René Fischer
4261fcedec
botan: Use strongSwan's RNG interface in Botan plugin
...
This allows using rng_t implementations provided by other plugins to
serve as RNG for Botan.
Closes strongswan/strongswan#192 .
2021-02-15 09:27:51 +01:00
Andreas Steffen
737375a2d2
drbg: Implemented NIST SP-800-90A DRBG
2019-10-16 16:46:24 +02:00
Tobias Brunner
d3329ee540
wolfssl: Fixes, code style changes and some refactorings
...
The main fixes are
* the generation of fingerprints for RSA, ECDSA, and EdDSA
* the encoding of ECDSA private keys
* calculating p and q for RSA private keys
* deriving the public key for raw Ed25519 private keys
Also, instead of numeric literals for buffer lengths ASN.1 related
constants are used.
2019-04-24 12:26:08 +02:00
Tobias Brunner
d49ad922c1
conf: Use actually configured path for strongswan.conf
...
References #2984 .
2019-03-27 10:07:16 +01:00
Andreas Steffen
a31f9b7691
libimcv: Removed TCG SWID IMC/IMV support
2018-06-12 21:47:39 +02:00
Codrut Cristian Grosu
345cd4684c
save-keys: Add save-keys plugin
...
This plugin will export IKE_SA and CHILD_SA secret keys in the format used
by Wireshark.
It has to be loaded explicitly.
2018-02-15 23:03:29 +01:00
Tobias Brunner
7f1d944bc9
The pacman tool got replaced by the sec-updater tool
2017-11-15 12:18:17 +01:00
Andreas Steffen
8aad7ffb11
sec-updater: Import SWID tags of updated packages
...
sec-updater downloads the deb package files from security updates from
a given linux repository and uses the swid_generator command to
derive a SWID tag. The SWID tag is then imported into strongTNC
using the manage.py importswid command.
2017-09-09 20:23:19 +02:00
Tobias Brunner
67402ec77b
curl: Enable following redirects
...
The maximum number of redirects can be limited. The functionality can also
be disabled.
Fixes #2366 .
2017-07-27 13:15:43 +02:00
Andreas Steffen
032a5767ad
sw-collector: Collects endpoint software events
2017-07-08 23:19:51 +02:00
Andreas Steffen
3a7c594c14
imv-swima: Created SWIMA IMV plugin
2017-07-08 23:19:51 +02:00
Andreas Steffen
2821c0f740
imc-swima: Created SWIMA IMC plugin
2017-07-08 23:19:51 +02:00
Tobias Brunner
1aba82bfd7
eap-aka-3gpp: Add plugin that implements 3GPP MILENAGE algorithm in software
...
This is similar to the eap-aka-3gpp2 plugin. K (optionally concatenated
with OPc) may be configured as binary EAP secret in ipsec.secrets or
swanctl.conf.
Based on a patch by Thomas Strangert.
Fixes #2326 .
2017-07-05 10:03:38 +02:00
Tobias Brunner
967e13bfb5
conf: Remove snippet for aikpub2
2017-03-23 18:29:18 +01:00
Andreas Steffen
2b233c8a64
The tpm plugin offers random number generation
...
The tpm plugin can be used to derive true random numbers from a
TPM 2.0 device. The get_random method must be explicitly enabled
in strongswan.conf with the plugin.tpm.use_rng = yes option.
2017-03-20 21:16:10 +01:00
Martin Willi
d1317adb9a
addrblock: Support an optional non-strict mode accepting certs without addrblock
...
This allows a gateway to enforce the addrblock policy on certificates that
actually have the extension only. For (legacy) certificates not having the
extension, traffic selectors are validated/narrowed by other means, most
likely by the configuration.
2017-03-02 08:24:02 +01:00
Tobias Brunner
0aabfe0780
bypass-lan: Allow ignoring or only considering subnets of specific interfaces
...
The config can also be reloaded by sending a SIGHUP to charon.
