aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1
Commit message (Collapse)AuthorAgeFilesLines
...
* Don't complain about multiple TS in IKEv1, as it supported with UnityMartin Willi2012-09-181-5/+0
|
* Derive a dynamic TS to multiple virtual IPsMartin Willi2012-09-181-23/+28
|
* Use the vararg list constructor in quick mode taskMartin Willi2012-09-181-16/+8
|
* Change traffic selectors during Quick Mode in case of a NAT in transport modeTobias Brunner2012-09-141-9/+19
| | | | | | | | | Windows 7 sends its internal address as TSi. While we don't support the NAT-T drafts as used by Windows XP it is interesting to note that the client there omits the TSi payload which then would automatically get set to the public IP address of the client. Fixes #220.
* Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is emptyMartin Willi2012-09-111-29/+14
|
* Don't use host address for dynamic TS in IKEv1 if a virtual IP was expectedMartin Willi2012-09-111-40/+57
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-111-20/+6
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add a responder narrow() hook to change TS in the kernel, but not on the wireMartin Willi2012-09-111-2/+20
|
* Trigger ike_updown event caused by retransmits only after reestablish() has ↵Tobias Brunner2012-09-061-5/+1
| | | | | | | | been called This allows listeners to migrate to the new IKE_SA with the ike_reestablish event without having to worry about an ike_updown event for the old IKE_SA.
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-051-0/+4
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* In mode_config, destroy temporary pool list instead of the virtual IP list twiceMartin Willi2012-09-051-1/+1
|
* Merge branch 'multi-vip'Martin Willi2012-08-317-62/+199
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * Request and acquire multiple virtual IPs in IKEv1 Mode ConfigMartin Willi2012-08-301-47/+61
| |
| * Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-301-2/+9
| |
| * Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-301-11/+35
| |
| * Support multiple address pools configured on a peer_cfgMartin Willi2012-08-306-6/+45
| |
| * Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-307-28/+81
| |
* | Fall back to local address as IKEv1 identity if nothing else is configuredTobias Brunner2012-08-241-2/+14
|/
* Merge branch 'android-ndk'Tobias Brunner2012-08-131-1/+2
|\ | | | | | | | | | | | | | | | | | | | | | | This branch comes with some preliminary changes for the user-land IPsec implementation and the Android App. One important change is that the UDP ports used by the socket-default plugin were made configurable (either via ./configure or strongswan.conf). Also, the plugin does randomly allocate a port if it is configured to 0, which is useful for client implementations. A consequence of these changes is that the local UDP port used when creating ike_cfg_t objects has to be fetched from the socket.
| * Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-1/+2
| |
| * Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-1/+1
| | | | | | | | configurable.
* | Use actual daemon name to enable XAuth/PSK with aggressive modeMartin Willi2012-08-101-2/+3
|/
* Remove queued IKEv1 message before processing itMartin Willi2012-08-081-3/+5
| | | | | Avoids destruction or processing of a queued message in recursive process_message() call.
* Block XAuth transaction on established IKE_SAs, but allow Mode ConfigMartin Willi2012-08-031-1/+1
|
* Lookup IKEv1 PSK even if the peer identity is not knownMartin Willi2012-07-311-1/+1
|
* Implement late peer config switching after XAuth authenticationMartin Willi2012-07-261-15/+80
| | | | | | | If additional authentication constraints, such as group membership, is not fulfilled by an XAuth backend, we search for another peer configuration that fulfills all constraints, including those from phase1.
* Check if XAuth round complies to configured authentication roundMartin Willi2012-07-261-7/+18
|
* Merge auth config items added from XAuth backends to IKE_SAMartin Willi2012-07-261-0/+1
|
* Refactored error handling in keymat_v1_tMartin Willi2012-07-161-25/+27
|
* Cleaned up memory management and return values for encryption payloadMartin Willi2012-07-161-1/+4
|
* Add a return value to hasher_t.allocate_hash()Martin Willi2012-07-162-8/+31
|
* Add a return value to keymat_v1_t.{get,update,confirm}_ivMartin Willi2012-07-162-13/+31
|
* Add a return value to crypter_t.set_key()Martin Willi2012-07-161-3/+6
|
* Add a return value to crypter_t.decrypt()Martin Willi2012-07-161-2/+1
|
* Add a return value to crypter_t.encryptMartin Willi2012-07-161-2/+1
|
* Check rng return value when generating IKEv1 message IDsTobias Brunner2012-07-161-8/+20
|
* Check rng return value when generating fake NAT detection payloadsTobias Brunner2012-07-161-2/+3
|
* Nonce: Let get_nonce, allocate_nonce return booleanReto Buerki2012-07-162-2/+12
|
* Add a return value to prf_t.set_key()Martin Willi2012-07-161-10/+25
|
* Add a return value to prf_t.allocate_bytes()Martin Willi2012-07-161-11/+45
|
* Use a bool return value in keymat_v1_t.get_hash_phase2()Martin Willi2012-07-162-27/+27
|
* Add a return value to keymat_v1_t.get_hash()Martin Willi2012-07-164-17/+35
|
* Add a return value to prf_t.get_bytes()Martin Willi2012-07-161-9/+19
|
* prf_plus_create() can return NULL on failureMartin Willi2012-07-161-0/+10
|
* Add a return value to prf_plus_t.allocate_bytes()Martin Willi2012-07-161-4/+14
|
* Add a return value to aead_t.set_key()Martin Willi2012-07-161-1/+2
|
* Add a return value to aead_t.encrypt()Martin Willi2012-07-161-1/+2
|
* Send cert request based on peers configured authentication classMartin Willi2012-07-101-3/+30
|
* Don't send CERTREQs when initiating aggressive mode PSKMartin Willi2012-07-091-0/+4
|
* As a responder, don't start a TRANSACTION request if we expect one from the ↵Martin Willi2012-06-292-2/+4
| | | | initiator
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 07:27:41 +0000