUTBOUND; res = IPsecSaContextAddOutbound0(this->handle, entry->sa_id, &bundle); } if (res != ERROR_SUCCESS) |