2017-02-08 10:38:28 +01:00
Andreas Steffen
e3f63c6469
revocation: OCSP and/or CRL fetching can be disabled
2016-12-30 18:12:53 +01:00
Tobias Brunner
97c74b565b
nm: Make global CA directory configurable
2016-10-04 10:27:35 +02:00
Andreas Steffen
36bf2b1bc5
conf: aikpub2.opt added to Makefile.am
2016-08-25 13:22:51 +02:00
Tobias Brunner
276acafa2d
p-cscf: Make sending requests configurable and disable it by default
2016-03-10 11:57:38 +01:00
Tobias Brunner
486d7b2671
conf: Add documentation for new osx-attr option
2015-08-28 15:49:58 +02:00
Andreas Steffen
6a3d035505
Added imc-hcd attributes to strongswan.conf
2015-08-18 21:25:39 +02:00
Andreas Steffen
79b5a33c11
imv_policy_manager: Added capability to execute an allow or block shell command string
2015-04-26 10:55:24 +02:00
Tobias Brunner
96e6130537
kernel-pfkey: Add option to set receive buffer size of event socket
...
If many requests are sent to the kernel the events generated by these
requests may fill the receive buffer before the daemon is able to read
these messages.
Fixes #783 .
2015-03-06 16:45:22 +01:00
Andreas Steffen
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
Martin Willi
ed14d3ebe4
forecast: Document strongswan.conf options
2015-02-20 16:34:55 +01:00
Martin Willi
b2c1973ffb
ext-auth: Add an ext-auth plugin invoking an external authorization script
...
Original patch courtesy of Vyronas Tsingaras.
2014-10-06 18:30:46 +02:00
Shea Levy
0efea2fd86
Don't fail to install if sysconfdir isn't writable
2014-09-26 10:52:37 +02:00
Martin Willi
e2d9f27c19
systemd: Add a native systemd journal logger
2014-09-22 14:19:37 +02:00
Tobias Brunner
38f27e172c
conf: Document swanctl options
2014-06-30 13:25:13 +02:00
Tobias Brunner
4d066ef7fc
conf: Document aikgen options
2014-06-30 13:25:13 +02:00
Tobias Brunner
3986c1e3fd
autoconf: Replace --disable-tools option with --disable-scepclient
...
Since using a separate option for pki this was the only tool that was still
enabled by that option.
2014-06-30 13:25:13 +02:00
Tobias Brunner
566d1a90cd
Remove kernel-klips plugin
2014-06-19 14:20:33 +02:00
Martin Willi
b70849ada2
configure: Separate pki from --disable-tools
...
While pki builds and runs just fine on Windows, this is not true for scepclient.
2014-06-04 15:53:08 +02:00
Andreas Steffen
bfd8f8c5fe
Updated IMC/IMV entries in strongswan.conf man page
2014-05-31 20:37:57 +02:00
Martin Willi
7dbf9e1574
vici: Document strongswan.conf options
2014-05-07 14:13:38 +02:00
Tobias Brunner
bd1c9f1eac
conf: Fix out-of-tree build from distribution
...
It worked from the repository, where strongswan.conf.5.main is generated
in the build dir, but not from the distribution where it is located in
the source dir, so explicitly create it in the source dir.
2014-02-27 12:02:13 +01:00
Tobias Brunner
5645ad2976
conf: Fix installation on FreeBSD
...
Apparently, the -t option for install is not portable.
2014-02-13 13:53:25 +01:00
Tobias Brunner
03650d5a2d
conf: The use of $^ is not portable
...
Generating strongswan.conf.5.main in a subshell gets the file
properly written to the builddir in out-of-tree builds.
2014-02-13 11:47:02 +01:00
Tobias Brunner
efce4559e8
conf: Install config files world-readable but warn about permissions for certain options
2014-02-12 15:16:57 +01:00
Tobias Brunner
7573a7ed56
conf: Only install config snippets for enabled components
2014-02-12 14:34:34 +01:00
Tobias Brunner
ff94fe157a
conf: Document options of other programs
2014-02-12 14:34:34 +01:00
Tobias Brunner
5ac757872b
conf: Document options of plugins in libpts
2014-02-12 14:34:34 +01:00
Tobias Brunner
bf3f4bf7a2
conf: Document libimcv options
2014-02-12 14:34:34 +01:00
Tobias Brunner
4576f7f960
conf: Document libtnccs options
2014-02-12 14:34:34 +01:00
Tobias Brunner
d56a23c515
conf: Create automatically generated config snippets in build dir
2014-02-12 14:34:34 +01:00
Tobias Brunner
7f535b3938
conf: Install config snippets in /usr/share/strongswan/templates/config too
2014-02-12 14:34:34 +01:00
Tobias Brunner
6a2de77f2e
conf: Only install config snippets if they don't exist yet
2014-02-12 14:34:34 +01:00
Tobias Brunner
828815b0d8
conf: Options of all plugins documented
...
Some options are still missing descriptions though.
2014-02-12 14:34:34 +01:00