ike_cfg = load_ike_config(this, settings, config);
peer_cfg = peer_cfg_create(config, IKEV2, ike_cfg, CERT_ALWAYS_SEND,
- UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, 0,
+ UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, 0,
NULL, NULL, FALSE, NULL, NULL);
auth = auth_cfg_create();
*/
bool use_mobike;
+ /**
+ * Use aggressive mode?
+ */
+ bool aggressive;
+
/**
* Time before starting rekeying
*/
return this->use_mobike;
}
+METHOD(peer_cfg_t, use_aggressive, bool,
+ private_peer_cfg_t *this)
+{
+ return this->aggressive;
+}
+
METHOD(peer_cfg_t, get_dpd, u_int32_t,
private_peer_cfg_t *this)
{
unique_policy_t unique, u_int32_t keyingtries,
u_int32_t rekey_time, u_int32_t reauth_time,
u_int32_t jitter_time, u_int32_t over_time,
- bool mobike, u_int32_t dpd, host_t *virtual_ip,
- char *pool, bool mediation, peer_cfg_t *mediated_by,
- identification_t *peer_id)
+ bool mobike, bool aggressive, u_int32_t dpd,
+ host_t *virtual_ip, char *pool, bool mediation,
+ peer_cfg_t *mediated_by, identification_t *peer_id)
{
private_peer_cfg_t *this;
.get_reauth_time = _get_reauth_time,
.get_over_time = _get_over_time,
.use_mobike = _use_mobike,
+ .use_aggressive = _use_aggressive,
.get_dpd = _get_dpd,
.get_virtual_ip = _get_virtual_ip,
.get_pool = _get_pool,
.jitter_time = jitter_time,
.over_time = over_time,
.use_mobike = mobike,
+ .aggressive = aggressive,
.dpd = dpd,
.virtual_ip = virtual_ip,
.pool = strdupnull(pool),
*/
bool (*use_mobike) (peer_cfg_t *this);
+ /**
+ * Use/Accept aggressive mode with IKEv1?.
+ *
+ * @return TRUE to use aggressive mode
+ */
+ bool (*use_aggressive)(peer_cfg_t *this);
+
/**
* Get the DPD check interval.
*
* @param jitter_time timerange to randomly subtract from rekey/reauth time
* @param over_time maximum overtime before closing a rekeying/reauth SA
* @param mobike use MOBIKE (RFC4555) if peer supports it
+ * @param aggressive use/accept aggressive mode with IKEv1
* @param dpd DPD check interval, 0 to disable
* @param virtual_ip virtual IP for local host, or NULL
* @param pool pool name to get configuration attributes from, or NULL
unique_policy_t unique, u_int32_t keyingtries,
u_int32_t rekey_time, u_int32_t reauth_time,
u_int32_t jitter_time, u_int32_t over_time,
- bool mobike, u_int32_t dpd, host_t *virtual_ip,
- char *pool, bool mediation, peer_cfg_t *mediated_by,
- identification_t *peer_id);
+ bool mobike, bool aggressive, u_int32_t dpd,
+ host_t *virtual_ip, char *pool, bool mediation,
+ peer_cfg_t *mediated_by, identification_t *peer_id);
#endif /** PEER_CFG_H_ @}*/
UNIQUE_REPLACE, 1, /* keyingtries */
36000, 0, /* rekey 10h, reauth none */
600, 600, /* jitter, over 10min */
- TRUE, 0, /* mobike, DPD */
+ TRUE, FALSE, 0, /* mobike, aggressive, DPD */
host_create_from_string("0.0.0.0", 0) /* virt */,
NULL, FALSE, NULL, NULL); /* pool, mediation */
remote, IKEV2_UDP_PORT);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create("ha", IKEV2, ike_cfg, CERT_NEVER_SEND,
- UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, 30,
+ UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, 30,
NULL, NULL, FALSE, NULL, NULL);
auth_cfg = auth_cfg_create();
CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */
this->ike_rekey, 0, /* rekey, reauth */
0, this->ike_rekey, /* jitter, overtime */
- FALSE, this->dpd_delay, /* mobike, dpddelay */
+ FALSE, FALSE, /* mobike, aggressive mode */
+ this->dpd_delay, /* dpddelay */
this->vip ? this->vip->clone(this->vip) : NULL,
this->pool, FALSE, NULL, NULL);
if (num)
UNIQUE_REPLACE, 1, /* keyingtries */
36000, 0, /* rekey 10h, reauth none */
600, 600, /* jitter, over 10min */
- TRUE, 0, /* mobike, DPD */
+ TRUE, FALSE, 0, /* mobike, aggressive, DPD */
host_create_from_string("0.0.0.0", 0) /* virt */,
NULL, FALSE, NULL, NULL); /* pool, mediation */
CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */
- TRUE, this->dpd, /* mobike, dpddelay */
+ TRUE, FALSE, this->dpd, /* mobike, aggressive, dpddelay */
NULL, NULL, /* vip, pool */
TRUE, NULL, NULL); /* mediation, med by, peer id */
e->destroy(e);
CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */
- TRUE, this->dpd, /* mobike, dpddelay */
+ TRUE, FALSE, this->dpd, /* mobike, aggressive, dpddelay */
NULL, NULL, /* vip, pool */
FALSE, med_cfg, /* mediation, med by */
identification_create_from_encoding(ID_KEY_ID, other));
CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */
- TRUE, this->dpd, /* mobike, dpddelay */
+ TRUE, FALSE, this->dpd, /* mobike, aggr., dpddelay */
NULL, NULL, /* vip, pool */
FALSE, NULL, NULL); /* mediation, med by, peer id */
CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */
- TRUE, this->dpd, /* mobike, dpddelay */
+ TRUE, FALSE, this->dpd, /* mobike, aggr., dpddelay */
NULL, NULL, /* vip, pool */
TRUE, NULL, NULL); /* mediation, med by, peer id */
e->destroy(e);
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
36000, 0, /* rekey 10h, reauth none */
600, 600, /* jitter, over 10min */
- TRUE, 0, /* mobike, DPD */
+ TRUE, FALSE, 0, /* mobike, aggressive, DPD */
virtual ? host_create_from_string("0.0.0.0", 0) : NULL,
NULL, FALSE, NULL, NULL); /* pool, mediation */
auth = auth_cfg_create();
peer_cfg = peer_cfg_create(
name, IKEV2, ike, cert_policy, uniqueid,
keyingtries, rekeytime, reauthtime, jitter, overtime,
- mobike, dpd_delay, vip, pool,
+ mobike, FALSE, dpd_delay, vip, pool,
mediation, mediated_cfg, peer_id);
auth = auth_cfg_create();
auth->add(auth, AUTH_RULE_AUTH_CLASS, auth_method);
msg->add_conn.version, ike_cfg,
msg->add_conn.me.sendcert, unique,
msg->add_conn.rekey.tries, rekey, reauth, jitter, over,
- msg->add_conn.mobike, msg->add_conn.dpd.delay,
+ msg->add_conn.mobike, FALSE, msg->add_conn.dpd.delay,
vip, msg->add_conn.other.sourceip_mask ?
msg->add_conn.name : msg->add_conn.other.sourceip,
msg->add_conn.ikeme.mediation, mediated_by, peer_id);
name, IKEV2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */
1800, 900, /* jitter, overtime */
- TRUE, 60, /* mobike, dpddelay */
+ TRUE, FALSE, 60, /* mobike, aggr., dpddelay */
NULL, NULL, /* vip, pool */
FALSE, NULL, NULL); /* mediation, med by, peer id */
auth = auth_cfg_create();
projects / thirdparty / strongswan.git / commitdiff
