[NetworkManager-libreswan/fg/fix_conn_import-rh1633174: 2/3] shared: define IKEv1 aggressive ike and esp values
- From: Francesco Giudici <fgiudici src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [NetworkManager-libreswan/fg/fix_conn_import-rh1633174: 2/3] shared: define IKEv1 aggressive ike and esp values
- Date: Fri, 28 Sep 2018 10:11:56 +0000 (UTC)
commit 79fe53b8210d53a7ce580bba57e1b35829aee236
Author: Francesco Giudici <fgiudici redhat com>
Date: Fri Sep 28 10:54:22 2018 +0200
shared: define IKEv1 aggressive ike and esp values
Put default esp and ike values for aggressive mode IKEv1 connections in
a shared define to be used throughout the code.
To the same also for ikelifetime and salifetime for IKEv1 connections.
shared/nm-service-defines.h | 4 ++++
shared/utils.c | 8 ++++----
2 files changed, 8 insertions(+), 4 deletions(-)
---
diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
index 360433c..1abd9ad 100644
--- a/shared/nm-service-defines.h
+++ b/shared/nm-service-defines.h
@@ -73,6 +73,10 @@
#define NM_LIBRESWAN_PW_TYPE_ASK "ask"
#define NM_LIBRESWAN_PW_TYPE_UNUSED "unused"
+#define NM_LIBRESWAN_AGGRMODE_DEFAULT_IKE "aes256-sha1;modp1536"
+#define NM_LIBRESWAN_AGGRMODE_DEFAULT_ESP "aes256-sha1"
+#define NM_LIBRESWAN_IKEV1_DEFAULT_LIFETIME "24h"
+
#ifndef NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE
#define NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV_NONE "_none_"
#endif
diff --git a/shared/utils.c b/shared/utils.c
index 0119221..36af877 100644
--- a/shared/utils.c
+++ b/shared/utils.c
@@ -239,13 +239,13 @@ nm_libreswan_config_write (gint fd,
if (phase1_alg_str && strlen (phase1_alg_str))
WRITE_CHECK (fd, debug_write_fcn, error, " ike=%s", phase1_alg_str);
else if (!is_ikev2 && leftid)
- WRITE_CHECK (fd, debug_write_fcn, error, " ike=aes256-sha1;modp1536");
+ WRITE_CHECK (fd, debug_write_fcn, error, " ike=%s", NM_LIBRESWAN_AGGRMODE_DEFAULT_IKE);
phase2_alg_str = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_ESP);
if (phase2_alg_str && strlen (phase2_alg_str))
WRITE_CHECK (fd, debug_write_fcn, error, " phase2alg=%s", phase2_alg_str);
else if (!is_ikev2 && leftid)
- WRITE_CHECK (fd, debug_write_fcn, error, " phase2alg=aes256-sha1");
+ WRITE_CHECK (fd, debug_write_fcn, error, " phase2alg=%s", NM_LIBRESWAN_AGGRMODE_DEFAULT_ESP);
pfs = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_PFS);
if (pfs && !strcmp (pfs, "no"))
@@ -256,14 +256,14 @@ nm_libreswan_config_write (gint fd,
if (phase1_lifetime_str && strlen (phase1_lifetime_str))
WRITE_CHECK (fd, debug_write_fcn, error, " ikelifetime=%s", phase1_lifetime_str);
else if (!is_ikev2)
- WRITE_CHECK (fd, debug_write_fcn, error, " ikelifetime=24h");
+ WRITE_CHECK (fd, debug_write_fcn, error, " ikelifetime=%s",
NM_LIBRESWAN_IKEV1_DEFAULT_LIFETIME);
phase2_lifetime_str = nm_setting_vpn_get_data_item (s_vpn,
NM_LIBRESWAN_KEY_SALIFETIME);
if (phase2_lifetime_str && strlen (phase2_lifetime_str))
WRITE_CHECK (fd, debug_write_fcn, error, " salifetime=%s", phase2_lifetime_str);
else if (!is_ikev2)
- WRITE_CHECK (fd, debug_write_fcn, error, " salifetime=24h");
+ WRITE_CHECK (fd, debug_write_fcn, error, " salifetime=%s",
NM_LIBRESWAN_IKEV1_DEFAULT_LIFETIME);
rekey = nm_setting_vpn_get_data_item (s_vpn, NM_LIBRESWAN_KEY_REKEY);
if (!rekey || !strlen (rekey)) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
