search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Handle IPv6 nameservers (in $INTERNAL_IP4_DNS variable)
[vpnc.git] / isakmp.h
blob45418e611be0a2501d0bce798b71de0833287dbc
1 /* ISAKMP constants.
2 Copyright (C) 2002 Geoffrey Keating
3
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17
18 $Id$
19 */
20
21 #ifndef __ISAKMP_H__
22 #define __ISAKMP_H__
23
24 /* Flag bits for header. */
25 #define ISAKMP_FLAG_E 0x1
26 #define ISAKMP_FLAG_C 0x2
27 #define ISAKMP_FLAG_A 0x4
28
29 /* Payload types */
30 enum isakmp_payload_enum {
31 ISAKMP_PAYLOAD_NONE = 0, /* RFC 2408 */
32 ISAKMP_PAYLOAD_SA, /* RFC 2408, Security Association */
33 ISAKMP_PAYLOAD_P, /* RFC 2408, Proposal */
34 ISAKMP_PAYLOAD_T, /* RFC 2408, Transform */
35 ISAKMP_PAYLOAD_KE, /* RFC 2408, Key Exchange */
36 ISAKMP_PAYLOAD_ID, /* RFC 2408, Identification */
37 ISAKMP_PAYLOAD_CERT, /* RFC 2408, Certificate */
38 ISAKMP_PAYLOAD_CR, /* RFC 2408, Certificate Request */
39 ISAKMP_PAYLOAD_HASH, /* RFC 2408, Hash */
40 ISAKMP_PAYLOAD_SIG, /* RFC 2408, Signature */
41 ISAKMP_PAYLOAD_NONCE, /* RFC 2408, Nonce */
42 ISAKMP_PAYLOAD_N, /* RFC 2408, Notification */
43 ISAKMP_PAYLOAD_D, /* RFC 2408, Delete */
44 ISAKMP_PAYLOAD_VID, /* RFC 2408, Vendor ID */
45 ISAKMP_PAYLOAD_MODECFG_ATTR,
46 ISAKMP_PAYLOAD_SAK, /* RFC 3547, SA KEK */
47 ISAKMP_PAYLOAD_SAT, /* RFC 3547, SA TEK */
48 ISAKMP_PAYLOAD_KD, /* RFC 3547, Key Download */
49 ISAKMP_PAYLOAD_SEQNO, /* RFC 3547, Sequence number */
50 ISAKMP_PAYLOAD_POP, /* RFC 3547, Proof of Possession */
51 ISAKMP_PAYLOAD_NAT_D, /* RFC 3947, NAT Discovery */
52 ISAKMP_PAYLOAD_NAT_OA, /* RFC 3947, NAT Original Address */
53 ISAKMP_PAYLOAD_NAT_D_OLD = 0x82,
54 ISAKMP_PAYLOAD_FRAG = 0x84
55 };
56
57 /* Exchange types. */
58 enum isakmp_exchange_enum {
59 ISAKMP_EXCHANGE_NONE = 0,
60 ISAKMP_EXCHANGE_BASE,
61 ISAKMP_EXCHANGE_IDENTITY,
62 ISAKMP_EXCHANGE_AUTH_ONLY,
63 ISAKMP_EXCHANGE_AGGRESSIVE,
64 ISAKMP_EXCHANGE_INFORMATIONAL,
65 ISAKMP_EXCHANGE_MODECFG_TRANSACTION,
66 ISAKMP_EXCHANGE_IKE_QUICK = 32,
67 ISAKMP_EXCHANGE_IKE_NEW_GROUP
68 };
69
70 /* DOI types. */
71 enum isakmp_doi_enum {
72 ISAKMP_DOI_GENERIC = 0,
73 ISAKMP_DOI_IPSEC
74 };
75
76 /* Notify message types (error: 1-16383; status: 16384-65535). */
77 enum isakmp_notify_enum {
78 ISAKMP_N_INVALID_PAYLOAD_TYPE = 1,
79 ISAKMP_N_DOI_NOT_SUPPORTED,
80 ISAKMP_N_SITUATION_NOT_SUPPORTED,
