aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/sa
Commit message (Collapse)AuthorAgeFilesLines
...
| * Store inbound IKE fragments and reassemble the message when all fragments ↵Tobias Brunner2012-12-241-3/+166
| | | | | | | | are received
* | Streamline debug output when receiving intermediate CA certificates in IKEv1Martin Willi2013-01-111-1/+1
| |
* | Refactored IKEv2 cert/certreq payload processing to multiple functionsMartin Willi2013-01-111-112/+141
| |
* | Refactored IKEv1 cert payload processing to multiple functionsMartin Willi2013-01-111-73/+102
| |
* | IKEv1 support for PKCS#7 wrapped certificatesVolker Rümelin2013-01-111-0/+70
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-111-1/+1
|/
* Add parantheses to avoid compiler warningMartin Willi2012-12-241-1/+1
|
* Fixed some typos, courtesy of codespellTobias Brunner2012-12-203-3/+3
|
* Raise an alert if IKE SA is keptAdrian-Ken Rueegsegger2012-12-201-0/+1
| | | | | This alert is raised when the establishment of a child SA fails but the IKE SA is kept.
* Add support for draft-ietf-ipsec-nat-t-ike-03 and earlierVolker Rümelin2012-12-196-36/+211
| | | | | This adds support for early versions of the draft that eventually resulted in RFC 3947.
* Raise an alert if allocating virtual IPs failsMartin Willi2012-12-191-0/+2
|
* Raise an alert if kernel policy installation failsMartin Willi2012-12-191-0/+2
|
* Raise an alert if kernel SA installation failsMartin Willi2012-12-191-0/+2
|
* Raise an alert on traffic selector mismatchMartin Willi2012-12-191-0/+2
|
* Raise alerts when enforcing IKE_SA unique policyMartin Willi2012-12-192-0/+2
|
* Raise an alert if CHILD_SA proposals mismatchMartin Willi2012-12-191-0/+2
|
* Raise an alert if IKE proposals mismatchMartin Willi2012-12-191-0/+5
|
* Raise an alert of generating local authentication data failsMartin Willi2012-12-191-6/+10
|
* Fix traffic selectors also as initiator in case of transport mode over NATTobias Brunner2012-12-131-1/+1
|
* Fix debug output if responder selected invalid traffic selectors during QMTobias Brunner2012-12-131-2/+2
|
* Inherit virtual IP and attributes from old to new, not from new to oldMartin Willi2012-12-101-5/+5
|
* Fix GPL license header to properly "sed" itMartin Willi2012-11-301-1/+1
|
* Don't wait while removing external IPs used for load testingMartin Willi2012-11-292-3/+4
|
* Install virtual IPs via interface name, and use an interface lookup where ↵Martin Willi2012-11-292-7/+25
| | | | required
* Add an optional kernel-interface parameter to install IPs with a custom prefixMartin Willi2012-11-292-6/+6
|
* Add alerts for sent/received message retransmissions and timeoutMartin Willi2012-11-292-0/+8
|
* Add an ikesa_limit option to limit number of IKE_SAs as responderMartin Willi2012-11-161-19/+39
|
* Log sent vendor IDs for IKEv1Tobias Brunner2012-11-021-0/+1
|
* Fixed log message when no shared secret is found during IKEv1 Main ModeTobias Brunner2012-10-291-1/+1
|
* Remove all ESP proposals with non-matching DH group during Quick ModeTobias Brunner2012-10-241-10/+22
| | | | | | According to RFC 2409, section 5.5, if PFS is used all proposals MUST include the selected DH group, so we remove proposals without the proposed group and remove other DH groups from the remaining proposals.
* Moved data structures to new collections subfolderTobias Brunner2012-10-2412-12/+12
|
* Moved packet_t and tun_device_t to networking folderTobias Brunner2012-10-242-2/+2
|
* Raise a bus alert when IKE message body parsing failsMartin Willi2012-10-242-0/+4
|
* Raise a bus alert when a received message contains unknown SPIsMartin Willi2012-10-241-0/+4
|
* Respect IKE version while selecting an ike_cfg as responderMartin Willi2012-10-242-2/+4
|
* Update routed connections in trap managerTobias Brunner2012-10-181-37/+39
| | | | | | Before this change, modified configs that have been updated with ipsec reload, could properly be started manually, but the old config would get used if triggered via trap policies.
* Added a new alert that is raised if peer does not respond to initial IKE messageTobias Brunner2012-10-161-0/+2
|
* Ensure UNSUPPORTED_CRITICAL_PAYLOAD notify contains correct payload typeTobias Brunner2012-09-281-0/+1
|
* Missed one in 6c10ceceTobias Brunner2012-09-281-0/+2
|
* Request is never NULL when responding with an INFORMATIONAL messageTobias Brunner2012-09-281-1/+1
|
* Completed state handling in isakmp_cert_preTobias Brunner2012-09-281-0/+4
| | | | Should not be a problem, but makes static analyzers happy.
* IKE_AUTH_LIFETIME task is not defined if IKEv2 is disabledTobias Brunner2012-09-251-1/+4
| | | | Fixes #229.
* Made IP address enumeration more flexibleTobias Brunner2012-09-213-3/+3
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-213-3/+3
|
* Don't complain about multiple TS in IKEv1, as it supported with UnityMartin Willi2012-09-181-5/+0
|
* Derive a dynamic TS to multiple virtual IPsMartin Willi2012-09-184-70/+105
|
* Use the vararg list constructor in quick mode taskMartin Willi2012-09-181-16/+8
|
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-181-1/+2
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* Change traffic selectors during Quick Mode in case of a NAT in transport modeTobias Brunner2012-09-141-9/+19
| | | | | | | | | Windows 7 sends its internal address as TSi. While we don't support the NAT-T drafts as used by Windows XP it is interesting to note that the client there omits the TSi payload which then would automatically get set to the public IP address of the client. Fixes #220.
* Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is emptyMartin Willi2012-09-111-29/+14
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 14:43:14 +0000