aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1
Commit message (Collapse)AuthorAgeFilesLines
* Properly send IKEv1 packets if no ike_cfg is known yetTobias Brunner2013-01-141-2/+5
| | | | This applies for error notifies.
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-122-22/+371
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Added an option to configure the maximum size of a fragmentTobias Brunner2013-01-121-3/+10
| |
| * Properly detect fragmentation capabilitiesTobias Brunner2013-01-121-3/+27
| | | | | | | | Cisco sends 0xc0000000 so we check that part of the VID separately.
| * Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-122-3/+6
| |
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-242-10/+7
| |
| * Add an option to en-/disable IKE fragmentationTobias Brunner2012-12-242-5/+20
| | | | | | | | | | Fragments are always accepted but will not be sent if disabled. The vendor ID is only sent if the option is enabled.
| * Split larger messages into fragments if IKE fragmentation is supported by peerTobias Brunner2012-12-241-14/+114
| |
| * Log added NAT-T vendor IDsTobias Brunner2012-12-241-0/+1
| |
| * Detect a peer's support for IKE fragmentationTobias Brunner2012-12-241-0/+4
| | | | | | | | Fragments are accepted even if this vendor ID is not seen.
| * Don't handle fragmented messages larger than charon.max_packetTobias Brunner2012-12-241-4/+39
| |
| * Store inbound IKE fragments and reassemble the message when all fragments ↵Tobias Brunner2012-12-241-3/+166
| | | | | | | | are received
* | Streamline debug output when receiving intermediate CA certificates in IKEv1Martin Willi2013-01-111-1/+1
| |
* | Refactored IKEv1 cert payload processing to multiple functionsMartin Willi2013-01-111-73/+102
| |
* | IKEv1 support for PKCS#7 wrapped certificatesVolker Rümelin2013-01-111-0/+70
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-111-1/+1
|/
* Add parantheses to avoid compiler warningMartin Willi2012-12-241-1/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2012-12-201-1/+1
|
* Add support for draft-ietf-ipsec-nat-t-ike-03 and earlierVolker Rümelin2012-12-195-36/+204
| | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947.
* Fix traffic selectors also as initiator in case of transport mode over NATTobias Brunner2012-12-131-1/+1
|
* Fix debug output if responder selected invalid traffic selectors during QMTobias Brunner2012-12-131-2/+2
|
* Add alerts for sent/received message retransmissions and timeoutMartin Willi2012-11-291-0/+3
|
* Log sent vendor IDs for IKEv1Tobias Brunner2012-11-021-0/+1
|
* Fixed log message when no shared secret is found during IKEv1 Main ModeTobias Brunner2012-10-291-1/+1
|
* Remove all ESP proposals with non-matching DH group during Quick ModeTobias Brunner2012-10-241-10/+22
| | | | | | According to RFC 2409, section 5.5, if PFS is used all proposals MUST include the selected DH group, so we remove proposals without the proposed group and remove other DH groups from the remaining proposals.
* Moved data structures to new collections subfolderTobias Brunner2012-10-242-2/+2
|
* Raise a bus alert when IKE message body parsing failsMartin Willi2012-10-241-0/+2
|
* Respect IKE version while selecting an ike_cfg as responderMartin Willi2012-10-241-1/+2
|
* Missed one in 6c10ceceTobias Brunner2012-09-281-0/+2
|
* Request is never NULL when responding with an INFORMATIONAL messageTobias Brunner2012-09-281-1/+1
|
* Completed state handling in isakmp_cert_preTobias Brunner2012-09-281-0/+4
| | | | Should not be a problem, but makes static analyzers happy.
* Don't complain about multiple TS in IKEv1, as it supported with UnityMartin Willi2012-09-181-5/+0
|
* Derive a dynamic TS to multiple virtual IPsMartin Willi2012-09-181-23/+28
|
* Use the vararg list constructor in quick mode taskMartin Willi2012-09-181-16/+8
|
* Change traffic selectors during Quick Mode in case of a NAT in transport modeTobias Brunner2012-09-141-9/+19
| | | | | | | | | Windows 7 sends its internal address as TSi. While we don't support the NAT-T drafts as used by Windows XP it is interesting to note that the client there omits the TSi payload which then would automatically get set to the public IP address of the client. Fixes #220.
* Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is emptyMartin Willi2012-09-111-29/+14
|
* Don't use host address for dynamic TS in IKEv1 if a virtual IP was expectedMartin Willi2012-09-111-40/+57
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-111-20/+6
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add a responder narrow() hook to change TS in the kernel, but not on the wireMartin Willi2012-09-111-2/+20
|
* Trigger ike_updown event caused by retransmits only after reestablish() has ↵Tobias Brunner2012-09-061-5/+1
| | | | | | | | been called This allows listeners to migrate to the new IKE_SA with the ike_reestablish event without having to worry about an ike_updown event for the old IKE_SA.
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-051-0/+4
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* In mode_config, destroy temporary pool list instead of the virtual IP list twiceMartin Willi2012-09-051-1/+1
|
* Merge branch 'multi-vip'Martin Willi2012-08-317-62/+199
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * Request and acquire multiple virtual IPs in IKEv1 Mode ConfigMartin Willi2012-08-301-47/+61
| |
| * Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-301-2/+9
| |
| * Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-301-11/+35
| |
| * Support multiple address pools configured on a peer_cfgMartin Willi2012-08-306-6/+45
| |
| * Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-307-28/+81
| |
* | Fall back to local address as IKEv1 identity if nothing else is configuredTobias Brunner2012-08-241-2/+14
|/
* Merge branch 'android-ndk'Tobias Brunner2012-08-131-1/+2
|\ | | | | | | | | | | | | | | | | | | | | | | This branch comes with some preliminary changes for the user-land IPsec implementation and the Android App. One important change is that the UDP ports used by the socket-default plugin were made configurable (either via ./configure or strongswan.conf). Also, the plugin does randomly allocate a port if it is configured to 0, which is useful for client implementations. A consequence of these changes is that the local UDP port used when creating ike_cfg_t objects has to be fetched from the socket.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 13:42:18 +0000