diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2016-07-16 15:19:53 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2016-07-16 15:19:53 +0200 |
| commit | bf372706c469764d59e9f29c39e3ecbebd72b8d2 (patch) | |
| tree | 0f0e296e2d50e4a7faf99ae6fa428d2681e81ea1 /src/charon-cmd/cmd | |
| parent | 518dd33c94e041db0444c7d1f33da363bb8e3faf (diff) | |
| download | vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.tar.gz vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.zip | |
Imported Upstream version 5.5.0
Diffstat (limited to 'src/charon-cmd/cmd')
| -rw-r--r-- | src/charon-cmd/cmd/cmd_connection.c | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c index 0c6a504e9..71df92f7e 100644 --- a/src/charon-cmd/cmd/cmd_connection.c +++ b/src/charon-cmd/cmd/cmd_connection.c @@ -142,10 +142,18 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) { ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; - u_int16_t local_port, remote_port = IKEV2_UDP_PORT; + uint16_t local_port, remote_port = IKEV2_UDP_PORT; ike_version_t version = IKE_ANY; - bool aggressive = FALSE; proposal_t *proposal; + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = 36000, /* 10h */ + .jitter_time = 600, /* 10min */ + .over_time = 600, /* 10min */ + .dpd = 30, + }; switch (this->profile) { @@ -159,7 +167,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) case PROF_V1_XAUTH_AM: case PROF_V1_XAUTH_PSK_AM: case PROF_V1_HYBRID_AM: - aggressive = TRUE; + peer.aggressive = TRUE; /* FALL */ case PROF_V1_PUB: case PROF_V1_XAUTH: @@ -189,13 +197,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); } - peer_cfg = peer_cfg_create("cmd", ike_cfg, - CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ - 36000, 0, /* rekey 10h, reauth none */ - 600, 600, /* jitter, over 10min */ - TRUE, aggressive, TRUE, /* mobike, aggressive, pull */ - 30, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation */ + peer_cfg = peer_cfg_create("cmd", ike_cfg, &peer); return peer_cfg; } @@ -335,18 +337,18 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this, traffic_selector_t *ts; proposal_t *proposal; bool has_v4 = FALSE, has_v6 = FALSE; - lifetime_cfg_t lifetime = { - .time = { - .life = 10800 /* 3h */, - .rekey = 10200 /* 2h50min */, - .jitter = 300 /* 5min */ - } + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = 10800 /* 3h */, + .rekey = 10200 /* 2h50min */, + .jitter = 300 /* 5min */ + } + }, + .mode = MODE_TUNNEL, }; - child_cfg = child_cfg_create("cmd", &lifetime, - NULL, FALSE, MODE_TUNNEL, /* updown, hostaccess */ - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create("cmd", &child); if (this->child_proposals->get_count(this->child_proposals)) { while (this->child_proposals->remove_first(this->child_proposals, |