86
* create an identity, with fallback to %any
88
static identification_t *create_id(char *string)
90
identification_t *id = NULL;
94
id = identification_create_from_string(string);
98
id = identification_create_from_encoding(ID_ANY, chunk_empty);
104
84
* create an traffic selector, fallback to dynamic
106
86
static traffic_selector_t *create_ts(char *string)
187
166
ike_cfg = ike_cfg_create(FALSE, FALSE, local_addr, remote_addr);
188
167
ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE));
189
168
this->peer_cfg = peer_cfg_create(
190
name, 2, ike_cfg, create_id(local_id), create_id(remote_id),
191
CERT_SEND_IF_ASKED, UNIQUE_NO,
169
name, 2, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO,
192
170
1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */
193
171
1800, 900, /* jitter, overtime */
194
172
TRUE, 60, /* mobike, dpddelay */
195
173
NULL, NULL, /* vip, pool */
196
174
FALSE, NULL, NULL); /* mediation, med by, peer id */
197
auth = this->peer_cfg->get_auth(this->peer_cfg);
198
class = AUTH_CLASS_PSK;
199
auth->add_item(auth, AUTHN_AUTH_CLASS, &class);
175
auth = auth_cfg_create();
176
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
177
auth->add(auth, AUTH_RULE_IDENTITY,
178
identification_create_from_string(local_id));
179
this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, TRUE);
181
auth = auth_cfg_create();
182
auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK);
185
auth->add(auth, AUTH_RULE_IDENTITY,
186
identification_create_from_string(remote_id));
188
this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE);
200
189
child_cfg = child_cfg_create(name,
201
190
create_rekey(esp_rekey) + 300, create_rekey(ike_rekey), 300,
202
191
NULL, TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, FALSE);