charon.plugins.eap-tnc.max_message_count = 10
Maximum number of processed EAP-TNC packets (0 = no limit).
-charon.plugins.eap-tnc.protocol = tnccs-1.1
+charon.plugins.eap-tnc.protocol = tnccs-2.0
IF-TNCCS protocol version to be used (_tnccs-1.1_, _tnccs-2.0_,
_tnccs-dynamic_).
charon.plugins.eap-ttls.phase2_tnc = no
Start phase2 EAP TNC protocol after successful client authentication.
+charon.plugins.eap-ttls.phase2_tnc_method = pt
+ Phase2 EAP TNC transport protocol (_pt_ as IETF standard or legacy _tnc_)
+
charon.plugins.eap-ttls.request_peer_auth = no
Request peer authentication based on a client certificate.
*/
eap_tnc_t public;
+ /**
+ * Inner EAP authentication type
+ */
+ eap_type_t type;
+
/**
* Outer EAP authentication type
*/
private_eap_tnc_t *this, eap_payload_t **out)
{
chunk_t data;
- u_int32_t auth_type;
+ uint32_t auth_type;
/* Determine TNC Client Authentication Type */
switch (this->auth_type)
}
METHOD(eap_method_t, get_type, eap_type_t,
- private_eap_tnc_t *this, u_int32_t *vendor)
+ private_eap_tnc_t *this, uint32_t *vendor)
{
*vendor = 0;
- return EAP_TNC;
+ return this->type;
}
METHOD(eap_method_t, get_msk, status_t,
return FAILED;
}
-METHOD(eap_method_t, get_identifier, u_int8_t,
+METHOD(eap_method_t, get_identifier, uint8_t,
private_eap_tnc_t *this)
{
return this->tls_eap->get_identifier(this->tls_eap);
}
METHOD(eap_method_t, set_identifier, void,
- private_eap_tnc_t *this, u_int8_t identifier)
+ private_eap_tnc_t *this, uint8_t identifier)
{
this->tls_eap->set_identifier(this->tls_eap, identifier);
}
private_eap_tnc_t *this)
{
chunk_t pdp_server;
- u_int16_t pdp_port;
+ uint16_t pdp_port;
tls_t *tls;
pdp_server = this->tnccs->get_pdp_server(this->tnccs, &pdp_port);
* Generic private constructor
*/
static eap_tnc_t *eap_tnc_create(identification_t *server,
- identification_t *peer, bool is_server)
+ identification_t *peer, bool is_server,
+ eap_type_t type)
{
private_eap_tnc_t *this;
int max_msg_count;
char* protocol;
tnccs_t *tnccs;
- tnccs_type_t type;
+ tnccs_type_t tnccs_type;
INIT(this,
.public = {
.set_auth_type = _set_auth_type,
},
},
+ .type = type,
);
max_msg_count = lib->settings->get_int(lib->settings,
"%s.plugins.eap-tnc.max_message_count",
EAP_TNC_MAX_MESSAGE_COUNT, lib->ns);
protocol = lib->settings->get_str(lib->settings,
- "%s.plugins.eap-tnc.protocol", "tnccs-1.1", lib->ns);
+ "%s.plugins.eap-tnc.protocol", "tnccs-2.0", lib->ns);
if (strcaseeq(protocol, "tnccs-2.0"))
{
- type = TNCCS_2_0;
+ tnccs_type = TNCCS_2_0;
}
else if (strcaseeq(protocol, "tnccs-1.1"))
{
- type = TNCCS_1_1;
+ tnccs_type = TNCCS_1_1;
}
else if (strcaseeq(protocol, "tnccs-dynamic") && is_server)
{
- type = TNCCS_DYNAMIC;
+ tnccs_type = TNCCS_DYNAMIC;
}
else
{
free(this);
return NULL;
}
- tnccs = tnc->tnccs->create_instance(tnc->tnccs, type,
- is_server, server, peer, TNC_IFT_EAP_1_1,
+ tnccs = tnc->tnccs->create_instance(tnc->tnccs, tnccs_type,
+ is_server, server, peer,
+ (type == EAP_TNC) ? TNC_IFT_EAP_1_1 : TNC_IFT_EAP_2_0,
is_server ? enforce_recommendation : NULL);
if (!tnccs)
{
return NULL;
}
this->tnccs = tnccs->get_ref(tnccs);
