aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* Made IP address enumeration more flexibleTobias Brunner2012-09-215-5/+5
| | | | Also added an option to enumerate addresses on ignored interfaces.
* Drop packets received on ignored interfacesTobias Brunner2012-09-211-2/+12
|
* Make it easy to check if an address is locally usable via changed ↵Tobias Brunner2012-09-212-18/+9
| | | | get_interface() method
* Don't ignore loopback devices and allow addresses on them being enumeratedTobias Brunner2012-09-215-7/+7
|
* Make sure we propose a dynamic TS if we don't have hosts to derive a TS fromTobias Brunner2012-09-211-10/+8
| | | | 7ee37114 removed this behavior.
* As Unity responder, don't change the proposed TS at all, racoon doesn't like ↵Martin Willi2012-09-182-7/+8
| | | | that
* Don't complain about multiple TS in IKEv1, as it supported with UnityMartin Willi2012-09-181-5/+0
|
* As initiator, narrow received Unity attributes to configured TSMartin Willi2012-09-181-4/+11
|
* When using Unity, bump up remote TS as initiator to 0.0.0.0/0, tooMartin Willi2012-09-181-5/+8
|
* Enable Cisco Unity only if Unity vendor id receivedMartin Willi2012-09-183-2/+5
|
* Exchange 0.0.0.0/0 traffic selectors with Unity, narrowing after exchangeMartin Willi2012-09-181-22/+87
|
* Add a Unity attribute provider that adds Split-Includes for TSMartin Willi2012-09-184-1/+232
|
* Check if subset calculation actually yields a TS in Unity narrowingMartin Willi2012-09-181-1/+5
|
* Request Unity configuration attributes for IKEv1 onlyMartin Willi2012-09-181-0/+6
|
* Add Cisco Unity client support for Split-Include and Local-LANMartin Willi2012-09-188-0/+781
|
* Derive a dynamic TS to multiple virtual IPsMartin Willi2012-09-188-118/+160
|
* Use the vararg list constructor in quick mode taskMartin Willi2012-09-181-16/+8
|
* Make stroke user-creds work with XAuth configsTobias Brunner2012-09-181-9/+18
|
* Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>Tobias Brunner2012-09-181-0/+10
|
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-181-1/+2
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* Removed the unneeded socket-raw pluginTobias Brunner2012-09-147-885/+0
|
* Change traffic selectors during Quick Mode in case of a NAT in transport modeTobias Brunner2012-09-141-9/+19
| | | | | | | | | Windows 7 sends its internal address as TSi. While we don't support the NAT-T drafts as used by Windows XP it is interesting to note that the client there omits the TSi payload which then would automatically get set to the public IP address of the client. Fixes #220.
* Added possibility to register custom proposal keywordsTobias Brunner2012-09-131-2/+2
| | | | Keyword lookup and registration are handled via the new lib->proposal object.
* Removed len argument from proposal_get_token()Tobias Brunner2012-09-131-24/+23
| | | | Also use enumerators instead of lexparser.h to parse proposal strings.
* Option added to enforce a configured destination address for DHCP packetsTobias Brunner2012-09-131-1/+9
|
* Ensure traffic selectors are dynamic before calling set_address() when ↵Tobias Brunner2012-09-121-2/+2
| | | | deriving them
* Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is emptyMartin Willi2012-09-111-29/+14
|
* Don't use host address for dynamic TS in IKEv1 if a virtual IP was expectedMartin Willi2012-09-111-40/+57
|
* Don't use host address for dynamic TS in IKEv2 if a virtual IP was expectedMartin Willi2012-09-111-1/+33
|
* Send FAILED_CP_REQUIRED if a configuration payload was expected, but not ↵Martin Willi2012-09-111-0/+9
| | | | received
* Check for an existing lease in all stroke pools before creating a new oneMartin Willi2012-09-111-7/+31
|
* Pass full pool list to release_addressMartin Willi2012-09-115-29/+64
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-116-58/+69
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add a responder narrow() hook to change TS in the kernel, but not on the wireMartin Willi2012-09-113-3/+48
|
* Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radiusMartin Willi2012-09-111-2/+10
|
* Fix leak while enumerating RADIUS Framed-IPs from IKE_SAMartin Willi2012-09-111-0/+1
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-104-5/+11
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Print the name of mem pools instead of the confusing <base>/<size>Tobias Brunner2012-09-101-2/+4
|
* introduced sending of standard IETF Assessment Result PA-TNC attribute by IMVsAndreas Steffen2012-09-093-21/+29
|
* Only initiate an exchange from send_dpd() if a task was actually queuedTobias Brunner2012-09-071-2/+8
| | | | | Otherwise, the initiator would prematurely initiate Quick Mode if it has DPD enabled and XAuth is used.
* Trigger ike_updown event caused by retransmits only after reestablish() has ↵Tobias Brunner2012-09-063-10/+5
| | | | | | | | been called This allows listeners to migrate to the new IKE_SA with the ike_reestablish event without having to worry about an ike_updown event for the old IKE_SA.
* Add ike_reestablish() event that is triggered when an IKE_SA is reestablishedTobias Brunner2012-09-064-0/+49
| | | | | This is particularly useful during reauthentication to get the new IKE_SA.
* Add a new condition to mark IKE_SAs that are currently being reauthenticatedTobias Brunner2012-09-062-9/+9
|
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-055-1/+43
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* In mode_config, destroy temporary pool list instead of the virtual IP list twiceMartin Willi2012-09-051-1/+1
|
* Merge branch 'multi-vip'Martin Willi2012-08-3146-450/+1735
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * DHCP plugin returns virtual IPs for IPv4 requests onlyMartin Willi2012-08-301-2/+2
| |
| * Check address family in HA virtual IP backendMartin Willi2012-08-301-0/+6
| |
| * Handle comma separated pools as multiple pool names in SQL pluginMartin Willi2012-08-301-1/+9
| |
| * Request and acquire multiple virtual IPs in IKEv1 Mode ConfigMartin Willi2012-08-301-47/+61
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 22:39:48 +0000