| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
|
| |
|
|
|
|
|
| |
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
|
| | |
|
| |
|
|
|
|
|
|
|
| |
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors
|
| | |
|
| | |
|
| |
|
|
|
| |
no simultanous transaction with CHILD_SAs yet!
|
| |
|
|
|
|
|
|
|
|
|
|
| |
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
moved job code from thread_pool to job, jobs have an "execute" method now
added two new jobs: delete_child_sa & rekey_child_sa
kernel interface:
listens now for ACQUIRE & EXPIRE
supports hard and soft lifetimes
fires jobs for delete and rekey child sa
ike sa manager:
can checkout IKE SAs by requid of owned CHILD SAs
we have now the infrastructure to do the rekeying... :-)
|
| | |
|
| | |
|
| |
|
|
|
| |
- don't complain on termination of IKEv1 connections
|
| |
|
|
|
| |
should conform now to IKEv2
|
| |
|
|
|
|
|
| |
- logger output improvements
- testin gupdates
- and a lot more
|
| |
|
