aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa/ikev1
Commit message (Collapse)AuthorAgeFilesLines
...
* Defer quick mode initiation if we expect a mode config requestMartin Willi2012-06-271-1/+20
|
* Queue a mode config task as responder if we need a virtual IPMartin Willi2012-06-272-4/+16
|
* Add basic support for XAuth responder authenticationMartin Willi2012-06-272-8/+10
|
* support Cisco Unity VIDAndreas Steffen2012-06-251-3/+6
|
* Enforce uniqueids=keep based on XAuth identityMartin Willi2012-06-251-0/+6
|
* Don't send XAUTH_OK if a hook prevents SA to establishMartin Willi2012-06-251-4/+14
|
* Enforce uniqueids=keep only for non-XAuth Main/Agressive ModesMartin Willi2012-06-252-28/+28
|
* Add missing XAuth name variable when complaining about missing XAuth backendMartin Willi2012-06-251-1/+1
|
* Fix SIGSEGV if kernel install fails during Quick Mode as responder.Tobias Brunner2012-06-221-4/+8
|
* Adopt children as XAuth initiator (which is IKE responder)Martin Willi2012-06-141-2/+2
|
* Require a scary option to respond to Aggressive Mode PSK requestsMartin Willi2012-06-141-0/+17
| | | | | | | | While Aggressive Mode PSK is widely used, it is known to be subject to dictionary attacks by passive attackers. We don't complain as initiator to be compatible with existing (insecure) setups, but require a scary strongswan.conf option if someone wants to use it as responder.
* Enforce uniqueness policy in IKEv1 main and aggressive modesMartin Willi2012-06-082-0/+29
|
* While checking for redundant quick modes, compare traffic selectorsMartin Willi2012-06-081-0/+22
| | | | | If a configuration is instanced more than once using narrowing, we should keep all unique quick modes up during rekeying.
* Initiate quick mode rekeying with narrowed traffic selectorsMartin Willi2012-06-081-1/+18
|
* Use traffic selectors passed to quick mode constructor as initiatorMartin Willi2012-06-081-2/+10
|
* Instead of rekeying, delete a quick mode if we have a fresher instanceMartin Willi2012-06-081-6/+42
| | | | | | | | If both peers initiate quick mode rekeying simultaneously, we end up with duplicate SAs for a configuration. This can't be avoided, nor do the standards provide an appropriate solution. Instead of closing one SA immediately, we keep both. But once rekeying triggers, we don't refresh the SA with the shorter soft lifetime, but delete it.
* Added log message if peer does not accept/provide IPComp proposal.Tobias Brunner2012-05-241-2/+12
|
* Added support to negotiate IPComp during Quick Mode.Tobias Brunner2012-05-241-11/+91
|
* Added support for IKEv1 IPComp proposals in SA payload.Tobias Brunner2012-05-243-6/+6
|
* Fix memleak during Quick Mode in case no SPI can be allocated from kernel.Tobias Brunner2012-05-241-8/+8
|
* Apply IDir before deriving keys as aggressive initiatorMartin Willi2012-05-231-4/+4
|
* Use received identity to look up PSK as aggressive responderMartin Willi2012-05-231-2/+9
|
* Check if we actually have an initiating packet to free while processing ↵Martin Willi2012-05-231-1/+1
| | | | responses
* Switch to alternative peer config in IKEv1 Main and Aggressive Mode.Tobias Brunner2012-05-214-24/+85
|
* Cancel pending retransmits when flushing active task queueMartin Willi2012-05-211-0/+4
|
* Cancel active quick mode task when receiving INFORMATIONAL errorMartin Willi2012-05-211-0/+30
|
* Flush task queues explicitly, not implicitly if task returns ALREADY_DONEMartin Willi2012-05-215-10/+18
|
* Make task managers flush_queue() method publicMartin Willi2012-05-211-11/+25
|
* Remove executable flag from source files.Tobias Brunner2012-05-1811-0/+0
|
* Use separate Doxygen groups for IKEv1 and IKEv2 entities (authenticators, ↵Tobias Brunner2012-05-1818-19/+19
| | | | tasks etc.).
* Use nonce_gen instead of rng to generate noncesAdrian-Ken Rueegsegger2012-05-182-12/+12
| | | | | Replace usage of rng plugin with nonce generator to create nonces in IKE_INIT, CHILD_CREATE and QUICK_MODE tasks and the IKEv1 phase 1 helper.
* Add create_nonce_gen function to keymat interfaceAdrian-Ken Rueegsegger2012-05-181-0/+7
| | | | This function returns a nonce generator object.
* make IKEv1 DPD timeout configurable in charonAndreas Steffen2012-05-171-6/+14
|
* Moved IKEv1 DPD processing to task manager, fix sequence issuesMartin Willi2012-05-153-73/+72
|
* Schedule a DPD timeout job that enforces the IKE message timeout policyMartin Willi2012-05-151-0/+13
|
* Send unanswered follow up R_U_THERE messages with the same DPD seqMartin Willi2012-05-151-1/+7
|
* Do not send IKEv1 DPD retransmit, but create a new INFORMATIONALMartin Willi2012-05-151-11/+0
|
* allow private algorithmsAndreas Steffen2012-05-052-4/+16
|
* vendor ID cosmeticsAndreas Steffen2012-05-051-2/+2
|
* Use name from initialization to access settings in libcharon.Tobias Brunner2012-05-033-6/+7
| | | | Also fixes several whitespace errors.
* Added another bunch of commonly used IKEv1 NATT vendor IDsMartin Willi2012-04-041-1/+19
|
* Store authentication info of a XAUTH round on IKE_SAMartin Willi2012-03-221-0/+16
|
* Reply with received configuration payload identifier in Mode ConfigMartin Willi2012-03-201-0/+8
|
* Implemented handling of UNITY_LOAD_BALANCE as reauthentication.Tobias Brunner2012-03-202-3/+28
|
* Parse IKEv1 Cisco Load Balancing notify (can't act on it yet).Tobias Brunner2012-03-201-2/+19
|
* Compiler warning fixed.Tobias Brunner2012-03-201-2/+6
|
* Use correct enum values to detect three message tasks for retransmissionMartin Willi2012-03-201-2/+2
|
* Use UDP encapsulation even in non-NAT situation if initiator requests itMartin Willi2012-03-201-13/+14
|
* Support inactivity timeout in IKEv1 CHILD_SAsMartin Willi2012-03-201-1/+24
|
* Use a dedicated PRF for HASH/SIG payloads using ECDSA specific hasherMartin Willi2012-03-201-14/+37
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 10:17:35 +0000