- this->tls_eap = tls_eap_create(EAP_TNC, &tnccs->tls,
+ this->tls_eap = tls_eap_create(type, &tnccs->tls,
EAP_TNC_MAX_MESSAGE_LEN,
max_msg_count, FALSE);
if (!this->tls_eap)
eap_tnc_t *eap_tnc_create_server(identification_t *server,
identification_t *peer)
{
- return eap_tnc_create(server, peer, TRUE);
+ return eap_tnc_create(server, peer, TRUE, EAP_TNC);
}
eap_tnc_t *eap_tnc_create_peer(identification_t *server,
identification_t *peer)
{
- return eap_tnc_create(server, peer, FALSE);
+ return eap_tnc_create(server, peer, FALSE, EAP_TNC);
+}
+
+eap_tnc_t *eap_tnc_pt_create_server(identification_t *server,
+ identification_t *peer)
+{
+ return eap_tnc_create(server, peer, TRUE, EAP_PT_EAP);
+}
+
+eap_tnc_t *eap_tnc_pt_create_peer(identification_t *server,
+ identification_t *peer)
+{
+ return eap_tnc_create(server, peer, FALSE, EAP_PT_EAP);
}
#include <sa/eap/eap_inner_method.h>
/**
- * Implementation of the eap_method_t interface using EAP-TNC.
+ * Implementation of the eap_method_t interface using EAP-TNC or PT-EAP.
*/
struct eap_tnc_t {
* @param peer ID of the EAP client
* @return eap_tnc_t object
*/
-eap_tnc_t *eap_tnc_create_server(identification_t *server, identification_t *peer);
+eap_tnc_t *eap_tnc_create_server(identification_t *server,
+ identification_t *peer);
/**
* Creates the EAP method EAP-TNC acting as peer.
* @param peer ID of the EAP client
* @return eap_tnc_t object
*/
-eap_tnc_t *eap_tnc_create_peer(identification_t *server, identification_t *peer);
+eap_tnc_t *eap_tnc_create_peer(identification_t *server,
+ identification_t *peer);
+
+/**
+ * Creates the EAP method PT-EAP acting as server.
+ *
+ * @param server ID of the EAP server
+ * @param peer ID of the EAP client
+ * @return eap_tnc_t object
+ */
+eap_tnc_t *eap_tnc_pt_create_server(identification_t *server,
+ identification_t *peer);
+
+/**
+ * Creates the EAP method PT-EAP acting as peer.
+ *
+ * @param server ID of the EAP server
+ * @param peer ID of the EAP client
+ * @return eap_tnc_t object
+ */
+eap_tnc_t *eap_tnc_pt_create_peer(identification_t *server,
+ identification_t *peer);
#endif /** EAP_TNC_H_ @}*/
PLUGIN_PROVIDE(EAP_PEER, EAP_TNC),
PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS),
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
+ PLUGIN_CALLBACK(eap_method_register, eap_tnc_pt_create_server),
+ PLUGIN_PROVIDE(EAP_SERVER, EAP_PT_EAP),
+ PLUGIN_DEPENDS(EAP_SERVER, EAP_TTLS),
+ PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
+ PLUGIN_CALLBACK(eap_method_register, eap_tnc_pt_create_peer),
+ PLUGIN_PROVIDE(EAP_PEER, EAP_PT_EAP),
+ PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS),
+ PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
};
*features = f;
return countof(f);
/*
- * Copyright (C) 2010 Andreas Steffen
- * Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010-2014 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
}
/**
- * If configured, start EAP-TNC protocol
+ * If configured, start PT-EAP or legacy EAP-TNC protocol
*/
static status_t start_phase2_tnc(private_eap_ttls_server_t *this,
eap_type_t auth_type)
{