81 ISAKMP_N_INVALID_COOKIE,
82 ISAKMP_N_INVALID_MAJOR_VERSION,
83 ISAKMP_N_INVALID_MINOR_VERSION,
84 ISAKMP_N_INVALID_EXCHANGE_TYPE,
85 ISAKMP_N_INVALID_FLAGS,
86 ISAKMP_N_INVALID_MESSAGE_ID,
87 ISAKMP_N_INVALID_PROTOCOL_ID,
88 ISAKMP_N_INVALID_SPI,
89 ISAKMP_N_INVALID_TRANSFORM_ID,
90 ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED,
91 ISAKMP_N_NO_PROPOSAL_CHOSEN,
92 ISAKMP_N_BAD_PROPOSAL_SYNTAX,
93 ISAKMP_N_PAYLOAD_MALFORMED,
94 ISAKMP_N_INVALID_KEY_INFORMATION,
95 ISAKMP_N_INVALID_ID_INFORMATION,
96 ISAKMP_N_INVALID_CERT_ENCODING,
97 ISAKMP_N_INVALID_CERTIFICATE,
98 ISAKMP_N_CERT_TYPE_UNSUPPORTED,
99 ISAKMP_N_INVALID_CERT_AUTHORITY,
100 ISAKMP_N_INVALID_HASH_INFORMATION,
101 ISAKMP_N_AUTHENTICATION_FAILED,
102 ISAKMP_N_INVALID_SIGNATURE,
103 ISAKMP_N_ADDRESS_NOTIFICATION,
104 ISAKMP_N_NOTIFY_SA_LIFETIME,
105 ISAKMP_N_CERTIFICATE_UNAVAILABLE,
106 ISAKMP_N_UNSUPPORTED_EXCHANGE_TYPE,
107 ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS,
108 ISAKMP_N_CONNECTED = 16384,
109 ISAKMP_N_IPSEC_RESPONDER_LIFETIME = 24576,
110 ISAKMP_N_IPSEC_REPLAY_STATUS,
111 ISAKMP_N_IPSEC_INITIAL_CONTACT,
112 ISAKMP_N_CISCO_HELLO = 30000,
113 ISAKMP_N_CISCO_WWTEBR,
114 ISAKMP_N_CISCO_SHUT_UP,
115 ISAKMP_N_IOS_KEEP_ALIVE_REQ = 32768,
116 ISAKMP_N_IOS_KEEP_ALIVE_ACK,
117 ISAKMP_N_R_U_THERE = 36136,
118 ISAKMP_N_R_U_THERE_ACK,
119 ISAKMP_N_CISCO_LOAD_BALANCE = 40501,
120 ISAKMP_N_CISCO_PRESHARED_KEY_HASH = 40503
121 };
122
123 /* Delete with reason values */
124 /* Note: The values are random, i.e. we don't know them yet */
125 enum dwr_ike_delete {
126 IKE_DELETE_SERVER_SHUTDOWN = 0, /* Peer has been shut down */
127 IKE_DELETE_SERVER_REBOOT, /* Peer has been rebooted. */
128 IKE_DELETE_MAX_CONNECT_TIME, /* Maximum configured connection time exceeded. */
129 IKE_DELETE_BY_USER_COMMAND, /* Manually disconnected by administrator. */
130 IKE_DELETE_BY_ERROR, /* Connectivity to Client lost. */
131 IKE_DELETE_NO_ERROR, /* Unknown error. */
132 IKE_DELETE_IDLE_TIMEOUT, /* Maximum idle time for session exceeded. */
133 IKE_DELETE_P2_PROPOSAL_MISMATCH, /* Policy negotiation failed */
134 IKE_DELETE_FIREWALL_MISMATCH, /* Firewall policy mismatch. */
135 IKE_DELETE_CERT_EXPIRED, /* Certificates used with this connection entry have expired. */
136 IKE_DELETE_BY_EXPIRED_LIFETIME, /* Maximum configured lifetime exceeded. */
