| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | ha: Delete passive IKE_SA on other node after half-open timeout | Tobias Brunner | 2017-01-25 | 1 | -0/+15 |
| | | | | | Fixes #1192. | ||||
| * | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 1 | -3/+3 |
| | | |||||
| * | ha: Properly sync IKEv1 IV if gateway is initiator | Tobias Brunner | 2016-02-01 | 1 | -12/+16 |
| | | | | | | | | | | | | | | | To handle Phase 2 exchanges on the other HA host we need to sync the last block of the last Phase 1 message (or the last expected IV). If the gateway is the initiator of a Main Mode SA the last message is an inbound message. When handling such messages the expected IV is not updated until it is successfully decrypted so we can't sync the IV when processing the still encrypted (!plain) message. However, as responder, i.e. if the last message is an outbound message, the reverse applies, that is, we get the next IV after successfully encrypting the message, not while handling the plain message. Fixes #1267. | ||||
| * | ha: Add DH group to IKE_ADD message | Tobias Brunner | 2016-02-01 | 1 | -0/+4 |
| | | | | | | | | | It is required for IKEv1 to determine the DH group of the CHILD SAs during rekeying. It also fixes the status output for HA SAs, which so far haven't shown the DH group on the passive side. Fixes #1267. | ||||
| * | ha: Sync remote address in HA_IKE_ADD, too | Thomas Egerer | 2015-08-04 | 1 | -0/+1 |
| | | | | | | | | | | | | | When the IKE_SA is synced without the remote address, after a reauthentication charon is not able to find it in its connected_peers table since the destination host will be %any (it's missing in the message, hence the default from the newly created ike_sa_t -- %any -- will be used). By adding the value to the HA_IKE_ADD message, we should be able to solve this problem. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com> | ||||
| * | diffie-hellman: Add a bool return value to get_my_public_value() | Martin Willi | 2015-03-23 | 1 | -3/+5 |
| | | |||||
| * | diffie-hellman: Use bool instead of status_t as get_shared_secret() return value | Martin Willi | 2015-03-23 | 1 | -1/+1 |
| | | | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations. | ||||
| * | Support multiple virtual IPs on peer_cfg and ike_sa classes | Martin Willi | 2012-08-30 | 1 | -22/+30 |
| | | |||||
| * | Cleaned up memory management and return values for encryption payload | Martin Willi | 2012-07-16 | 1 | -1/+0 |
| | | |||||
| * | Add a return value to keymat_v1_t.{get,update,confirm}_iv | Martin Willi | 2012-07-16 | 1 | -7/+9 |
| | | |||||
| * | Merge branch 'ikev1-clean' into ikev1-master | Martin Willi | 2012-03-20 | 1 | -32/+119 |
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins. | ||||
| | * | Synchronize IKEv1 DPD sequence numbers | Martin Willi | 2012-03-20 | 1 | -0/+30 |
| | | | |||||
| | * | Sync remote virtual IP for IKEv1 SAs | Martin Willi | 2012-03-20 | 1 | -0/+13 |
| | | | |||||
| | * | Sync new IKE_SA condition/extension flags | Martin Willi | 2012-03-20 | 1 | -2/+6 |
| | | | |||||
| | * | Added support for Phase1 IV synchronization to HA plugin | Martin Willi | 2012-03-20 | 1 | -26/+50 |
| | | | |||||
| | * | Invoke bus_t.message hook twice, once plain and parsed, once encoded and ↵ | Martin Willi | 2012-03-20 | 1 | -1/+2 |
| | | | | | | | | | encrypted | ||||
| | * | Added support to sync IKEv1 SAs key material in HA plugin | Martin Willi | 2012-03-20 | 1 | -0/+12 |
| | | | |||||
| | * | Pass IKEv1 specific keymat to ike_keys hook | Martin Willi | 2012-03-20 | 1 | -1/+2 |
| | | | |||||
| | * | Updated HA plugin to new IKEv2 specific keymat functions | Martin Willi | 2012-03-20 | 1 | -3/+5 |
| | | | |||||
| * | | Renamed list of additional peer addresses as it now stores all known addresses. | Tobias Brunner | 2012-03-09 | 1 | -2/+2 |
| |/ | |||||
| * | Sync newer IKE_SA condition/extension flags in ha plugin | Martin Willi | 2011-08-19 | 1 | -2/+7 |
| | | |||||
| * | Replaced ike_sa_t.create_additional_address_iterator with enumerator. | Tobias Brunner | 2011-07-06 | 1 | -4/+4 |
| | | |||||
| * | Flush any remaining cache state if an IKE_SA goes down | Martin Willi | 2010-07-27 | 1 | -2/+2 |
| | | |||||
| * | Synchronize EAP-Identity of remote peer | Martin Willi | 2010-07-26 | 1 | -0/+6 |
| | | |||||
| * | Use a sync message cache to resynchronize IKE_SAs without rekeying | Martin Willi | 2010-07-26 | 1 | -1/+24 |
| | | |||||
| * | Use distinct message types for HA message ID updates | Martin Willi | 2010-07-26 | 1 | -6/+4 |
| | | |||||
| * | Migrated ha plugin to INIT/METHOD macros | Martin Willi | 2010-07-26 | 1 | -34/+26 |
| | | |||||
| * | Updated HA plugin to new APIs | Martin Willi | 2010-04-07 | 1 | -6/+0 |
| | | |||||
| * | Moved ha plugin to libcharon | Martin Willi | 2010-04-07 | 1 | -0/+286 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |