aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
Commit message (Collapse)AuthorAgeFilesLines
* ike: Add configuration option to switch to preferring supplied proposals ↵Tobias Brunner2016-06-171-1/+4
| | | | over local ones
* ike-cfg: Add option to prefer supplied proposals over locally configured onesTobias Brunner2016-06-171-2/+2
|
* Use standard unsigned integer typesAndreas Steffen2016-03-241-5/+5
|
* ikev1: Defer Mode Config push after CHILD adoption when using XAuthMartin Willi2014-08-251-2/+7
|
* ikev1: Defer Mode Config push after CHILD adoption and reauth detectionMartin Willi2014-08-251-5/+18
| | | | | | | | When an initiator starts reauthentication on a connection that uses push mode to assign a virtual IP, we can't execute the Mode Config before releasing the virtual IP. Otherwise we would request a new and different lease, which the client probably can't handle. Defer Mode Config execution, so the same IP gets first released then reassigned during reauthentication.
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-041-8/+8
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* libcharon: Use lib->ns instead of charon->nameTobias Brunner2014-02-121-1/+1
|
* ikev1: Fix config switching due to failed authentication during Aggressive modeTobias Brunner2014-02-121-3/+1
| | | | | | | The encoded ID payload gets destroyed by the authenticator, which caused a segmentation fault after the switch. Fixes #501.
* ikev1: implement mode config push modeMartin Willi2013-09-041-15/+52
|
* Delete IKE_SAs if responder does not initiate XAuth exchange within a ↵Tobias Brunner2013-03-191-1/+8
| | | | certain time frame
* Add support for draft-ietf-ipsec-nat-t-ike-03 and earlierVolker Rümelin2012-12-191-2/+4
| | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947.
* Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-1/+1
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-2/+2
|
* Use actual daemon name to enable XAuth/PSK with aggressive modeMartin Willi2012-08-101-2/+3
|
* As a responder, don't start a TRANSACTION request if we expect one from the ↵Martin Willi2012-06-291-1/+2
| | | | initiator
* Queue a mode config task as responder if we need a virtual IPMartin Willi2012-06-271-2/+8
|
* Add basic support for XAuth responder authenticationMartin Willi2012-06-271-4/+5
|
* Enforce uniqueids=keep only for non-XAuth Main/Agressive ModesMartin Willi2012-06-251-16/+14
|
* Require a scary option to respond to Aggressive Mode PSK requestsMartin Willi2012-06-141-0/+17
| | | | | | | | While Aggressive Mode PSK is widely used, it is known to be subject to dictionary attacks by passive attackers. We don't complain as initiator to be compatible with existing (insecure) setups, but require a scary strongswan.conf option if someone wants to use it as responder.
* Enforce uniqueness policy in IKEv1 main and aggressive modesMartin Willi2012-06-081-0/+16
|
* Added support for IKEv1 IPComp proposals in SA payload.Tobias Brunner2012-05-241-2/+2
|
* Apply IDir before deriving keys as aggressive initiatorMartin Willi2012-05-231-4/+4
|
* Switch to alternative peer config in IKEv1 Main and Aggressive Mode.Tobias Brunner2012-05-211-5/+18
|
* Flush task queues explicitly, not implicitly if task returns ALREADY_DONEMartin Willi2012-05-211-0/+4
|
* Remove executable flag from source files.Tobias Brunner2012-05-181-0/+0
|
* Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helperMartin Willi2012-03-201-6/+6
|
* Invoke authorization hooks for IKEv1 connectionsMartin Willi2012-03-201-11/+39
|
* Simplified DPD handling by using a task for a single message onlyMartin Willi2012-03-201-1/+1
|
* Isakmp_dpd task added.Clavister OpenSource2012-03-201-1/+1
|
* Streamlined debug output when initiating IKEv1 IKE_SAsMartin Willi2012-03-201-1/+1
|
* Select IKEv1 configurations by main/aggressive mode optionMartin Willi2012-03-201-1/+1
|
* Implemented aggressive mode using Phase 1 helper classMartin Willi2012-03-201-0/+629
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 13:53:55 +0000