aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1/tasks
Commit message (Collapse)AuthorAgeFilesLines
...
* In mode_config, destroy temporary pool list instead of the virtual IP list twiceMartin Willi2012-09-051-1/+1
|
* Request and acquire multiple virtual IPs in IKEv1 Mode ConfigMartin Willi2012-08-301-47/+61
|
* Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-301-2/+9
|
* Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-301-11/+35
|
* Support multiple address pools configured on a peer_cfgMartin Willi2012-08-303-5/+12
|
* Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-304-23/+46
|
* Merge branch 'android-ndk'Tobias Brunner2012-08-131-1/+2
|\ | | | | | | | | | | | | | | | | | | | | | | This branch comes with some preliminary changes for the user-land IPsec implementation and the Android App. One important change is that the UDP ports used by the socket-default plugin were made configurable (either via ./configure or strongswan.conf). Also, the plugin does randomly allocate a port if it is configured to 0, which is useful for client implementations. A consequence of these changes is that the local UDP port used when creating ike_cfg_t objects has to be fetched from the socket.
| * Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-1/+2
| |
| * Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-1/+1
| | | | | | | | configurable.
* | Use actual daemon name to enable XAuth/PSK with aggressive modeMartin Willi2012-08-101-2/+3
|/
* Implement late peer config switching after XAuth authenticationMartin Willi2012-07-261-15/+80
| | | | | | | If additional authentication constraints, such as group membership, is not fulfilled by an XAuth backend, we search for another peer configuration that fulfills all constraints, including those from phase1.
* Check if XAuth round complies to configured authentication roundMartin Willi2012-07-261-7/+18
|
* Merge auth config items added from XAuth backends to IKE_SAMartin Willi2012-07-261-0/+1
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-161-3/+17
|
* Check rng return value when generating fake NAT detection payloadsTobias Brunner2012-07-161-2/+3
|
* Nonce: Let get_nonce, allocate_nonce return booleanReto Buerki2012-07-161-1/+6
|
* Send cert request based on peers configured authentication classMartin Willi2012-07-101-3/+30
|
* Don't send CERTREQs when initiating aggressive mode PSKMartin Willi2012-07-091-0/+4
|
* As a responder, don't start a TRANSACTION request if we expect one from the ↵Martin Willi2012-06-292-2/+4
| | | | initiator
* Queue a mode config task as responder if we need a virtual IPMartin Willi2012-06-272-4/+16
|
* Add basic support for XAuth responder authenticationMartin Willi2012-06-272-8/+10
|
* support Cisco Unity VIDAndreas Steffen2012-06-251-3/+6
|
* Enforce uniqueids=keep based on XAuth identityMartin Willi2012-06-251-0/+6
|
* Don't send XAUTH_OK if a hook prevents SA to establishMartin Willi2012-06-251-4/+14
|
* Enforce uniqueids=keep only for non-XAuth Main/Agressive ModesMartin Willi2012-06-252-28/+28
|
* Add missing XAuth name variable when complaining about missing XAuth backendMartin Willi2012-06-251-1/+1
|
* Fix SIGSEGV if kernel install fails during Quick Mode as responder.Tobias Brunner2012-06-221-4/+8
|
* Adopt children as XAuth initiator (which is IKE responder)Martin Willi2012-06-141-2/+2
|
* Require a scary option to respond to Aggressive Mode PSK requestsMartin Willi2012-06-141-0/+17
| | | | | | | | While Aggressive Mode PSK is widely used, it is known to be subject to dictionary attacks by passive attackers. We don't complain as initiator to be compatible with existing (insecure) setups, but require a scary strongswan.conf option if someone wants to use it as responder.
* Enforce uniqueness policy in IKEv1 main and aggressive modesMartin Willi2012-06-082-0/+29
|
* Use traffic selectors passed to quick mode constructor as initiatorMartin Willi2012-06-081-2/+10
|
* Added log message if peer does not accept/provide IPComp proposal.Tobias Brunner2012-05-241-2/+12
|
* Added support to negotiate IPComp during Quick Mode.Tobias Brunner2012-05-241-11/+91
|
* Added support for IKEv1 IPComp proposals in SA payload.Tobias Brunner2012-05-243-6/+6
|
* Fix memleak during Quick Mode in case no SPI can be allocated from kernel.Tobias Brunner2012-05-241-8/+8
|
* Apply IDir before deriving keys as aggressive initiatorMartin Willi2012-05-231-4/+4
|
* Switch to alternative peer config in IKEv1 Main and Aggressive Mode.Tobias Brunner2012-05-212-18/+35
|
* Cancel active quick mode task when receiving INFORMATIONAL errorMartin Willi2012-05-211-0/+30
|
* Flush task queues explicitly, not implicitly if task returns ALREADY_DONEMartin Willi2012-05-214-0/+12
|
* Remove executable flag from source files.Tobias Brunner2012-05-189-0/+0
|
* Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, ↵Tobias Brunner2012-05-1813-14/+14
| | | | tasks etc.).
* Use nonce_gen instead of rng to generate noncesAdrian-Ken Rueegsegger2012-05-181-6/+6
| | | | | Replace usage of rng plugin with nonce generator to create nonces in IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
* Moved IKEv1 DPD processing to task manager, fix sequence issuesMartin Willi2012-05-152-39/+9
|
* allow private algorithmsAndreas Steffen2012-05-052-4/+16
|
* vendor ID cosmeticsAndreas Steffen2012-05-051-2/+2
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-032-2/+2
| | | | Also fixes several whitespace errors.
* Added another bunch of commonly used IKEv1 NATT vendor IDsMartin Willi2012-04-041-1/+19
|
* Store authentication info of a XAUTH round on IKE_SAMartin Willi2012-03-221-0/+16
|
* Reply with received configuration payload identifier in Mode ConfigMartin Willi2012-03-201-0/+8
|
* Implemented handling of UNITY_LOAD_BALANCE as reauthentication.Tobias Brunner2012-03-201-3/+11
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 18:57:52 +0000