137 DEL_REASON_RESET_SADB /* (found in vpnclient log file) */
138 };
139
140 /* Certificate types. */
141 enum isakmp_certificate_enum {
142 ISAKMP_CERT_NONE = 0,
143 ISAKMP_CERT_PKCS7_X509,
144 ISAKMP_CERT_PGP,
145 ISAKMP_CERT_DNS_SIG_KEY,
146 ISAKMP_CERT_X509_SIG,
147 ISAKMP_CERT_X509_KEX_EXCHANGE,
148 ISAKMP_CERT_KERBEROS_TOKENS,
149 ISAKMP_CERT_CRL,
150 ISAKMP_CERT_ARL,
151 ISAKMP_CERT_SPKI,
152 ISAKMP_CERT_X509_ATTRIBUTE
153 };
154
155 /* IKE attribute types. */
156 enum ike_attr_enum {
157 IKE_ATTRIB_ENC = 1,
158 IKE_ATTRIB_HASH,
159 IKE_ATTRIB_AUTH_METHOD,
160 IKE_ATTRIB_GROUP_DESC,
161 IKE_ATTRIB_GROUP_TYPE,
162 IKE_ATTRIB_GROUP_PRIME,
163 IKE_ATTRIB_GROUP_GEN_1,
164 IKE_ATTRIB_GROUP_GEN_2,
165 IKE_ATTRIB_GROUP_CURVE_A,
166 IKE_ATTRIB_GROUP_CURVE_B,
167 IKE_ATTRIB_LIFE_TYPE,
168 IKE_ATTRIB_LIFE_DURATION,
169 IKE_ATTRIB_PRF,
170 IKE_ATTRIB_KEY_LENGTH,
171 IKE_ATTRIB_FIELD_SIZE,
172 IKE_ATTRIB_GROUP_ORDER,
173 IKE_ATTRIB_BLOCK_SIZE,
174 IKE_ATTRIB_NORTEL_UNKNOWN = 32767
175 };
176
177 /* IKE encryption algorithm IDs. */
178 enum ike_enc_enum {
179 IKE_ENC_NO_CBC = 0,
180 IKE_ENC_DES_CBC,
181 IKE_ENC_IDEA_CBC,
182 IKE_ENC_BLOWFISH_CBC,
183 IKE_ENC_RC5_R16_B16_CBC,
184 IKE_ENC_3DES_CBC,
185 IKE_ENC_CAST_CBC,
186 IKE_ENC_AES_CBC
187 };
188
189 /* IKE hash algorithm IDs. */
190 enum ike_hash_enum {
191 IKE_HASH_MD5 = 1,
192 IKE_HASH_SHA,
193 IKE_HASH_TIGER,
194 IKE_HASH_SHA2_256,
195 IKE_HASH_SHA2_384,
196 IKE_HASH_SHA2_512
197 };
198
199 /* IKE authentication method IDs. */
200 enum ike_auth_enum {
201 IKE_AUTH_PRESHARED = 1,
202 IKE_AUTH_DSS,
203 IKE_AUTH_RSA_SIG,
204 IKE_AUTH_RSA_ENC,
205 IKE_AUTH_RSA_ENC_2,
206 IKE_AUTH_EL_GAMAL_ENC,
207 IKE_AUTH_EL_GAMAL_ENC_REV,
208 IKE_AUTH_ECDSA_SIG,
209 IKE_AUTH_HybridInitRSA = 64221,
210 IKE_AUTH_HybridRespRSA,
211 IKE_AUTH_HybridInitDSS,
212 IKE_AUTH_HybridRespDSS,
213 IKE_AUTH_XAUTHInitPreShared = 65001,
214 IKE_AUTH_XAUTHRespPreShared,
215 IKE_AUTH_XAUTHInitDSS,
216 IKE_AUTH_XAUTHRespDSS,
217 IKE_AUTH_XAUTHInitRSA,
218 IKE_AUTH_XAUTHRespRSA,
219 IKE_AUTH_XAUTHInitRSAEncryption,
220 IKE_AUTH_XAUTHRespRSAEncryption,
221 IKE_AUTH_XAUTHInitRSARevisedEncryption,
222 IKE_AUTH_XAUTHRespRSARevisedEncryption
223 };
224
225 /* IKE group IDs. */
226 enum ike_group_enum {
227 IKE_GROUP_MODP_768 = 1,
228 IKE_GROUP_MODP_1024,
229 IKE_GROUP_EC2N_155,
230 IKE_GROUP_EC2N_185,
