ike: Add an additional but separate AEAD proposal to IKE config, if supported
[strongswan.git] / src / libcharon / plugins / medcli / medcli_config.c
index 2bff703..c0b39e4 100644 (file)
@@ -102,17 +102,17 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                DESTROY_IF(e);
                return NULL;
        }
-       ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE,
-                                                        "0.0.0.0", FALSE,
+       ike_cfg = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0",
                                                         charon->socket->get_port(charon->socket, FALSE),
-                                                        address, FALSE, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
+                                                        address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
+       ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
        med_cfg = peer_cfg_create(
                "mediation", ike_cfg,
                CERT_NEVER_SEND, UNIQUE_REPLACE,
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
-               TRUE, FALSE,                                    /* mobike, aggressive */
+               TRUE, FALSE, TRUE,                              /* mobike, aggressive, pull */
                this->dpd, 0,                                   /* DPD delay, timeout */
                TRUE, NULL, NULL);                              /* mediation, med by, peer id */
        e->destroy(e);
@@ -149,7 +149,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*,
                CERT_NEVER_SEND, UNIQUE_REPLACE,
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
-               TRUE, FALSE,                                    /* mobike, aggressive */
+               TRUE, FALSE, TRUE,                              /* mobike, aggressive, pull */
                this->dpd, 0,                                   /* DPD delay, timeout */
                FALSE, med_cfg,                                 /* mediation, med by */
                identification_create_from_encoding(ID_KEY_ID, other));
@@ -224,7 +224,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool,
                                CERT_NEVER_SEND, UNIQUE_REPLACE,
                                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
-                               TRUE, FALSE,                                    /* mobike, aggressive */
+                               TRUE, FALSE, TRUE,                              /* mobike, aggressive, pull */
                                this->dpd, 0,                                   /* DPD delay, timeout */
                                FALSE, NULL, NULL);                             /* mediation, med by, peer id */
 
@@ -377,13 +377,13 @@ medcli_config_t *medcli_config_create(database_t *db)
                .db = db,
                .rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200),
                .dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300),
-               .ike = ike_cfg_create(IKEV2, FALSE, FALSE,
-                                                         "0.0.0.0", FALSE,
+               .ike = ike_cfg_create(IKEV2, FALSE, FALSE, "0.0.0.0",
                                                          charon->socket->get_port(charon->socket, FALSE),
-                                                         "0.0.0.0", FALSE, IKEV2_UDP_PORT,
+                                                         "0.0.0.0", IKEV2_UDP_PORT,
                                                          FRAGMENTATION_NO, 0),
        );
        this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
+       this->ike->add_proposal(this->ike, proposal_create_default_aead(PROTO_IKE));
 
        schedule_autoinit(this);