eap_inner_method_t *inner_method;
+ eap_type_t type;
+ char *eap_type_str;
if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings,
"%s.plugins.eap-ttls.phase2_tnc", FALSE, lib->ns))
{
- DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC);
- this->method = charon->eap->create_instance(charon->eap, EAP_TNC,
+ eap_type_str = lib->settings->get_str(lib->settings,
+ "%s.plugins.eap-ttls.phase2_tnc_method", "pt",
+ lib->ns);
+ type = eap_type_from_string(eap_type_str);
+ if (type == 0)
+ {
+ DBG1(DBG_IKE, "unrecognized phase2 EAP TNC method \"%s\"",
+ eap_type_str);
+ return FAILED;
+ }
+ DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, type);
+ this->method = charon->eap->create_instance(charon->eap, type,
0, EAP_SERVER, this->server, this->peer);
if (this->method == NULL)
{
- DBG1(DBG_IKE, "%N method not available", eap_type_names, EAP_TNC);
+ DBG1(DBG_IKE, "%N method not available", eap_type_names, type);
return FAILED;
}
inner_method = (eap_inner_method_t *)this->method;
}
else
{
- DBG1(DBG_IKE, "%N method failed", eap_type_names, EAP_TNC);
+ DBG1(DBG_IKE, "%N method failed", eap_type_names, type);
return FAILED;
}
}
eap_payload_t *in;
eap_code_t code;
eap_type_t type = EAP_NAK, received_type;
- u_int32_t vendor, received_vendor;
+ uint32_t vendor, received_vendor;
status = this->avp->process(this->avp, reader, &data);
switch (status)
chunk_t data;
eap_code_t code;
eap_type_t type;
- u_int32_t vendor;
+ uint32_t vendor;
if (this->method == NULL && this->start_phase2 &&
lib->settings->get_bool(lib->settings,
"EAP_MSTLV");
ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSTLV,
"EAP_TNC");
-ENUM_NEXT(eap_type_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_TNC,
+ENUM_NEXT(eap_type_names, EAP_PT_EAP, EAP_PT_EAP, EAP_TNC,
+ "EAP_PT_EAP");
+ENUM_NEXT(eap_type_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_PT_EAP,
"EAP_EXPANDED",
"EAP_EXPERIMENTAL",
"EAP_RADIUS",
"MSTLV");
ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSTLV,
"TNC");
-ENUM_NEXT(eap_type_short_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_TNC,
+ENUM_NEXT(eap_type_short_names, EAP_PT_EAP, EAP_PT_EAP, EAP_TNC,
+ "PT");
+ENUM_NEXT(eap_type_short_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_PT_EAP,
"EXP",
"XP",
"RAD",
{"peap", EAP_PEAP},
{"mschapv2", EAP_MSCHAPV2},
{"tnc", EAP_TNC},
+ {"pt", EAP_PT_EAP},
{"dynamic", EAP_DYNAMIC},
{"radius", EAP_RADIUS},
};
enumerator_t *enumerator;
eap_vendor_type_t *result = NULL;
eap_type_t type = 0;
- u_int32_t vendor = 0;
+ uint32_t vendor = 0;
char *part, *end;
/* parse EAP method string of the form: [eap-]type[-vendor] */
EAP_MSCHAPV2 = 26,
EAP_MSTLV = 33,
EAP_TNC = 38,
+ EAP_PT_EAP = 54,
EAP_EXPANDED = 254,
EAP_EXPERIMENTAL = 255,
/** not a method, but an implementation providing different methods */
/**
* Current value of EAP identifier
*/
- u_int8_t identifier;
+ uint8_t identifier;
/**
* TLS stack
*/
bool is_server;
+ /**
+ * Supported version of the EAP tunnel protocol
+ */
+ uint8_t supported_version;
+
/**
* If FALSE include the total length of an EAP message
* in the first fragment of fragmented messages only.
