{
enumerator_t *e;
peer_cfg_t *peer_cfg, *med_cfg;
+ auth_cfg_t *auth;
ike_cfg_t *ike_cfg;
child_cfg_t *child_cfg;
chunk_t me, other;
ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
med_cfg = peer_cfg_create(
"mediation", 2, ike_cfg,
- identification_create_from_encoding(ID_KEY_ID, me),
- identification_create_from_encoding(ID_KEY_ID, other),
CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */
TRUE, NULL, NULL); /* mediation, med by, peer id */
e->destroy(e);
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ auth->add(auth, AUTH_RULE_IDENTITY,
+ identification_create_from_encoding(ID_KEY_ID, me));
+ med_cfg->add_auth_cfg(med_cfg, auth, TRUE);
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ auth->add(auth, AUTH_RULE_IDENTITY,
+ identification_create_from_encoding(ID_KEY_ID, other));
+ med_cfg->add_auth_cfg(med_cfg, auth, FALSE);
+
/* query mediated config:
* - use any-any ike_cfg
* - build peer_cfg on-the-fly using med_cfg
}
peer_cfg = peer_cfg_create(
name, 2, this->ike->get_ref(this->ike),
- identification_create_from_encoding(ID_KEY_ID, me),
- identification_create_from_encoding(ID_KEY_ID, other),
CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */
FALSE, med_cfg, /* mediation, med by */
identification_create_from_encoding(ID_KEY_ID, other));
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ auth->add(auth, AUTH_RULE_IDENTITY,
+ identification_create_from_encoding(ID_KEY_ID, me));
+ peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ auth->add(auth, AUTH_RULE_IDENTITY,
+ identification_create_from_encoding(ID_KEY_ID, other));
+ peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
+
child_cfg = child_cfg_create(name, this->rekey*60 + this->rekey,
this->rekey*60, this->rekey, NULL, TRUE,
MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);
char *name, *local_net, *remote_net;
chunk_t me, other;
child_cfg_t *child_cfg;
-
+ auth_cfg_t *auth;
+
DESTROY_IF(this->current);
if (!this->inner->enumerate(this->inner, &name, &me, &other,
&local_net, &remote_net))
}
this->current = peer_cfg_create(
name, 2, this->ike->get_ref(this->ike),
- identification_create_from_encoding(ID_KEY_ID, me),
- identification_create_from_encoding(ID_KEY_ID, other),
CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */
TRUE, this->dpd, /* mobike, dpddelay */
NULL, NULL, /* vip, pool */
FALSE, NULL, NULL); /* mediation, med by, peer id */
+
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ auth->add(auth, AUTH_RULE_IDENTITY,
+ identification_create_from_encoding(ID_KEY_ID, me));
+ this->current->add_auth_cfg(this->current, auth, TRUE);
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ auth->add(auth, AUTH_RULE_IDENTITY,
+ identification_create_from_encoding(ID_KEY_ID, other));
+ this->current->add_auth_cfg(this->current, auth, FALSE);
+
child_cfg = child_cfg_create(
name, this->rekey*60 + this->rekey,
this->rekey*60, this->rekey, NULL, TRUE,
if (e)
{
peer_cfg_t *peer_cfg;
+ auth_cfg_t *auth;
char *name;
if (e->enumerate(e, &name))
{
peer_cfg = peer_cfg_create(
name, 2, this->ike->get_ref(this->ike),
- me->clone(me), other->clone(other),
CERT_NEVER_SEND, UNIQUE_REPLACE,
1, this->rekey*60, 0, /* keytries, rekey, reauth */
this->rekey*5, this->rekey*3, /* jitter, overtime */
NULL, NULL, /* vip, pool */
TRUE, NULL, NULL); /* mediation, med by, peer id */
e->destroy(e);
+
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ auth->add(auth, AUTH_RULE_IDENTITY, me->clone(me));
+ peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+ auth = auth_cfg_create();
+ auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ auth->add(auth, AUTH_RULE_IDENTITY, other->clone(other));
+ peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE);
+
return enumerator_create_single(peer_cfg, (void*)peer_cfg->destroy);
}
e->destroy(e);