aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
* Don't use host address for dynamic TS in IKEv1 if a virtual IP was expectedMartin Willi2012-09-111-40/+57
|
* Don't use host address for dynamic TS in IKEv2 if a virtual IP was expectedMartin Willi2012-09-111-1/+33
|
* Send FAILED_CP_REQUIRED if a configuration payload was expected, but not ↵Martin Willi2012-09-111-0/+9
| | | | received
* Check for an existing lease in all stroke pools before creating a new oneMartin Willi2012-09-111-7/+31
|
* Pass full pool list to release_addressMartin Willi2012-09-115-29/+64
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-116-58/+69
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add a responder narrow() hook to change TS in the kernel, but not on the wireMartin Willi2012-09-113-3/+48
|
* Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radiusMartin Willi2012-09-111-2/+10
|
* Fix leak while enumerating RADIUS Framed-IPs from IKE_SAMartin Willi2012-09-111-0/+1
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-104-5/+11
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Print the name of mem pools instead of the confusing <base>/<size>Tobias Brunner2012-09-101-2/+4
|
* introduced sending of standard IETF Assessment Result PA-TNC attribute by IMVsAndreas Steffen2012-09-093-21/+29
|
* Only initiate an exchange from send_dpd() if a task was actually queuedTobias Brunner2012-09-071-2/+8
| | | | | Otherwise, the initiator would prematurely initiate Quick Mode if it has DPD enabled and XAuth is used.
* Trigger ike_updown event caused by retransmits only after reestablish() has ↵Tobias Brunner2012-09-063-10/+5
| | | | | | | | been called This allows listeners to migrate to the new IKE_SA with the ike_reestablish event without having to worry about an ike_updown event for the old IKE_SA.
* Add ike_reestablish() event that is triggered when an IKE_SA is reestablishedTobias Brunner2012-09-064-0/+49
| | | | | This is particularly useful during reauthentication to get the new IKE_SA.
* Add a new condition to mark IKE_SAs that are currently being reauthenticatedTobias Brunner2012-09-062-9/+9
|
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-055-1/+43
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* In mode_config, destroy temporary pool list instead of the virtual IP list twiceMartin Willi2012-09-051-1/+1
|
* Merge branch 'multi-vip'Martin Willi2012-08-3146-450/+1735
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * DHCP plugin returns virtual IPs for IPv4 requests onlyMartin Willi2012-08-301-2/+2
| |
| * Check address family in HA virtual IP backendMartin Willi2012-08-301-0/+6
| |
| * Handle comma separated pools as multiple pool names in SQL pluginMartin Willi2012-08-301-1/+9
| |
| * Request and acquire multiple virtual IPs in IKEv1 Mode ConfigMartin Willi2012-08-301-47/+61
| |
| * Request and acquire multiple virtual IPs in IKEv2 configuration payloadMartin Willi2012-08-301-49/+67
| |
| * Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-304-7/+21
| |
| * Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-306-32/+89
| |
| * Support multiple addresses/pools in left/rightsourceipMartin Willi2012-08-305-100/+189
| |
| * Support multiple address pools configured on a peer_cfgMartin Willi2012-08-3020-46/+144
| |
| * Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-3031-254/+420
| |
| * Add a DNS attribute handler to updown, passing servers to updown scriptMartin Willi2012-08-216-4/+377
| |
| * Add a stroke attribute_handler requesting DNS servers given with leftdnsMartin Willi2012-08-214-0/+307
| |
| * Serve ipsec.conf rightdns servers through stroke attribute providerMartin Willi2012-08-211-10/+143
| |
| * Add a left/rightdns keyword to configure connection specific DNS attributesMartin Willi2012-08-211-0/+2
| |
* | Merge branch 'eap-client-select'Tobias Brunner2012-08-3114-69/+858
|\ \ | | | | | | | | | | | | | | | This brings support for EAP-Nak payloads on the client (to select a specific or supported method), and the server (via the eap-dynamic plugin which selects a method supported/requested by the client).
| * | Log the proper type for virtual EAP methodsTobias Brunner2012-08-311-1/+5
| | |
| * | Added an option to prefer types sent by peer in eap-dynamic pluginTobias Brunner2012-08-311-14/+42
| | |
| * | eap-dynamic plugin handles EAP-Nak messages and selects a method supported ↵Tobias Brunner2012-08-311-1/+72
| | | | | | | | | | | | by the peer
| * | Preferred EAP methods for eap-dynamic can be configuredTobias Brunner2012-08-311-1/+59
| | |
| * | The eap-dynamic plugin uses the first supported method as defaultTobias Brunner2012-08-311-1/+91
| | |
| * | Added eap-dynamic plugin which can proxy any other EAP methodTobias Brunner2012-08-316-0/+326
| | |
| * | Use eap_vendor_type_from_string() in strokeTobias Brunner2012-08-311-38/+7
| | |
| * | Added method to enumerate EAP types contained in an EAP-NakTobias Brunner2012-08-312-11/+79
| | |
| * | Encode EAP-Naks in expanded format if we got an expanded type requestTobias Brunner2012-08-315-6/+19
| | | | | | | | | | | | | | | Since methods defined by the IETF (vendor ID 0) could also be encoded in expanded type format the previous check was insufficient.
| * | Allow clients to request a configured EAP method via EAP-NakTobias Brunner2012-08-315-8/+37
| | |
| * | Virtual EAP methods handle EAP-Naks themselvesTobias Brunner2012-08-311-5/+17
| | |
| * | Send EAP-Nak with supported types if requested type is unsupportedTobias Brunner2012-08-315-12/+81
| | |
| * | Filter invalid EAP authentication types when enumerating themTobias Brunner2012-08-312-1/+10
| | | | | | | | | | | | Valid authentication types defined by the IETF are 4-253 and 255.
| * | Added a method to enumerate registered EAP methodsTobias Brunner2012-08-212-0/+43
| |/
* | Log configured IKE_SA proposals as initiatorTobias Brunner2012-08-241-0/+2
| |
* | Log configured CHILD_SA proposals as initiatorTobias Brunner2012-08-241-0/+2
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 08:25:13 +0000