summaryrefslogtreecommitdiff
path: root/sbin/iked/ikev2.c
AgeCommit message (Expand)Author
2021-02-20Fail on invalid address family.tobhe
2021-02-18Save one allocation by passing msg_nonce ownership instead of usingtobhe
2021-02-18Pass ownership instead of duplicating ibuf msg_ke.tobhe
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe
2021-02-11Explicitly unset IKED_REQ_CERTVALID before sending cert to ca process.tobhe
2021-02-10Delay deletion of IKE SAs on rekey when stickyaddress is enabled to maketobhe
2021-02-09Add optional 'group none' transform for child SAs and fix handling oftobhe
2021-02-04Rename 'struct group' to 'struct dh_group' for more clarity andtobhe
2021-02-04Upgrade to OpenSSL 1.1 compatible crypto API. Add additionaltobhe
2021-02-01Take flows into consideration for policy lookup as initiator.tobhe
2021-01-31Ignore addresses that are not 0/32 (dynamic) in ikev2_cp_fixaddr()tobhe
2021-01-31Don't leak flows if ikev2_cp_fixflow() fails.tobhe
2021-01-23Fix typos.tobhe
2021-01-21Handle NO_PROPOSAL_CHOSEN for CREATE_CHILD_SA.tobhe
2021-01-21Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SAtobhe
2021-01-20Make sure to enforce matching dstid as initiator. Use policy lookuptobhe
2021-01-18Sync SA configuration payload to new SA after IKE SA rekeying.tobhe
2020-12-27Fix "any" and "dynamic" keywords for flows and add proper IPv6 support.tobhe
2020-12-21Use policy_test() to reassign existing SAs to updated policies aftertobhe
2020-11-30We need to rekey every child SA (even if acquired): Otherwise we cantobhe
2020-11-29Add 'set stickyaddress' option. If this option is enabled, iked will trytobhe
2020-11-28Add support for multiple address pools. The parser already allowstobhe
2020-11-27Remove redundant state change. ikev2_ikesa_delete() sets the correct state.tobhe
2020-11-25Fix proposal error handling. If a proposal contains an unknown transformtobhe
2020-11-24Fix duplicate sa->sa_cp assignment.tobhe
2020-11-21Clean up NATT hack. Pass 'frompeer' as parameter instead of manipulatingtobhe
2020-11-17Remove redundant indirection via msg_parent. This is only needed intobhe
2020-11-16Reenable ikev2_init_auth() return value check. Make sure sa_stateok()tobhe
2020-11-16Backout ikev2_init_auth() return check to fix regression withtobhe
2020-11-14Make sure not to replace 0.0.0.0 with dynamic address if it is a a networktobhe
2020-11-13addr_net is already checked in ikev2_cp_setaddr() before sessingtobhe
2020-11-12Close SA if ikev2_init_auth() fails.tobhe
2020-11-12Fail if ikev2_init_ike_auth() is entered with invalid state.tobhe
2020-11-07Implement 'from dynamic', which installs flows where 'dynamic' is replacedtobhe
2020-11-06Set correct netmask on patched addresses for debug printing.tobhe
2020-10-30Add missing bits to make 'request addr 0.0.0.0' accept ANY dynamic address.tobhe
2020-10-30Whitespace fixes.tobhe
2020-10-30Fix key payload size. Use size from new SA.tobhe
2020-10-29Add initial support to request IP addresses as IKEv2 initiator.tobhe
2020-10-28Refactor parts of the dh_* API.tobhe
2020-10-24Don't modify sa in ikev2_pld_cp. Store cp_type in msg until message hastobhe
2020-10-22Handle NO_PROPOSAL_CHOSEN for initiator in IKE_SA_INIT exchange.tobhe
2020-10-19Handle NO_PROPOSAL_CHOSEN as IKE_AUTH initiator.tobhe
2020-10-09More unused headers.tobhe
2020-10-09Remove unused "wait.h" includes.tobhe
2020-10-06Always allocate hash_keylength() for buffers passed to hash_final() totobhe
2020-10-05Only handle AUTHENTICATION_FAILED for IKE_AUTH and INFORMATIONAL exchanges.tobhe
2020-10-03React to DELETE notifications only in INFORMATIONAL messagestobhe
2020-10-02Send AUTH_FAILED in ikev2_ike_auth_recv() if the message did not containtobhe
2020-09-24Cleanup logging, print SPIs where it makes sense.tobhe