git.ipfire.org Git - thirdparty/strongswan.git/commit

author	Tobias Brunner <tobias@strongswan.org>
	Tue, 2 Jun 2015 12:48:31 +0000 (14:48 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Thu, 6 Aug 2015 12:57:26 +0000 (14:57 +0200)
commit	186d25cbe68e2ca8ea1e5d17017d627c4adf4101
tree	f916d1a0cbf43245318a32a78d9854cbcc864abb	tree \| snapshot
parent	626b2e85f05a7cd07a9602b3264cb8f0761bb2bf	commit \| diff

eap-radius: Change trigger for Accounting Start messages for IKEv1

Some clients won't do Mode Config or XAuth during reauthentication.
Because Start messages previously were triggered by TRANSACTION exchanges
none were sent for new SAs of such clients, while Stop messages were still
sent for the old SAs when they were destroyed. This resulted in an
incorrect state on the RADIUS server.

Since 31be582399 the assign_vips() event is also triggered during
reauthentication if the client does not do a Mode Config exchange.
So instead of waiting for a TRANSACTION exchange we trigger the Start
message when a virtual IP is assigned to a client.

With this the charon.plugins.eap-radius.accounting_requires_vip option
would not have any effect for IKEv1 anymore. However, it previously also
only worked if the client did an XAuth exchange, which is probably
rarely used without virtual IPs, so this might not be much of a
regression.

Fixes #937.

conf/plugins/eap-radius.opt		diff \| blob \| blame \| history
src/libcharon/plugins/eap_radius/eap_radius_accounting.c		diff \| blob \| blame \| history