231 IKE_GROUP_MODP_1536,
232 IKE_GROUP_EC2N_163sect,
233 IKE_GROUP_EC2N_163K,
234 IKE_GROUP_EC2N_283sect,
235 IKE_GROUP_EC2N_283K,
236 IKE_GROUP_EC2N_409sect,
237 IKE_GROUP_EC2N_409K,
238 IKE_GROUP_EC2N_571sect,
239 IKE_GROUP_EC2N_571K
240 };
241
242 /* IKE group type IDs. */
243 enum ike_group_type_enum {
244 IKE_GROUP_TYPE_MODP = 1,
245 IKE_GROUP_TYPE_ECP,
246 IKE_GROUP_TYPE_EC2N
247 };
248
249 /* IKE life type IDs. */
250 enum ike_life_enum {
251 IKE_LIFE_TYPE_SECONDS = 1,
252 IKE_LIFE_TYPE_K
253 };
254
255 /* IPSEC situation masks. */
256 enum isakmp_ipsec_sit_enum {
257 ISAKMP_IPSEC_SIT_IDENTITY_ONLY = 0x1,
258 ISAKMP_IPSEC_SIT_SECRECY = 0x2,
259 ISAKMP_IPSEC_SIT_INTEGRITY = 0x4
260 };
261
262 /* IPSEC Identification types. */
263 enum isakmp_ipsec_id_enum {
264 ISAKMP_IPSEC_ID_RESERVED = 0,
265 ISAKMP_IPSEC_ID_IPV4_ADDR,
266 ISAKMP_IPSEC_ID_FQDN,
267 ISAKMP_IPSEC_ID_USER_FQDN,
268 ISAKMP_IPSEC_ID_IPV4_ADDR_SUBNET,
269 ISAKMP_IPSEC_ID_IPV6_ADDR,
270 ISAKMP_IPSEC_ID_IPV6_ADDR_SUBNET,
271 ISAKMP_IPSEC_ID_IPV4_ADDR_RANGE,
272 ISAKMP_IPSEC_ID_IPV6_ADDR_RANGE,
273 ISAKMP_IPSEC_ID_DER_ASN1_DN,
274 ISAKMP_IPSEC_ID_DER_ASN1_GN,
275 ISAKMP_IPSEC_ID_KEY_ID
276 };
277
278 /* IPSEC protocol IDs. */
279 enum isakmp_ipsec_proto_enum {
280 ISAKMP_IPSEC_PROTO_RESERVED = 0,
281 ISAKMP_IPSEC_PROTO_ISAKMP,
282 ISAKMP_IPSEC_PROTO_IPSEC_AH,
283 ISAKMP_IPSEC_PROTO_IPSEC_ESP,
284 ISAKMP_IPSEC_PROTO_IPCOMP,
285 ISAKMP_IPSEC_PROTO_MODECFG = 512 /* hack for simplicity in debug code */
286 };
287
288 /* IPSEC transform IDs. */
289 enum isakmp_ipsec_key_enum {
290 ISAKMP_IPSEC_KEY_RESERVED = 0,
291 ISAKMP_IPSEC_KEY_IKE
292 };
293
294 /* IPSEC AH IDs. */
295 enum isakmp_ipsec_ah_enum {
296 ISAKMP_IPSEC_AH_RESERVED = 0,
297 ISAKMP_IPSEC_AH_MD5 = 2,
298 ISAKMP_IPSEC_AH_SHA,
299 ISAKMP_IPSEC_AH_DES,
300 ISAKMP_IPSEC_AH_SHA2_256,
301 ISAKMP_IPSEC_AH_SHA2_384,
302 ISAKMP_IPSEC_AH_SHA2_512,
303 ISAKMP_IPSEC_AH_RIPEMD
304 };
305
306 /* IPSEC ESP IDs. */
307 enum isakmp_ipsec_esp_enum {
308 ISAKMP_IPSEC_ESP_RESERVED = 0,
309 ISAKMP_IPSEC_ESP_DES_IV64,
310 ISAKMP_IPSEC_ESP_DES,
311 ISAKMP_IPSEC_ESP_3DES,
312 ISAKMP_IPSEC_ESP_RC5,
313 ISAKMP_IPSEC_ESP_IDEA,
314 ISAKMP_IPSEC_ESP_CAST,
315 ISAKMP_IPSEC_ESP_BLOWFISH,
316 ISAKMP_IPSEC_ESP_3IDEA,
317 ISAKMP_IPSEC_ESP_DES_IV32,
318 ISAKMP_IPSEC_ESP_RC4,
319 ISAKMP_IPSEC_ESP_NULL,
320 ISAKMP_IPSEC_ESP_AES,