EAP_TLS_LENGTH = (1<<7), /* shared with EAP-TTLS/TNC/PEAP */
EAP_TLS_MORE_FRAGS = (1<<6), /* shared with EAP-TTLS/TNC/PEAP */
EAP_TLS_START = (1<<5), /* shared with EAP-TTLS/TNC/PEAP */
- EAP_TTLS_VERSION = (0x07), /* shared with EAP-TNC/PEAP */
+ EAP_TTLS_VERSION = (0x07), /* shared with EAP-TNC/PEAP/PT-EAP */
+ EAP_PT_START = (1<<7) /* PT-EAP only */
} eap_tls_flags_t;
-#define EAP_TTLS_SUPPORTED_VERSION 0
-#define EAP_TNC_SUPPORTED_VERSION 1
-#define EAP_PEAP_SUPPORTED_VERSION 0
+#define EAP_TTLS_SUPPORTED_VERSION 0
+#define EAP_TNC_SUPPORTED_VERSION 1
+#define EAP_PEAP_SUPPORTED_VERSION 0
+#define EAP_PT_EAP_SUPPORTED_VERSION 1
/**
* EAP-TLS/TTLS packet format
*/
typedef struct __attribute__((packed)) {
- u_int8_t code;
- u_int8_t identifier;
- u_int16_t length;
- u_int8_t type;
- u_int8_t flags;
+ uint8_t code;
+ uint8_t identifier;
+ uint16_t length;
+ uint8_t type;
+ uint8_t flags;
} eap_tls_packet_t;
METHOD(tls_eap_t, initiate, status_t,
eap_tls_packet_t pkt = {
.type = this->type,
.code = EAP_REQUEST,
- .flags = EAP_TLS_START,
+ .flags = this->supported_version
};
switch (this->type)
{
+ case EAP_TLS:
case EAP_TTLS:
- pkt.flags |= EAP_TTLS_SUPPORTED_VERSION;
- break;
case EAP_TNC:
- pkt.flags |= EAP_TNC_SUPPORTED_VERSION;
- break;
case EAP_PEAP:
- pkt.flags |= EAP_PEAP_SUPPORTED_VERSION;
+ pkt.flags |= EAP_TLS_START;
+ break;
+ case EAP_PT_EAP:
+ pkt.flags |= EAP_PT_START;
break;
default:
break;
*/
static status_t process_pkt(private_tls_eap_t *this, eap_tls_packet_t *pkt)
{
- u_int16_t pkt_len;
- u_int32_t msg_len;
+ uint8_t version;
+ uint16_t pkt_len;
+ uint32_t msg_len;
size_t msg_len_offset = 0;
+ /* EAP-TLS doesn't have a version field */
+ if (this->type != EAP_TLS)
+ {
+ version = pkt->flags & EAP_TTLS_VERSION;
+ if (version != this->supported_version)
+ {
+ DBG1(DBG_TLS, "received %N packet with unsupported version v%u",
+ eap_type_names, this->type, version);
+ return FAILED;
+ }
+ }
pkt_len = untoh16(&pkt->length);
- if (pkt->flags & EAP_TLS_LENGTH)
+ if (this->type != EAP_PT_EAP && (pkt->flags & EAP_TLS_LENGTH))
{
if (pkt_len < sizeof(eap_tls_packet_t) + sizeof(msg_len))
{
pkt->code = this->is_server ? EAP_REQUEST : EAP_RESPONSE;
pkt->identifier = this->identifier;
pkt->type = this->type;
- pkt->flags = 0;
-
- switch (this->type)
- {
- case EAP_TTLS:
- pkt->flags |= EAP_TTLS_SUPPORTED_VERSION;
- break;
- case EAP_TNC:
- pkt->flags |= EAP_TNC_SUPPORTED_VERSION;
- break;
- case EAP_PEAP:
- pkt->flags |= EAP_PEAP_SUPPORTED_VERSION;
- break;
- default:
- break;
- }
+ pkt->flags = this->supported_version;
if (this->first_fragment)
{
