Prioritize incoming certificate requests by the order of CERTEQ payloads
in the received message.

ok patrick@

Handle TEMPORARY_FAILURE notification on IKESA rekeying.
If we rekey both the IKESA and an CHILDSA in a small time
window a strongswan peer might reposend with a TEMPORARY_FAILURE
notification.
In th

Handle TEMPORARY_FAILURE notification on IKESA rekeying.
If we rekey both the IKESA and an CHILDSA in a small time
window a strongswan peer might reposend with a TEMPORARY_FAILURE
notification.
In this case we retry the rekey of the IKESA after a short
timeout and queue PFKEY expire messages (by returning -1 in
ikev2_rekey_sa()), so the CHILDSA rekeying gets delayed.

ok markus@

show more ...

Make CERT and CERTREQ payloads optional for public key authentication.

When using certificate authentication the CERT payload is mandatory and as the
name suggests is used to send a certificate cont

Make CERT and CERTREQ payloads optional for public key authentication.

When using certificate authentication the CERT payload is mandatory and as the
name suggests is used to send a certificate containing a public key used for
the authentication signature.
For pubkey authentication the key is preshared and stored locally, but only
the 'ca' process can read the local keys. The 'ikev2' process had to get the
key from the received CERT payload to verify the authentication signature.
The peer ID + raw key was then forwarded to the 'ca' process which
compared the key against the contents of /etc/iked/pubkey and returned either
CERTVALID or CERTINVALID.

With this change a message containing only the ID may be sent from 'ikev2' to
the 'ca' process if CERT was not included. In this case the CA process will
try to find a local key matching the ID and return it to the 'ikev2' process.
The auth verification happens after the 'ca' process has verified or found a
key and returned it to the 'ikev2' process, eliminating the need for
the CERT payload.

Making CERTREQ optional is easier because we already have a fallback case if
the CERTREQ can not be fulfilled. If no CERTREQ was received we now use this
same fallback.

This should fix public key authentication interoperability with *swan and
other IKEv2 implementations.

ok and tested by kn@
ok patrick@

show more ...

Pass sockaddr instead of sockaddr_storage to sa_address.

ok patrick@

Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.
They can be configured with the new ikesa enc options aes-128-gcm,
aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.

Tested with Strongswan by

Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.
They can be configured with the new ikesa enc options aes-128-gcm,
aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.

Tested with Strongswan by Stephan Mendling and myself
Tested with Juniper SRX by remi@
ok sthen@, patrick@

show more ...

Stricter return value checking for EVP_Cipher* calls.

ok patrick@

Remove dead 'iked_flow' member 'flow_type'.

Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buf
does the same thing.

ok patrick@

Add support for switching rdomain on IPsec encryption/decryption.
It can be configured per policy with the new 'rdomain' option
(see iked.conf(5)).
Only the unencrypted (inner) rdomain has to be conf

Add support for switching rdomain on IPsec encryption/decryption.
It can be configured per policy with the new 'rdomain' option
(see iked.conf(5)).
Only the unencrypted (inner) rdomain has to be configured, the
encrypted rdomain is always the one the responsible iked instance
is running in.

The configured rdomain must exist before iked activates the IPsec SAs,
otherwise pfkey will return an error.

ok markus@, patrick@

show more ...

Remove unused 'dsa_cert' variable.

ok markus@

Try to send a DELETE message if the SA is reset with 'ikectl reset id'.
This way the peer can delete its SAs and eventually reestablish the
connection without having to wait for a timeout.

ok markus@

If we haven't received any IKE message from our partner for some
time, make sure to send a DPD packet to him so that we break up
the connection faster if it's dead.

ok patrick@

Only make the type part of the idstring lowercase when looking for certs in
'/etc/iked', otherwise certs with SubjAltNames containing uppercase
letters are not found.

ok markus@

Simplify socket creation logic. Normally iked needs two sockets, one
for normal operation (UDP port 500) and one for NAT traversal (UDP 4500).
There are several command line options resulting in only

Simplify socket creation logic. Normally iked needs two sockets, one
for normal operation (UDP port 500) and one for NAT traversal (UDP 4500).
There are several command line options resulting in only one of the sockets
being created (-T, -t and -p). Add a new 'enum natt_mode' to make the
logic for those somewhat less complicated as well as some comments where
it makes sense.

From Wataru Ashihara <wataash (at) wataash (dot) com>
ok patrick@

show more ...

Prevent multiple ibuf leaks. Clean up on proccess shutdown.

ok markus@

Store USE_TRANSPORTMODE in iked_message until the full message was parsed
and set the corresponding iked_sa field in ikev2_handle_notifies() like it
is done for other NOTIFY payloads.

ok markus@

Properly handle multiple CERTREQ payloads in CA process. Only for the
last CERTREQ a mismatch should trigger the fallback case, otherwise the
following CERTREQs are ignored.

ok markus@

Log summary of certificates in cert store when iked fails to find a
certificate for the policy's 'srcid'.

ok markus@

Add ikev2_print_static_id() to print static IDs in log_debug() output.

ok markus@

Relookup policy based on received cryptographic parameter proposal.
The IKEv2 responder does not know which policy is negotiated until
the ID payload is received in the IKE_AUTH exchange.
iked theref

Relookup policy based on received cryptographic parameter proposal.
The IKEv2 responder does not know which policy is negotiated until
the ID payload is received in the IKE_AUTH exchange.
iked therefore chooses a default policy until the final policy is
selected. This change adds a policy relookup during the IKE_SA_INIT.
If the received proposal is not compatible with the default policy
we switch to the next highest ranked policy that is compatible
with the received proposal.

ok kn@ markus@

show more ...

When the proposals are first matched the responder does
not yet know the initiators ID and thus does not know which
policy applies. The policy is later updated based on the
received ID payload. Mak

When the proposals are first matched the responder does
not yet know the initiators ID and thus does not know which
policy applies. The policy is later updated based on the
received ID payload. Make sure the policy looked up during
IKE_AUTH is compatible with the negotiated proposal.

ok kn@

show more ...

Add transport mode for child SAs. This is useful for GRE over IPsec and
similar settings to prevent double encapsulation.

ok kn@

Constify "buf" argument in print_hex and print_hexval.

ok patrick@

Add '-p' command line option which allows to configure
the UDP encapsulation port, similar to isakmpd's '-N' flag.
Being able to change the UDP encapsulation port is useful in cases
where ESP and UDP

Add '-p' command line option which allows to configure
the UDP encapsulation port, similar to isakmpd's '-N' flag.
Being able to change the UDP encapsulation port is useful in cases
where ESP and UDP ports 500 and 4500 are blocked or rate limited.

ok sthen@

show more ...

Remove IPsec flow blocking unencrypted IPv6 traffic which was
meant to prevent VPN leakage but repeatedly broke people's
setups. The -6 flag which used to disable the blocking flow is
now ignored and

Remove IPsec flow blocking unencrypted IPv6 traffic which was
meant to prevent VPN leakage but repeatedly broke people's
setups. The -6 flag which used to disable the blocking flow is
now ignored and prints a deprecation warning.

ok kn@ bluhm@ phessler@

show more ...