ipsec_manager.cc - Issue 6713058: vpn-manager: Fix l2tp/ipsec connections to Windows RRAS server

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: ipsec_manager.cc

Issue 6713058: vpn-manager: Fix l2tp/ipsec connections to Windows RRAS server (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vpn-manager.git@master

Patch Set: Add comment, fix wording. Created 9 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: ipsec_manager.cc

diff --git a/ipsec_manager.cc b/ipsec_manager.cc

index eb57044e68ac0348591a049aeba6e6ae6896504e..287d62b3a5f67edccc105b1f694a2b08080eaff8 100644

--- a/ipsec_manager.cc

+++ b/ipsec_manager.cc

@@ -22,11 +22,16 @@

#include "gflags/gflags.h"

#pragma GCC diagnostic ignored "-Wstrict-aliasing"

+// Windows RRAS requires modp1024 dh-group. Strongswan's

+// default is modp1536 which it does not support.

+DEFINE_string(ike, "3des-sha1-modp1024", "ike proposals");

DEFINE_int32(ipsec_timeout, 10, "timeout for ipsec to be established");

DEFINE_string(leftprotoport, "17/1701", "client protocol/port");

+DEFINE_bool(nat_traversal, true, "Enable NAT-T nat traversal");

DEFINE_bool(pfs, false, "pfs");

DEFINE_bool(rekey, false, "rekey");

DEFINE_string(rightprotoport, "17/1701", "server protocol/port");

+DEFINE_string(type, "transport", "IPsec type (transport or tunnel)");

#pragma GCC diagnostic error "-Wstrict-aliasing"

const char kIpsecConnectionName[] = "ipsec_managed";

@@ -260,7 +265,9 @@ std::string IpsecManager::FormatStarterConfigFile() {

} else {

AppendBoolSetting(&config, "plutostart", false);

}

+ AppendBoolSetting(&config, "nat_traversal", FLAGS_nat_traversal);

config.append("conn managed\n");

+ AppendStringSetting(&config, "ike", FLAGS_ike);

AppendStringSetting(&config, "keyexchange",

ike_version_ == 1 ? "ikev1" : "ikev2");

if (!psk_file_.empty()) AppendStringSetting(&config, "authby", "psk");

@@ -271,6 +278,7 @@ std::string IpsecManager::FormatStarterConfigFile() {

AppendStringSetting(&config, "leftupdown", IPSEC_UPDOWN);

AppendStringSetting(&config, "right", remote_address_);

AppendStringSetting(&config, "rightprotoport", FLAGS_rightprotoport);

+ AppendStringSetting(&config, "type", FLAGS_type);

AppendStringSetting(&config, "auto", "start");

return config;

}

« no previous file with comments | « no previous file | ipsec_manager_test.cc » ('j') | no next file with comments »