321 ISAKMP_IPSEC_ESP_AES_128_CTR,
322 ISAKMP_IPSEC_ESP_AES_MARS = 249,
323 ISAKMP_IPSEC_ESP_AES_RC6,
324 ISAKMP_IPSEC_ESP_AES_RIJNDAEL,
325 ISAKMP_IPSEC_ESP_AES_SERPENT,
326 ISAKMP_IPSEC_ESP_AES_TWOFISH
327 };
328
329 /* IPSEC attribute types. */
330 enum isakmp_ipsec_attr_enum {
331 ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE = 1,
332 ISAKMP_IPSEC_ATTRIB_SA_LIFE_DURATION,
333 ISAKMP_IPSEC_ATTRIB_GROUP_DESC,
334 ISAKMP_IPSEC_ATTRIB_ENCAP_MODE,
335 ISAKMP_IPSEC_ATTRIB_AUTH_ALG,
336 ISAKMP_IPSEC_ATTRIB_KEY_LENGTH,
337 ISAKMP_IPSEC_ATTRIB_KEY_ROUNDS,
338 ISAKMP_IPSEC_ATTRIB_COMP_DICT_SIZE,
339 ISAKMP_IPSEC_ATTRIB_COMP_PRIVATE_ALG,
340 ISAKMP_IPSEC_ATTRIB_ECN_TUNNEL
341 };
342
343 /* IPSEC compression IDs. */
344 enum isakmp_ipsec_ipcomp_enum {
345 ISAKMP_IPSEC_IPCOMP_RESERVED = 0,
346 ISAKMP_IPSEC_IPCOMP_OUI,
347 ISAKMP_IPSEC_IPCOMP_DEFLATE,
348 ISAKMP_IPSEC_IPCOMP_LZS,
349 ISAKMP_IPSEC_IPCOMP_V42BIS
350 };
351
352 /* IPSEC lifetime attribute values. */
353 enum ipsec_life_enum {
354 IPSEC_LIFE_SECONDS = 1,
355 IPSEC_LIFE_K
356 };
357
358 /* IPSEC encapsulation attribute numbers. */
359 enum ipsec_encap_enum {
360 IPSEC_ENCAP_TUNNEL = 1,
361 IPSEC_ENCAP_TRANSPORT,
362 IPSEC_ENCAP_UDP_TUNNEL,
363 IPSEC_ENCAP_UDP_TRANSPORT,
364 IPSEC_ENCAP_UDP_TUNNEL_OLD = 61443,
365 IPSEC_ENCAP_UDP_TRANSPORT_OLD
366 };
367
368 /* IPSEC authentication attribute numbers. */
369 enum ipsec_auth_enum {
370 IPSEC_AUTH_HMAC_MD5 = 1,
371 IPSEC_AUTH_HMAC_SHA,
372 IPSEC_AUTH_DES_MAC,
373 IPSEC_AUTH_KPDK
374 };
375
376 /* Other numbers. */
377 #define ISAKMP_COOKIE_LENGTH 8
378 #define ISAKMP_VERSION 0x10
379 /* offsets */
380 #define ISAKMP_EXCHANGE_TYPE_O 18
381 #define ISAKMP_I_COOKIE_O 0
382 #define ISAKMP_R_COOKIE_O 8
383 #define ISAKMP_MESSAGE_ID_O 20
384 #define ISAKMP_PAYLOAD_O 28
385
386 /* defined in vpnc.c */
387 extern const unsigned char VID_XAUTH[];
388 extern const unsigned char VID_DPD[];
389 extern const unsigned char VID_UNITY[];
390 extern const unsigned char VID_UNKNOWN[];
391 extern const unsigned char VID_NATT_00[];
392 extern const unsigned char VID_NATT_01[];
393 extern const unsigned char VID_NATT_02[];
394 extern const unsigned char VID_NATT_02N[];
395 extern const unsigned char VID_NATT_RFC[];
396
397 /* Support for draft-ietf-ipsec-isakmp-mode-cfg-05.txt (yuk). */
398 enum isakmp_modecfg_cfg_enum {
399 ISAKMP_MODECFG_CFG_REQUEST = 1,
