| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
|
| |
|
|
|
|
|
| |
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
|
| | |
|
| |
|
|
|
|
| |
added proper traffic selector to string conversion
some cleanups here & there
|
| | |
|
| |
|
|
|
| |
no simultanous transaction with CHILD_SAs yet!
|
| |
|
|
|
|
|
|
|
|
|
|
| |
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
|
| | |
|
| |
|
|
|
|
| |
added sendcert policy to connection
some other cleanups
|
| | |
|
| |
|
|
|
|
| |
rekeying almost complete, but:
IKE_SA get in an invalid state when both initiate rekeying at the same time,
|
| |
|
|
|
|
|
|
| |
further CHILD_SA rekeying work done:
creation of a new CHILD_SA on a expire from a kernel works
delete of old CHILD_SA still missing
some issues when both initiate rekeing
|
| |
|
|
|
|
|
|
|
| |
get liftimes from policy
added new state
initiation of rekeying done
proposal redone:
removed support for AH+ESP proposals
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
moved job code from thread_pool to job, jobs have an "execute" method now
added two new jobs: delete_child_sa & rekey_child_sa
kernel interface:
listens now for ACQUIRE & EXPIRE
supports hard and soft lifetimes
fires jobs for delete and rekey child sa
ike sa manager:
can checkout IKE SAs by requid of owned CHILD SAs
we have now the infrastructure to do the rekeying... :-)
|
| | |
|
| | |
|
| |
|
|
|
| |
should conform now to IKEv2
|
|
|
- first working version
- make dist should work
- things to do:
- UML testing!
- more cleanups
|
