| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
message
|
| |
|
|
|
|
| |
configurable
Fixes #1128.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
are handled delayed
If we haven't received the third QM message for multiple exchanges the
return value of NEED_MORE for passive tasks that are not responsible for
a specific exchange would trigger a fourth empty QM message.
Fixes: 4de361d92c54 ("ikev1: Fix handling of overlapping Quick Mode exchanges")
References #1076.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases the third message of a Quick Mode exchange might arrive
after the first message of a subsequent Quick Mode exchange. Previously
these messages were handled incorrectly and the second Quick Mode
exchange failed.
Some implementations might even try to establish multiple Quick Modes
simultaneously, which is explicitly allowed in RFC 2409. We don't fully
support that, though, in particular in case of retransmits.
Fixes #1076.
|
| |
|
|
|
|
|
|
|
| |
If multiple certificates use the same subjects we might choose the wrong
one otherwise. This way we use the one referenced with leftcert and
stored in the auth-cfg and we actually do the same thing later in the
pubkey authenticator.
Fixes #1077.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This is needed to handle DELETEs properly, which was previously done via
CHILD_REKEYING, which we don't use anymore since 5c6a62ceb6 as it prevents
reauthentication.
|
| |
|
|
| |
Fixes Quick Mode negotiation when PFS is in use.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
While such a change is not unproblematic, keeping status_t makes the API
inconsistent once we introduce return values for the public value operations.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenBSD's isakmpd uses the latest ISAKMP SA to delete other expired SAs.
This caused strongSwan to delete e.g. a rekeyed SA even though isakmpd
meant to delete the old one.
What isakmpd does might not be standard compliant. As RFC 2408 puts
it:
Deletion which is concerned with an ISAKMP SA will contain a
Protocol-Id of ISAKMP and the SPIs are the initiator and responder
cookies from the ISAKMP Header.
This could either be interpreted as "copy the SPIs from the ISAKMP
header of the current message to the DELETE payload" (which is what
strongSwan assumed, and the direction IKEv2 took it, by not sending SPIs
for IKE), or as clarification that ISAKMP "cookies" are actually the
SPIs meant to be put in the payload (but that any ISAKMP SA may be
deleted).
|
| |
|
|
|
|
|
|
|
|
|
| |
Some clients like iOS/Mac OS X don't do a mode config exchange on the
new SA during re-authentication. If we don't adopt the previous virtual
IP Quick Mode rekeying will later fail.
If a client does do Mode Config we directly reassign the VIPs we migrated
from the old SA, without querying the attributes framework.
Fixes #807, #810.
|
| |
|
|
|
| |
Since we keep them around until they finally expire they otherwise would block
IKE_SA rekeying/reauthentication.
|
| |
|
|
|
|
|
| |
The payload we sent before is not compliant with RFC 2407 and thus some
peers might abort negotiation (e.g. with an INVALID-PROTOCOL-ID error).
Fixes #819.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
As we now use the same reqid for multiple CHILD_SAs with the same selectors,
having marks based on the reqid makes not that much sense anymore. Instead we
use unique marks that use a custom identifier. This identifier is reused during
rekeying, keeping the marks constant for any rule relying on it (for example
installed by updown).
This also simplifies handling of reqid allocation, as we do not have to query
the marks that is not yet assigned for an unknown reqid.
|
| |
|
|
|
|
|
|
|
| |
We currently send the notify in Main Mode only, as it is explicitly not allowed
by RFC 2407 to send (unprotected) notifications in Aggressive Mode. To make
that work, we'd need to handle that notify in Aggressive Mode, which could
allow a MitM to inject such notifies and do some harm.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| |
|
|
|
|
|
|
| |
I still think ipsec/l2tp with fragmentation support is a useful
fallback option in case the Windows IKEv2 connection fails because
of fragmentation problems.
Tested with Windows XP, 7 and 8.1.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The message() hook on bus_t is now called exactly once before (plain) and
once after fragmenting (!plain), not twice for the complete message and again
for each individual fragment, as was the case in earlier iterations.
For inbound messages the hook is called once for each fragment (!plain)
and twice for the reassembled message.
|
| | |
|
| | |
|
| |
|
|
|
| |
The re-authentication is now handled within the original IKE_SA if it has not
yet been established, so we don't want to destroy it.
|
| |
|
|
|
|
|
|
| |
At the time we reset an IKE_SA (e.g. when re-authenticating a not yet
established SA due to a roaming event) such tasks might already be queued
by one of the phase 1 tasks. If the SA is initiated again another task will
get queued by the phase 1 task. This results in e.g. multiple mode config
requests, which most gateways will have problems with.
|
| | |
|
| |
|
|
| |
References #557.
|
| | |
|
| |
|
|
|
|
|
|
| |
When an initiator starts reauthentication on a connection that uses push
mode to assign a virtual IP, we can't execute the Mode Config before releasing
the virtual IP. Otherwise we would request a new and different lease, which
the client probably can't handle. Defer Mode Config execution, so the same IP
gets first released then reassigned during reauthentication.
|
| |
|
|
|
|
|
|
|
|
| |
If a peer immediately sends DELETE messages when completing Quick Mode rekeying,
the third Quick Mode message and the DELETE are sent simultaneously. This
implies that DELETE messages may arrive before the completing third Quick Mode
message.
Handle this case by ignoring the DELETE INFORMATIONAL in Quick Mode and let
the delete task handle it.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Similar to assign_vips() used by a peer assigning virtual IPs to the other peer,
the handle_vips() hook gets invoked on a peers after receiving attributes. On
release of the same attributes the hook gets invoked again.
This is useful to inspect handled attributes, as the ike_updown() hook is
invoked after authentication, when attributes have not been handled yet.
|
| | |
|
| | |
|
| |
|
|
|
| |
The old identifiers did not use a proper namespace and often clashed with
other defines.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The encoded ID payload gets destroyed by the authenticator, which caused
a segmentation fault after the switch.
Fixes #501.
|
| |
|
|
|
|
|
|
|
|
| |
This patch exports the task manager's flush to allow flushing of all
queues with one function call from ike_sa->destroy. It allows the
access of intact children during task destructoin (see git-commit
e44ebdcf) and allows the access of the task manager in
child_state_change hook.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
|
| |
|
|
| |
Fixes CVE-2013-6076.
|
| | |
|
| | |
|
| | |
|