- len = sizeof(buf) - sizeof(eap_tls_packet_t) - sizeof(u_int32_t);
- msg_len_offset = sizeof(u_int32_t);
+ len = sizeof(buf) - sizeof(eap_tls_packet_t) - sizeof(uint32_t);
+ msg_len_offset = sizeof(uint32_t);
}
else
{
}
kind = "packet";
}
- else if (this->type != EAP_TNC)
+ else if (this->type != EAP_TNC && this->type != EAP_PT_EAP)
{
this->first_fragment = TRUE;
kind = "final fragment";
if (pkt->flags & EAP_TLS_LENGTH)
{
htoun32(pkt + 1, reclen);
- len += sizeof(u_int32_t);
+ len += sizeof(uint32_t);
pkt->flags |= EAP_TLS_LENGTH;
}
else
{
/* get rid of the reserved length field */
memmove(buf + sizeof(eap_tls_packet_t),
- buf + sizeof(eap_tls_packet_t) + sizeof(u_int32_t), len);
+ buf + sizeof(eap_tls_packet_t) + sizeof(uint32_t), len);
}
}
len += sizeof(eap_tls_packet_t);
}
DBG3(DBG_TLS, "%N payload %B", eap_type_names, this->type, &in);
- if (pkt->flags & EAP_TLS_START)
+ if ((this->type == EAP_PT_EAP && (pkt->flags & EAP_PT_START)) ||
+ (pkt->flags & EAP_TLS_START))
{
if (this->type == EAP_TTLS || this->type == EAP_TNC ||
- this->type == EAP_PEAP)
+ this->type == EAP_PEAP || this->type == EAP_PT_EAP)
{
DBG1(DBG_TLS, "%N version is v%u", eap_type_names, this->type,
pkt->flags & EAP_TTLS_VERSION);
return this->tls->get_eap_msk(this->tls);
}
-METHOD(tls_eap_t, get_identifier, u_int8_t,
+METHOD(tls_eap_t, get_identifier, uint8_t,
private_tls_eap_t *this)
{
return this->identifier;
}
METHOD(tls_eap_t, set_identifier, void,
- private_tls_eap_t *this, u_int8_t identifier)
+ private_tls_eap_t *this, uint8_t identifier)
{
this->identifier = identifier;
}
},
.type = type,
.is_server = tls->is_server(tls),
- .first_fragment = (type != EAP_TNC),
+ .first_fragment = (type != EAP_TNC && type != EAP_PT_EAP),
.frag_size = frag_size,
.max_msg_count = max_msg_count,
.include_length = include_length,
.tls = tls,
);
+ switch (type)
+ {
+ case EAP_TTLS:
+ this->supported_version = EAP_TTLS_SUPPORTED_VERSION;
+ break;
+ case EAP_TNC:
+ this->supported_version = EAP_TNC_SUPPORTED_VERSION;
+ break;
+ case EAP_PEAP:
+ this->supported_version = EAP_PEAP_SUPPORTED_VERSION;
+ break;
+ case EAP_PT_EAP:
+ this->supported_version = EAP_PT_EAP_SUPPORTED_VERSION;
+ break;
+ default:
+ break;
+ }
+
if (this->is_server)
{
do
*
* @return identifier
*/
- u_int8_t (*get_identifier)(tls_eap_t *this);
+ uint8_t (*get_identifier)(tls_eap_t *this);
/**
* Set the EAP identifier to a deterministic value, overwriting
*
* @param identifier EAP identifier
*/
- void (*set_identifier) (tls_eap_t *this, u_int8_t identifier);
+ void (*set_identifier) (tls_eap_t *this, uint8_t identifier);
/**
* Destroy a tls_eap_t.
