aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1/tasks/main_mode.c
Commit message (Collapse)AuthorAgeFilesLines
* ike: Do not send initial contact only for UNIQUE_NEVERThomas Egerer2017-11-021-2/+1
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* ike: Add configuration option to switch to preferring supplied proposals ↵Tobias Brunner2016-06-171-3/+5
| | | | over local ones
* ike-cfg: Add option to prefer supplied proposals over locally configured onesTobias Brunner2016-06-171-2/+2
|
* Use standard unsigned integer typesAndreas Steffen2016-03-241-6/+6
|
* ikev1: Set protocol ID and SPIs in INITIAL-CONTACT notification payloadsTobias Brunner2015-03-061-2/+13
| | | | | | | The payload we sent before is not compliant with RFC 2407 and thus some peers might abort negotiation (e.g. with an INVALID-PROTOCOL-ID error). Fixes #819.
* ikev1: Send INITIAL_CONTACT notify in Main ModeThomas Egerer2014-10-301-0/+28
| | | | | | | | | We currently send the notify in Main Mode only, as it is explicitly not allowed by RFC 2407 to send (unprotected) notifications in Aggressive Mode. To make that work, we'd need to handle that notify in Aggressive Mode, which could allow a MitM to inject such notifies and do some harm. Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* ikev1: Defer Mode Config push after CHILD adoption when using XAuthMartin Willi2014-08-251-2/+7
|
* ikev1: Defer Mode Config push after CHILD adoption and reauth detectionMartin Willi2014-08-251-5/+17
| | | | | | | | When an initiator starts reauthentication on a connection that uses push mode to assign a virtual IP, we can't execute the Mode Config before releasing the virtual IP. Otherwise we would request a new and different lease, which the client probably can't handle. Defer Mode Config execution, so the same IP gets first released then reassigned during reauthentication.
* payload: Use common prefixes for all payload type identifiersMartin Willi2014-06-041-8/+8
| | | | | The old identifiers did not use a proper namespace and often clashed with other defines.
* ikev1: implement mode config push modeMartin Willi2013-09-041-15/+51
|
* Delete IKE_SAs if responder does not initiate XAuth exchange within a ↵Tobias Brunner2013-03-191-1/+8
| | | | certain time frame
* Add support for draft-ietf-ipsec-nat-t-ike-03 and earlierVolker Rümelin2012-12-191-2/+4
| | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947.
* Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-1/+1
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-2/+2
|
* As a responder, don't start a TRANSACTION request if we expect one from the ↵Martin Willi2012-06-291-1/+2
| | | | initiator
* Queue a mode config task as responder if we need a virtual IPMartin Willi2012-06-271-2/+8
|
* Add basic support for XAuth responder authenticationMartin Willi2012-06-271-4/+5
|
* Enforce uniqueids=keep only for non-XAuth Main/Agressive ModesMartin Willi2012-06-251-12/+14
|
* Enforce uniqueness policy in IKEv1 main and aggressive modesMartin Willi2012-06-081-0/+13
|
* Added support for IKEv1 IPComp proposals in SA payload.Tobias Brunner2012-05-241-2/+2
|
* Switch to alternative peer config in IKEv1 Main and Aggressive Mode.Tobias Brunner2012-05-211-13/+17
|
* Flush task queues explicitly, not implicitly if task returns ALREADY_DONEMartin Willi2012-05-211-0/+4
|
* Remove executable flag from source files.Tobias Brunner2012-05-181-0/+0
|
* allow private algorithmsAndreas Steffen2012-05-051-2/+8
|
* Set selected proposal on IKEv1 SA, don't pass it separately to Phase 1 helperMartin Willi2012-03-201-6/+6
|
* Invoke authorization hooks for IKEv1 connectionsMartin Willi2012-03-201-10/+37
|
* Simplified DPD handling by using a task for a single message onlyMartin Willi2012-03-201-1/+1
|
* Isakmp_dpd task added.Clavister OpenSource2012-03-201-1/+1
|
* Streamlined debug output when initiating IKEv1 IKE_SAsMartin Willi2012-03-201-1/+1
|
* Select IKEv1 configurations by main/aggressive mode optionMartin Willi2012-03-201-1/+1
|
* Make use of the new Phase 1 helper class in main modeMartin Willi2012-03-201-579/+73
|
* Fix error handling if no PSK found for main modeMartin Willi2012-03-201-5/+9
|
* Try to detect reauthentication as responder and adopt children to new SAMartin Willi2012-03-201-0/+4
|
* Include peer config overtime in negotiated ISAKMP SA lifetimeMartin Willi2012-03-201-2/+3
|
* Queue Mode Config tasks after main mode as initiator, not as responderMartin Willi2012-03-201-6/+6
|
* Implemented migration of Main Mode taskMartin Willi2012-03-201-0/+13
|
* Separated libcharon/sa directory with ikev1 and ikev2 subfoldersMartin Willi2012-03-201-0/+1155
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-29 09:52:11 +0000