From 21a4fc832ea64a6abb194a14ee64ff42ca214a44 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 15 Dec 2011 13:12:42 +0100
Subject: Pass ipsec.conf xauth_identity option via stroke to charon
 configurations

---
 src/starter/starterstroke.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/starter/starterstroke.c')

diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index e399b1c04..628d63214 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -220,6 +220,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	msg.add_conn.eap_vendor = conn->eap_vendor;
 	msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
 	msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity);
+	msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity);
 
 	if (conn->policy & POLICY_TUNNEL)
 	{
-- 
cgit v1.2.3


From d94c923648a506f9abae431592ef4bfd6609a030 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Sat, 17 Dec 2011 12:48:14 +0100
Subject: Support an "any" IKE version for both IKEv1 or IKEv2

---
 src/starter/starterstroke.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/starter/starterstroke.c')

diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 628d63214..c4d9fa2e9 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -196,7 +196,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	memset(&msg, 0, sizeof(msg));
 	msg.type = STR_ADD_CONN;
 	msg.length = offsetof(stroke_msg_t, buffer);
-	msg.add_conn.ikev2 = conn->keyexchange != KEY_EXCHANGE_IKEV1;
+	msg.add_conn.version = conn->keyexchange;
 	msg.add_conn.name = push_string(&msg, connection_name(conn));
 
 	/* PUBKEY is preferred to PSK and EAP */
-- 
cgit v1.2.3


From e129168ba6299c8d2384381f4c06b99ded548030 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Mon, 9 Jan 2012 17:44:43 +0100
Subject: Added a "aggressive" ipsec.conf connection option

---
 src/starter/starterstroke.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/starter/starterstroke.c')

diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index c4d9fa2e9..9fbfffc83 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -265,6 +265,7 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	msg.add_conn.force_encap = (conn->policy & POLICY_FORCE_ENCAP) != 0;
 	msg.add_conn.ipcomp = (conn->policy & POLICY_COMPRESS) != 0;
 	msg.add_conn.install_policy = conn->install_policy;
+	msg.add_conn.aggressive = conn->aggressive;
 	msg.add_conn.crl_policy = cfg->setup.strictcrlpolicy;
 	msg.add_conn.unique = cfg->setup.uniqueids;
 	msg.add_conn.algorithms.ike = push_string(&msg, conn->ike);
-- 
cgit v1.2.3


From c791def8c13ccb587ec9e37570f9a957af6a515e Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 20 Jan 2012 15:33:26 +0100
Subject: Added support for authby/xauth_server legacy options

---
 src/starter/starterstroke.c | 59 ++++++++++++++++++++++++++++++---------------
 1 file changed, 39 insertions(+), 20 deletions(-)

(limited to 'src/starter/starterstroke.c')

diff --git a/src/starter/starterstroke.c b/src/starter/starterstroke.c
index 9fbfffc83..c527ae0b4 100644
--- a/src/starter/starterstroke.c
+++ b/src/starter/starterstroke.c
@@ -198,26 +198,6 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	msg.length = offsetof(stroke_msg_t, buffer);
 	msg.add_conn.version = conn->keyexchange;
 	msg.add_conn.name = push_string(&msg, connection_name(conn));
-
-	/* PUBKEY is preferred to PSK and EAP */
-	if (conn->policy & POLICY_PUBKEY)
-	{
-		msg.add_conn.auth_method = AUTH_CLASS_PUBKEY;
-	}
-	else if (conn->policy & POLICY_PSK)
-	{
-		msg.add_conn.auth_method = AUTH_CLASS_PSK;
-	}
-	else if (conn->policy & POLICY_XAUTH_PSK)
-	{
-		msg.add_conn.auth_method = AUTH_CLASS_EAP;
-	}
-	else
-	{
-		msg.add_conn.auth_method = AUTH_CLASS_ANY;
-	}
-	msg.add_conn.eap_type = conn->eap_type;
-	msg.add_conn.eap_vendor = conn->eap_vendor;
 	msg.add_conn.eap_identity = push_string(&msg, conn->eap_identity);
 	msg.add_conn.aaa_identity = push_string(&msg, conn->aaa_identity);
 	msg.add_conn.xauth_identity = push_string(&msg, conn->xauth_identity);
@@ -287,6 +267,45 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
 	starter_stroke_add_end(&msg, &msg.add_conn.me, &conn->left);
 	starter_stroke_add_end(&msg, &msg.add_conn.other, &conn->right);
 
+	if (!msg.add_conn.me.auth && !msg.add_conn.other.auth)
+	{	/* leftauth/rightauth not set, use legacy options */
+		if (conn->policy & POLICY_PUBKEY)
+		{
+			msg.add_conn.me.auth = push_string(&msg, "pubkey");
+			msg.add_conn.other.auth = push_string(&msg, "pubkey");
+		}
+		else if (conn->policy & POLICY_PSK)
+		{
+			msg.add_conn.me.auth = push_string(&msg, "psk");
+			msg.add_conn.other.auth = push_string(&msg, "psk");
+		}
+		else if (conn->policy & POLICY_XAUTH_RSASIG)
+		{
+			msg.add_conn.me.auth = push_string(&msg, "pubkey");
+			msg.add_conn.other.auth = push_string(&msg, "pubkey");
+			if (conn->policy & POLICY_XAUTH_SERVER)
+			{
+				msg.add_conn.other.auth2 = push_string(&msg, "xauth");
+			}
+			else
+			{
+				msg.add_conn.me.auth2 = push_string(&msg, "xauth");
+			}
+		}
+		else if (conn->policy & POLICY_XAUTH_PSK)
+		{
+			msg.add_conn.me.auth = push_string(&msg, "psk");
+			msg.add_conn.other.auth = push_string(&msg, "psk");
+			if (conn->policy & POLICY_XAUTH_SERVER)
+			{
+				msg.add_conn.other.auth2 = push_string(&msg, "xauth");
+			}
+			else
+			{
+				msg.add_conn.me.auth2 = push_string(&msg, "xauth");
+			}
+		}
+	}
 	return send_stroke_msg(&msg);
 }
 
-- 
cgit v1.2.3