- IKEv2: Support for reauthentication when rekeying
+- IKEv2: Support for transport and (experimental!) BEET mode
+
- fixed most (all?) bugs related to byte order
-- a lot of bugfixes
+- a lot of other bugfixes
strongswan-4.0.5
#define POLICY_XAUTH_RSASIG LELEM(19) /* do we support XAUTH????RSA? */
#define POLICY_XAUTH_SERVER LELEM(20) /* are we an XAUTH server? */
#define POLICY_DONT_REAUTH LELEM(21) /* don't reauthenticate on rekeying, IKEv2 only */
+#define POLICY_BEET LELEM(22) /* bound end2end tunnel, IKEv2 */
/* Any IPsec policy? If not, a connection description
* is only for ISAKMP SA, not IPSEC SA. (A pun, I admit.)
conn->policy &= ~(POLICY_TUNNEL | POLICY_SHUNT_MASK);
if (streq(kw->value, "tunnel"))
conn->policy |= POLICY_TUNNEL;
+ else if (streq(kw->value, "beet"))
+ conn->policy |= POLICY_BEET;
else if (streq(kw->value, "passthrough") || streq(kw->value, "pass"))
conn->policy |= POLICY_SHUNT_PASS;
else if (streq(kw->value, "drop"))
msg.add_conn.name = push_string(&msg, connection_name(conn));
msg.add_conn.auth_method = (conn->policy & POLICY_PSK)?
SHARED_KEY_MESSAGE_INTEGRITY_CODE : RSA_DIGITAL_SIGNATURE;
- msg.add_conn.mode = (conn->policy & POLICY_TUNNEL) ? 1 : 0;
+ if (conn->policy & POLICY_TUNNEL)
+ {
+ msg.add_conn.mode = 1; /* XFRM_MODE_TRANSPORT */
+ }
+ else if (conn->policy & POLICY_BEET)
+ {
+ msg.add_conn.mode = 4; /* XFRM_MODE_BEET */
+ }
+ else
+ {
+ msg.add_conn.mode = 0; /* XFRM_MODE_TUNNEL */
+ }
if (conn->policy & POLICY_DONT_REKEY)
{