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+
multiple_authentication=no
+
+ plugins {
+ eap-tnc {
+ protocol = tnccs-1.1
+ }
+ }
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+
multiple_authentication=no
+
+ plugins {
+ eap-tnc {
+ protocol = tnccs-1.1
+ }
+ }
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
+ phase2_tnc_method = tnc
+ }
+ eap-tnc {
+ protocol = tnccs-1.1
}
}
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+
multiple_authentication=no
+
+ plugins {
+ eap-tnc {
+ protocol = tnccs-1.1
+ }
+ }
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+
multiple_authentication=no
+
+ plugins {
+ eap-tnc {
+ protocol = tnccs-1.1
+ }
+ }
}
libimcv {
charon {
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+
multiple_authentication=no
+
+ plugins {
+ eap-tnc {
+ protocol = tnccs-1.1
+ }
+ }
}
libimcv {
charon {
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+
multiple_authentication=no
+
+ plugins {
+ eap-tnc {
+ protocol = tnccs-1.1
+ }
+ }
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+
multiple_authentication=no
+
+ plugins {
+ eap-tnc {
+ protocol = tnccs-1.1
+ }
+ }
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+
multiple_authentication=no
+
+ plugins {
+ eap-tnc {
+ protocol = tnccs-1.1
+ }
+ }
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+
multiple_authentication=no
+
+ plugins {
+ eap-tnc {
+ protocol = tnccs-1.1
+ }
+ }
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+
multiple_authentication=no
+
+ plugins {
+ eap-tnc {
+ protocol = tnccs-1.1
+ }
+ }
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
+ phase2_tnc_method = tnc
+ }
+ eap-tnc {
+ protocol = tnccs-1.1
}
}
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
tnc-imc {
preferred_language = de, en
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+
multiple_authentication=no
+
plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
tnc-imc {
preferred_language = ru, fr, en
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
}
- eap-tnc {
- protocol = tnccs-2.0
- }
tnc-imv {
recommendation_policy = all
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
tnc-imc {
preferred_language = ru , de, en
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
}
- eap-tnc {
- protocol = tnccs-2.0
- }
}
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
}
- eap-tnc {
- protocol = tnccs-2.0
- }
}
}
charon {
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
libimcv {
charon {
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
tnc-imc {
preferred_language = de
}
charon {
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
}
- eap-tnc {
- protocol = tnccs-2.0
- }
}
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
tnc-imc {
preferred_language = de
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
}
- eap-tnc {
- protocol = tnccs-2.0
- }
}
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
+
plugins {
eap-ttls {
phase2_method = md5
max_message_count = 0
}
eap-tnc {
- protocol = tnccs-2.0
max_message_count = 20
}
tnc-pdp {
max_message_count = 0
}
eap-tnc {
- protocol = tnccs-2.0
max_message_count = 20
}
tnccs-20 {
max_message_count = 0
}
eap-tnc {
- protocol = tnccs-2.0
max_message_count = 20
}
tnccs-20 {
charon {
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
libimcv {
charon {
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
tnc-imc {
preferred_language = de
}
charon {
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
}
- eap-tnc {
- protocol = tnccs-2.0
- }
}
}
charon {
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
libimcv {
charon {
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
+
+ multiple_authentication = no
plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
tnc-imc {
preferred_language = de
}
charon {
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
}
- eap-tnc {
- protocol = tnccs-2.0
- }
}
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
tnc-imc {
preferred_language = ru , de, en
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
}
- eap-tnc {
- protocol = tnccs-2.0
- }
}
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
request_peer_auth = yes
phase2_piggyback = yes
phase2_tnc = yes
}
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
-}
-
-libimcv {
- plugins {
- imv-scanner {
- closed_port_policy = no
- tcp_ports = 80 443
- udp_ports =
- }
}
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
- multiple_authentication=no
- plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
- }
+
+ multiple_authentication = no
}
libimcv {
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
- eap-tnc {
- protocol = tnccs-2.0
- }
tnc-imc {
preferred_language = ru, pl , de
}
charon {
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
- multiple_authentication=no
+
+ multiple_authentication = no
+
plugins {
eap-ttls {
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
}
- eap-tnc {
- protocol = tnccs-2.0
- }
}
}
phase2_method = md5
phase2_piggyback = yes
phase2_tnc = yes
+ phase2_tnc_method = tnc
}
eap-tnc {
protocol = tnccs-dynamic
projects / thirdparty / strongswan.git / commitdiff