400 ISAKMP_MODECFG_CFG_REPLY,
401 ISAKMP_MODECFG_CFG_SET,
402 ISAKMP_MODECFG_CFG_ACK
403 };
404
405 enum isakmp_modecfg_attrib_enum {
406 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_ADDRESS = 1,
407 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NETMASK,
408 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS,
409 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NBNS,
410 ISAKMP_MODECFG_ATTRIB_INTERNAL_ADDRESS_EXPIRY,
411 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DHCP,
412 ISAKMP_MODECFG_ATTRIB_APPLICATION_VERSION,
413 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_ADDRESS,
414 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_NETMASK,
415 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_DNS,
416 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_NBNS,
417 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_DHCP,
418 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET,
419 ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES,
420 ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_SUBNET,
421 ISAKMP_XAUTH_06_ATTRIB_TYPE = 0x4088,
422 ISAKMP_XAUTH_06_ATTRIB_USER_NAME,
423 ISAKMP_XAUTH_06_ATTRIB_USER_PASSWORD,
424 ISAKMP_XAUTH_06_ATTRIB_PASSCODE,
425 ISAKMP_XAUTH_06_ATTRIB_MESSAGE,
426 ISAKMP_XAUTH_06_ATTRIB_CHALLENGE,
427 ISAKMP_XAUTH_06_ATTRIB_DOMAIN,
428 ISAKMP_XAUTH_06_ATTRIB_STATUS,
429 ISAKMP_XAUTH_06_ATTRIB_NEXT_PIN,
430 ISAKMP_XAUTH_06_ATTRIB_ANSWER, /* TYPE .. ANSWER is excluded from dump */
431 ISAKMP_MODECFG_ATTRIB_CISCO_BANNER = 0x7000,
432 ISAKMP_MODECFG_ATTRIB_CISCO_SAVE_PW,
433 ISAKMP_MODECFG_ATTRIB_CISCO_DEF_DOMAIN,
434 ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_DNS,
435 ISAKMP_MODECFG_ATTRIB_CISCO_SPLIT_INC,
436 ISAKMP_MODECFG_ATTRIB_CISCO_UDP_ENCAP_PORT,
437 ISAKMP_MODECFG_ATTRIB_CISCO_UNKNOWN, /* whatever 0x7006 is... */
438 ISAKMP_MODECFG_ATTRIB_CISCO_DO_PFS,
439 /* Cisco Ext: Smartcard Disconnect */
440 /* Cisco Ext: IKE_CFG_FWTYPE_VENDOR */
441 /* Cisco Ext: IKE_CFG_FWTYPE_PRODUCT */
442 /* Cisco Ext: IKE_CFG_FWTYPE_CAPABILITIES??? */
443 ISAKMP_MODECFG_ATTRIB_CISCO_FW_TYPE,
444 ISAKMP_MODECFG_ATTRIB_CISCO_BACKUP_SERVER,
445 ISAKMP_MODECFG_ATTRIB_CISCO_DDNS_HOSTNAME,
446 ISAKMP_XAUTH_ATTRIB_CISCOEXT_VENDOR = 0x7d88 /* strange cisco things ... need docs! */
447 };
448
449 #endif
client for cisco vpn concentrator