aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ike_sa.h
Commit message (Collapse)AuthorAgeFilesLines
* ikev2: Enable signature authentication by transmitting supported hash algorithmsTobias Brunner2015-03-041-0/+5
|
* ikev2: Trigger make-before-break reauthentication instead of reauth taskMartin Willi2015-02-201-2/+3
|
* ikev1: Add fragmentation support for Windows peersVolker Rümelin2014-10-101-1/+1
| | | | | | | | I still think ipsec/l2tp with fragmentation support is a useful fallback option in case the Windows IKEv2 connection fails because of fragmentation problems. Tested with Windows XP, 7 and 8.1.
* ikev2: Negotiate support for IKEv2 fragmentationTobias Brunner2014-10-101-1/+1
|
* ike: Move fragmentation to ike_sa_tTobias Brunner2014-10-101-6/+24
| | | | | | | | | The message() hook on bus_t is now called exactly once before (plain) and once after fragmenting (!plain), not twice for the complete message and again for each individual fragment, as was the case in earlier iterations. For inbound messages the hook is called once for each fragment (!plain) and twice for the reassembled message.
* ike: Create an enumerator for (un-)handled configuration attributes on IKE_SAMartin Willi2014-06-161-0/+11
|
* ike: Store unhandled attributes on IKE_SA as wellMartin Willi2014-06-161-0/+3
|
* ikev2: Add inherit_pre() to apply config and hosts before IKE_SA rekeyingMartin Willi2014-04-171-1/+11
|
* Fix various API doc issues and typosTobias Brunner2013-07-181-7/+5
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* Fix IKE SA inherit API docAdrian-Ken Rueegsegger2013-01-221-2/+1
|
* Detect a peer's support for IKE fragmentationTobias Brunner2012-12-241-0/+5
| | | | Fragments are accepted even if this vendor ID is not seen.
* Add support for draft-ietf-ipsec-nat-t-ike-03 and earlierVolker Rümelin2012-12-191-0/+7
| | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947.
* Moved packet_t and tun_device_t to networking folderTobias Brunner2012-10-241-1/+1
|
* Add a new condition to mark IKE_SAs that are currently being reauthenticatedTobias Brunner2012-09-061-0/+5
|
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-051-0/+7
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-5/+5
|
* Moved packet_t to libstrongswanTobias Brunner2012-08-081-0/+1
|
* support Cisco Unity VIDAndreas Steffen2012-06-251-0/+5
|
* Avoid queueing more than one retry initiate job.Tobias Brunner2012-05-301-0/+9
|
* Wrap task managers flush_queue() in IKE_SAMartin Willi2012-05-211-0/+7
|
* Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-6/+52
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| * Disable DPD checking for peers not supporting itMartin Willi2012-03-201-0/+5
| |
| * Set a condition flag if peer has been authenticated using XAuthMartin Willi2012-03-201-0/+5
| |
| * Do not query CHILD_SA during delete if they already expiredMartin Willi2012-03-201-1/+3
| |
| * Separated libcharon/sa directory with ikev1 and ikev2 subfoldersMartin Willi2012-03-201-1/+1
| |
| * Remove executable flag from source code filesMartin Willi2012-03-201-0/+0
| |
| * Replace xauth_request task with a new stub where we reimplement itMartin Willi2012-03-201-5/+8
| |
| * Handling of initial contactClavister OpenSource2012-03-201-0/+5
| |
| * IKEv1 XAuth: Adding "initiate" flag parameter to the initiate_xauth method, ↵Clavister OpenSource2012-03-201-1/+1
| | | | | | | | signalling whether or not to call the task_manager->initiate method after queueing the task.
| * Handle IKEv1 NAT-T vendor ID payload (only RFC 3947 for now).Tobias Brunner2012-03-201-1/+1
| |
| * IKEv1 XAuth: Add "initiate xauth" method, which adds the xauth task into the ↵Clavister OpenSource2012-03-201-0/+5
| | | | | | | | queue for initiation.
| * Addded ike_sa_t.set_statistic to set timestamps from task manager.Tobias Brunner2012-03-201-0/+8
| |
| * Revert "IKEv1 XAuth: Temporarilty add an "initiate_later" flag to the task ↵Clavister OpenSource2012-03-201-5/+0
| | | | | | | | | | | | | | | | | | | | manager. When set to TRUE it will cause "initiate" to be called when the current process_response call is finished. This change should be reverted once we have a better method in place." This reverts commit c6c28f4ac522dd8afb457847bca79eee77f78706. Revert "IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t. This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode. This change should be reverted once we have a better method to initiate this exchange." This reverts commit 5529dc50477e25df9dd5f3c442bb1521c0baf225.
| * IKEv1 XAuth: Added temporary "initiate_xauth" public method to ike_sa_t. ↵Clavister OpenSource2012-03-201-0/+5
| | | | | | | | This allows us to initiate an XAuth password authentication exchange after responding to the final message of Main Mode. This change should be reverted once we have a better method to initiate this exchange.
| * XAUTH is initiated based on configuration, no need to call externallyMartin Willi2012-03-201-5/+0
| |
| * IKEv1 XAUTH: Added ability to configure XAUTH+PSK. Added task to handle ↵Clavister OpenSource2012-03-201-0/+10
| | | | | | | | XAUTH requests. Modified task_manager_v1 to enable it to initiate new tasks immediately after finishing a response.
| * Don't compare initiator flag in IKE_SA manager, pass initiator parameter to ↵Martin Willi2012-03-201-1/+3
| | | | | | | | IKE_SA constructor
| * Store IKE version of an SA on ike_sa_t.Tobias Brunner2012-03-201-4/+10
| |
* | Renamed list of additional peer addresses as it now stores all known addresses.Tobias Brunner2012-03-091-6/+6
| |
* | Send an AUTH_LIFETIME update after updating the lifetime, but can not reauth ↵Martin Willi2012-03-051-2/+6
|/ | | | actively
* Try to detect Windows Clients by looking for INTERNAL_IP4/6_SERVER attributeMartin Willi2011-08-191-0/+5
|
* Fixed common misspellings.Tobias Brunner2011-07-201-1/+1
| | | | Mostly found by 'codespell'.
* Replaced ike_sa_t.create_additional_address_iterator with enumerator.Tobias Brunner2011-07-061-3/+8
|
* Replaced ike_sa_t.create_child_sa_iterator with enumerator.Tobias Brunner2011-07-061-43/+57
| | | | | This required two new methods on ike_sa_t. One returns the number of CHILD_SAs and one allows to remove a CHILD_SA.
* Move establish/inherit of rekeyed IKE_SAs to delete messagesMartin Willi2011-03-151-2/+1
| | | | | | | | Having the inherit() function delayed to the IKE_SA establish procedure was problematic. The task destroy function was never a good place and results in locking/cleanup problems. After establishing the SA, it should be really checked in ASAP to avoid any triggered DPD checks to get lost.
* Force port update as responder when initiator switches to 4500 in IKE_AUTHMartin Willi2011-01-121-1/+2
|
* Slightly refactored port floating.Tobias Brunner2010-08-301-0/+8
| | | | In case of MOBIKE, only float to port 4500 if the other peer actually supports MOBIKE.
* Moved credential manager to libstrongswanMartin Willi2010-07-131-1/+1
|
* Wrap task enumerator in ike_saMartin Willi2010-06-071-1/+9
|
* Release virtual IPs with the same identity as we acquired itMartin Willi2010-03-251-0/+7
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-27 15:51:08 +0000