PAM directly anymore, but can use any XAuth backend to verify credentials,
including xauth-pam.
+- An EAP-Nak payload is returned by clients if the gateway requests an EAP
+ method that the client does not support. Clients can also request a specific
+ EAP method by configuring that method with leftauth.
+
+- The eap-dynamic plugin handles EAP-Nak payloads returned by clients and uses
+ these to select a different EAP method supported/requested by the client.
+ The plugin initially requests the first registered method or the first method
+ configured with charon.plugins.eap-dynamic.preferred.
+
+ - The new left/rightdns options specify connection specific DNS servers to
+ request/respond in IKEv2 configuration payloads or IKEv2 mode config. leftdns
+ can be any (comma separated) combination of %config4 and %config6 to request
+ multiple servers, both for IPv4 and IPv6. rightdns takes a list of DNS server
+ IP addresses to return.
+
+ - The left/rightsourceip options now accept multiple addresses or pools.
+ leftsourceip can be any (comma separated) combination of %config4, %config6
+ or fixed IP addresses to request. rightsourceip accepts multiple explicitly
+ specified or referenced named pools.
+
+ - Multiple connections can now share a single address pool when they use the
+ same definition in one of the rightsourceip pools.
+
- The autotools build has been migrated to use a config.h header. strongSwan
development headers will get installed during "make install" if
--with-dev-headers has been passed to ./configure.
auth = get_auth_cfg(peer_cfg, local);
if (auth)
{
- return auth->get(auth, AUTH_RULE_IDENTITY);
+ id = auth->get(auth, AUTH_RULE_IDENTITY);
+ if (local && (!id || id->get_type(id) == ID_ANY))
+ { /* no ID configured, use local IP address */
+ host_t *me;
+
+ me = this->ike_sa->get_my_host(this->ike_sa);
+ if (!me->is_anyaddr(me))
+ {
+ id = identification_create_from_sockaddr(me->get_sockaddr(me));
+ auth->add(auth, AUTH_RULE_IDENTITY, id);
+ }
+ }
}
- return NULL;
+ return id;
}
+ METHOD(phase1_t, has_virtual_ip, bool,
+ private_phase1_t *this, peer_cfg_t *peer_cfg)
+ {
+ enumerator_t *enumerator;
+ bool found = FALSE;
+ host_t *host;
+
+ enumerator = peer_cfg->create_virtual_ip_enumerator(peer_cfg);
+ found = enumerator->enumerate(enumerator, &host);
+ enumerator->destroy(enumerator);
+
+ return found;
+ }
+
+ METHOD(phase1_t, has_pool, bool,
+ private_phase1_t *this, peer_cfg_t *peer_cfg)
+ {
+ enumerator_t *enumerator;
+ bool found = FALSE;
+ char *pool;
+
+ enumerator = peer_cfg->create_pool_enumerator(peer_cfg);
+ found = enumerator->enumerate(enumerator, &pool);
+ enumerator->destroy(enumerator);
+
+ return found;
+ }
+
METHOD(phase1_t, save_sa_payload, bool,
private_phase1_t *this, message_t *message)
{
projects / thirdparty / strongswan.git / commitdiff
