aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ike_sa.c
Commit message (Collapse)AuthorAgeFilesLines
* Set configured DSCP value while generating IKE packetsMartin Willi2013-02-061-1/+26
|
* Allow ID_PROT/AGGRESSIVE messages for established IKE_SAs if they contain ↵Tobias Brunner2012-12-241-1/+2
| | | | | | | fragments Other implementations send fragments always in an initial message type even for transaction or quick mode exchanges.
* Inherit virtual IP and attributes from old to new, not from new to oldMartin Willi2012-12-101-5/+5
|
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-291-2/+3
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-291-5/+16
| | | | required
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-291-4/+4
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-241-1/+1
|
* Added a new alert that is raised if peer does not respond to initial IKE messageTobias Brunner2012-10-161-0/+2
|
* IKE_AUTH_LIFETIME task is not defined if IKEv2 is disabledTobias Brunner2012-09-251-1/+4
| | | | Fixes #229.
* Pass full pool list to release_addressMartin Willi2012-09-111-13/+8
|
* Only initiate an exchange from send_dpd() if a task was actually queuedTobias Brunner2012-09-071-2/+8
| | | | | Otherwise, the initiator would prematurely initiate Quick Mode if it has DPD enabled and XAuth is used.
* Trigger ike_updown event caused by retransmits only after reestablish() has ↵Tobias Brunner2012-09-061-0/+4
| | | | | | | | been called This allows listeners to migrate to the new IKE_SA with the ike_reestablish event without having to worry about an ike_updown event for the old IKE_SA.
* Add ike_reestablish() event that is triggered when an IKE_SA is reestablishedTobias Brunner2012-09-061-0/+1
| | | | | This is particularly useful during reauthentication to get the new IKE_SA.
* Add a new condition to mark IKE_SAs that are currently being reauthenticatedTobias Brunner2012-09-061-9/+4
|
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-051-0/+18
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-4/+14
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-45/+39
|
* Increase log verbosity when sending NAT keep-alivesTobias Brunner2012-08-081-1/+1
|
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-4/+7
|
* Use send_no_marker to send NAT keepalives.Tobias Brunner2012-08-081-1/+1
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-4/+4
| | | | configurable.
* Block XAuth transaction on established IKE_SAs, but allow Mode ConfigMartin Willi2012-08-031-1/+0
|
* Reject initial exchange messages early once IKE_SA is establishedMartin Willi2012-08-021-0/+18
|
* implemented the right|leftallowany featureAndreas Steffen2012-06-081-8/+13
|
* Avoid queueing more than one retry initiate job.Tobias Brunner2012-05-301-3/+25
|
* Retry IKE_SA initiation if DNS resolution failed.Tobias Brunner2012-05-301-4/+39
| | | | | This is disabled by default and can be enabled with the charon.retry_initiate_interval option in strongswan.conf.
* Resolve hosts before reauthenticating due to address change.Tobias Brunner2012-05-251-0/+2
|
* Don't queue delete_ike_sa job when setting IKE_DELETING.Tobias Brunner2012-05-251-8/+0
| | | | | This avoids deleting IKE_SAs during reauthentication (without trying to reestablish them).
* During reauthentication reestablish IKE_SA even if deleting the old one fails.Tobias Brunner2012-05-251-0/+6
|
* Integrated main parts of IKE_REAUTH task into ike_sa_t.reestablish.Tobias Brunner2012-05-251-28/+74
|
* Fixed route lookup in case MOBIKE is not enabled.Tobias Brunner2012-05-251-3/+9
|
* Wrap task managers flush_queue() in IKE_SAMartin Willi2012-05-211-0/+7
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-031-2/+2
| | | | Also fixes several whitespace errors.
* Merge branch 'ikev1'Martin Willi2012-05-021-309/+142
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-309/+142
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| | * Trigger DPD not before IKE_SA state gets updatedMartin Willi2012-03-201-13/+15
| | |
| | * Don't re-resolve addresses during initiate if they have already been setMartin Willi2012-03-201-1/+5
| | |
| | * Update state before triggering DPD, as we cancel it if PASSIVEMartin Willi2012-03-201-0/+1
| | |
| | * Invoke bus_t.message hook twice, once plain and parsed, once encoded and ↵Martin Willi2012-03-201-2/+9
| | | | | | | | | | | | encrypted
| | * Invoke ike_updown hooks for reauthenticated IKEv1 SAsMartin Willi2012-03-201-0/+1
| | |
| | * Disable DPD checking for peers not supporting itMartin Willi2012-03-201-1/+13
| | |
| | * Don't retransmit, rekey, reauth or DPD check SAs when in PASSIVE stateMartin Willi2012-03-201-0/+24
| | |
| | * Destroy IKE_SA after reauthentication initiatend and lifetime limit reachedMartin Willi2012-03-201-1/+6
| | |
| | * Query for XAuth identity in get_other_eap_id(), tooMartin Willi2012-03-201-0/+4
| | |
| | * Support initiation of childless IKEv1 ISAKMP SAsMartin Willi2012-03-201-1/+2
| | |
| | * Don't trigger reauthentication if initiator authenticated using XAuthMartin Willi2012-03-201-0/+1
| | |
| | * Do not query CHILD_SA during delete if they already expiredMartin Willi2012-03-201-2/+3
| | |
| | * Handle initiation of not supported IKE versions properlyMartin Willi2012-03-201-5/+21
| | |
| | * Implemented resetting of IKEv1 task manager, enabling additional keyingtriesMartin Willi2012-03-201-1/+1
| | |
| | * Check message version before processing it on an IKE_SAMartin Willi2012-03-201-0/+10
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-16 07:22:09 +0000