600, 600, /* jitter, over 10min */
TRUE, FALSE, /* mobike, aggressive */
0, 0, /* DPD delay, timeout */
- host_create_from_string("0.0.0.0", 0) /* virt */,
- NULL, FALSE, NULL, NULL); /* pool, mediation */
+ FALSE, NULL, NULL); /* mediation */
+ peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
- auth = auth_cfg_create();
- auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
- user = identification_create_from_string(this->username);
- auth->add(auth, AUTH_RULE_IDENTITY, user);
- peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+ /* local auth config */
+ if (streq("ikev2-eap", this->type))
+ {
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
+ user = identification_create_from_string(this->username);
+ auth->add(auth, AUTH_RULE_IDENTITY, user);
+
+ this->creds->add_username_password(this->creds, this->username,
+ this->password);
+ memwipe(this->password, strlen(this->password));
+ peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+ }
+ else if (streq("ikev2-cert", this->type))
+ {
+ certificate_t *cert;
+ identification_t *id;
+
+ cert = this->creds->load_user_certificate(this->creds);
+ if (!cert)
+ {
+ peer_cfg->destroy(peer_cfg);
+ charonservice->update_status(charonservice,
+ CHARONSERVICE_GENERIC_ERROR);
+ return JOB_REQUEUE_NONE;
+
+ }
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ auth->add(auth, AUTH_RULE_SUBJECT_CERT, cert);
+ id = cert->get_subject(cert);
+ auth->add(auth, AUTH_RULE_IDENTITY, id->clone(id));
+ peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+ }
+
+ /* remote auth config */
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
gateway = identification_create_from_string(this->gateway);