char *other;
/**
+ * our source port
+ */
+ u_int16_t my_port;
+
+ /**
+ * destination port
+ */
+ u_int16_t other_port;
+
+ /**
* should we send a certificate request?
*/
bool certreq;
return this->other;
}
+METHOD(ike_cfg_t, get_my_port, u_int16_t,
+ private_ike_cfg_t *this)
+{
+ return this->my_port;
+}
+
+METHOD(ike_cfg_t, get_other_port, u_int16_t,
+ private_ike_cfg_t *this)
+{
+ return this->other_port;
+}
+
METHOD(ike_cfg_t, add_proposal, void,
private_ike_cfg_t *this, proposal_t *proposal)
{
* Described in header.
*/
ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
- char *me, char *other)
+ char *me, u_int16_t my_port, char *other, u_int16_t other_port)
{
private_ike_cfg_t *this;
.force_encap = _force_encap_,
.get_my_addr = _get_my_addr,
.get_other_addr = _get_other_addr,
+ .get_my_port = _get_my_port,
+ .get_other_port = _get_other_port,
.add_proposal = _add_proposal,
.get_proposals = _get_proposals,
.select_proposal = _select_proposal,
.force_encap = force_encap,
.me = strdup(me),
.other = strdup(other),
+ .my_port = my_port,
+ .other_port = other_port,
.proposals = linked_list_create(),
);
char* (*get_other_addr) (ike_cfg_t *this);
/**
+ * Get the port to use as our source port.
+ *
+ * @return source address port, host order
+ */
+ u_int16_t (*get_my_port)(ike_cfg_t *this);
+
+ /**
+ * Get the port to use as destination port.
+ *
+ * @return destination address, host order
+ */
+ u_int16_t (*get_other_port)(ike_cfg_t *this);
+
+ /**
* Adds a proposal to the list.
*
* The first added proposal has the highest priority, the last
* @param certreq TRUE to send a certificate request
* @param force_encap enforce UDP encapsulation by faking NATD notify
* @param me address/DNS name of local peer
+ * @param my_port IKE port to use as source, 500 uses IKEv2 port floating
* @param other address/DNS name of remote peer
+ * @param other_port IKE port to use as dest, 500 uses IKEv2 port floating
* @return ike_cfg_t object.
*/
ike_cfg_t *ike_cfg_create(bool certreq, bool force_encap,
- char *me, char *other);
+ char *me, u_int16_t my_port, char *other, u_int16_t other_port);
#endif /** IKE_CFG_H_ @}*/
}
};
- ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", this->remote);
+ ike_cfg = ike_cfg_create(FALSE, FALSE,
+ "0.0.0.0", IKEV2_UDP_PORT, this->remote, IKEV2_UDP_PORT);
ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal));
peer_cfg = peer_cfg_create("load-test", 2, ike_cfg,
CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */
DESTROY_IF(e);
return NULL;
}
- ike_cfg = ike_cfg_create(FALSE, FALSE, "0.0.0.0", address);
+ ike_cfg = ike_cfg_create(FALSE, FALSE,
+ "0.0.0.0", IKEV2_UDP_PORT, address, IKEV2_UDP_PORT);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
med_cfg = peer_cfg_create(
"mediation", 2, ike_cfg,
this->db = db;
this->rekey = lib->settings->get_time(lib->settings, "medcli.rekey", 1200);
this->dpd = lib->settings->get_time(lib->settings, "medcli.dpd", 300);
- this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0");
+ this->ike = ike_cfg_create(FALSE, FALSE,
+ "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT);
this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
schedule_autoinit(this);
this->db = db;
this->rekey = lib->settings->get_time(lib->settings, "medsrv.rekey", 1200);
this->dpd = lib->settings->get_time(lib->settings, "medsrv.dpd", 300);
- this->ike = ike_cfg_create(FALSE, FALSE, "0.0.0.0", "0.0.0.0");
+ this->ike = ike_cfg_create(FALSE, FALSE,
+ "0.0.0.0", IKEV2_UDP_PORT, "0.0.0.0", IKEV2_UDP_PORT);
this->ike->add_proposal(this->ike, proposal_create_default(PROTO_IKE));
return &this->public;
/**
* Set up configurations
*/
- ike_cfg = ike_cfg_create(TRUE, encap, "0.0.0.0", (char*)address);
+ ike_cfg = ike_cfg_create(TRUE, encap,
+ "0.0.0.0", IKEV2_UDP_PORT, (char*)address, IKEV2_UDP_PORT);
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
peer_cfg = peer_cfg_create(priv->name, 2, ike_cfg,
CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */
{
ike_cfg_t *ike_cfg;
- ike_cfg = ike_cfg_create(certreq, force_encap, local, remote);
+ ike_cfg = ike_cfg_create(certreq, force_encap,
+ local, IKEV2_UDP_PORT, remote, IKEV2_UDP_PORT);
/* TODO: read proposal from db */
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
return ike_cfg;
}
ike_cfg = ike_cfg_create(msg->add_conn.other.sendcert != CERT_NEVER_SEND,
msg->add_conn.force_encap,
- msg->add_conn.me.address,
- msg->add_conn.other.address);
+ msg->add_conn.me.address, IKEV2_UDP_PORT,
+ msg->add_conn.other.address, IKEV2_UDP_PORT);
add_proposals(this, msg->add_conn.algorithms.ike, ike_cfg, NULL);
return ike_cfg;
}
if (!end->subnets)
{
- net = host_create_from_string(end->address, IKEV2_UDP_PORT);
+ net = host_create_from_string(end->address, 0);
if (net)
{
ts = traffic_selector_create_from_subnet(net, 0, end->protocol,
intbits = atoi(bits + 1);
}
- net = host_create_from_string(start, IKEV2_UDP_PORT);
+ net = host_create_from_string(start, 0);
if (net)
{
ts = traffic_selector_create_from_subnet(net, intbits,
&ike_proposal, &esp_proposal, &ike_rekey, &esp_rekey))
{
DESTROY_IF(this->peer_cfg);
- ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr);
+ ike_cfg = ike_cfg_create(FALSE, FALSE,
+ local_addr, IKEV2_UDP_PORT, remote_addr, IKEV2_UDP_PORT);
ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
this->peer_cfg = peer_cfg_create(
name, 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
&local_addr, &remote_addr, &ike_proposal))
{
DESTROY_IF(this->ike_cfg);
- this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr);
+ this->ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, IKEV2_UDP_PORT,
+ remote_addr, IKEV2_UDP_PORT);
this->ike_cfg->add_proposal(this->ike_cfg,
create_proposal(ike_proposal, PROTO_IKE));