276acafa2d
p-cscf: Make sending requests configurable and disable it by default
2016-03-10 11:57:38 +01:00
ac36ede93c
eap-radius: Add ability to configure RADIUS retransmission behavior
...
Closes strongswan/strongswan#19 .
2015-11-17 14:25:08 +01:00
486d7b2671
conf: Add documentation for new osx-attr option
2015-08-28 15:49:58 +02:00
6b0bdda010
conf: Fix declaration of default values for imc-hcd options
2015-08-27 17:07:13 +02:00
8212f3d9a4
stroke: Add an option to disable side-swapping of configuration options
...
In some scenarios it might be preferred to ensure left is always local
and no unintended swaps occur.
2015-08-21 18:19:26 +02:00
6a3d035505
Added imc-hcd attributes to strongswan.conf
2015-08-18 21:25:39 +02:00
99b1a1a1d8
conf: Clarify resolution for two time settings
...
Fixes #1061 .
2015-08-10 12:02:13 +02:00
186d25cbe6
eap-radius: Change trigger for Accounting Start messages for IKEv1
...
Some clients won't do Mode Config or XAuth during reauthentication.
Because Start messages previously were triggered by TRANSACTION exchanges
none were sent for new SAs of such clients, while Stop messages were still
sent for the old SAs when they were destroyed. This resulted in an
incorrect state on the RADIUS server.
Since 31be582399Fixes #937 .
2015-08-06 14:57:26 +02:00
197de6e66b
kernel-netlink: Use PAGE_SIZE as default size for the netlink receive buffer
...
The kernel uses NLMSG_GOODSIZE as default buffer size, which defaults to
the PAGE_SIZE if it is lower than 8192 or to that value otherwise.
In some cases (e.g. for dump messages) the kernel might use up to 16k
for messages, which might require increasing this value.
2015-08-04 14:15:19 +02:00
cc902695e8
kernel-netlink: Make buffer size for received Netlink messages configurable
2015-05-21 10:19:08 +02:00
b07fb365ef
Added PB-TNC test options to strongswan.conf man page
2015-03-27 21:05:00 +01:00
8b36323b8c
Fixed strongswan.conf man page entry of imc-attestation
2015-03-27 20:56:44 +01:00
c6aed8aa21
Optionally announce PB-TNC mutual protocol capability
2015-03-23 22:25:43 +01:00
96e6130537
kernel-pfkey: Add option to set receive buffer size of event socket
...
If many requests are sent to the kernel the events generated by these
requests may fill the receive buffer before the daemon is able to read
these messages.
Fixes #783 .
2015-03-06 16:45:22 +01:00
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
ed14d3ebe4
forecast: Document strongswan.conf options
2015-02-20 16:34:55 +01:00
8edea13a5a
kernel-netlink: Add missing documentation for two options
2014-12-19 15:36:01 +01:00
87888f9926
kernel-netlink: Alternatively support global port based IKE bypass policies
...
The socket based IKE bypass policies are usually superior, but not supported
on all networking stacks. The port based variant uses global policies for the
UDP ports we have IKE sockets for.
2014-11-21 10:55:45 +01:00
6f9df556ba
conf: Document kernel-netlink retransmission and parallelization options
2014-11-21 10:55:45 +01:00
3633b80147
eap-radius: Add option to set interval for interim accounting updates
...
Any interval returned by the RADIUS server in the Access-Accept message
overrides the configured interval. But it might be useful if RADIUS is
only used for accounting.
2014-10-10 09:51:13 +02:00
b2c1973ffb
ext-auth: Add an ext-auth plugin invoking an external authorization script
...
Original patch courtesy of Vyronas Tsingaras.
2014-10-06 18:30:46 +02:00
213e02b872
stroke: Allow specifying the ipsec.secrets location in strongswan.conf
2014-10-02 14:31:00 +02:00
90e6675a65
kernel-netlink: Optionally install protocol and ports on transport mode SAs
2014-09-12 10:45:50 +02:00
47a0e289d9
kernel-netlink: Add global option to configure MSS-clamping on installed routes
2014-09-12 10:13:30 +02:00
c1adf7e0c4
kernel-netlink: Add global option to set MTU on installed routes
2014-09-12 10:13:30 +02:00
33967467e2
conf: Document load-tester.crl option
2014-06-30 13:25:13 +02:00
566d1a90cd
Remove kernel-klips plugin
2014-06-19 14:20:33 +02:00
18ba2a3035
Fixed typo in strongswan.conf
2014-06-05 11:26:54 +02:00
bfd8f8c5fe
Updated IMC/IMV entries in strongswan.conf man page
2014-05-31 20:37:57 +02:00
8d59090349
Implemented PT-EAP protocol (RFC 7171)
2014-05-12 06:59:21 +02:00
688b5b99ed
Changed default value to libimcv.imc-attestation.pcr_info = no
2014-05-10 20:08:20 +02:00
7dbf9e1574
vici: Document strongswan.conf options
2014-05-07 14:13:38 +02:00
8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
0bd64fa5bf
Renamed the AIK public key parameter to imc-attestation.aik_pubkey
2014-04-15 09:21:05 +02:00
c54c26dd17
Implemented configurable Device ID in OS IMC
2014-04-15 09:21:05 +02:00
00b91c4325
eap-radius: Add option to not close IKE_SAs on timeouts during interim accouting updates
...
Fixes #528 .
2014-03-31 14:32:44 +02:00
342bc6e545
Disable mandatory ECP support for attestion
2014-03-07 21:56:34 +01:00
efce4559e8
conf: Install config files world-readable but warn about permissions for certain options
2014-02-12 15:16:57 +01:00
5ac757872b
conf: Document options of plugins in libpts
2014-02-12 14:34:34 +01:00
bf3f4bf7a2
conf: Document libimcv options
2014-02-12 14:34:34 +01:00
4576f7f960
conf: Document libtnccs options
2014-02-12 14:34:34 +01:00
fc380b175d
conf: Move load-tester options to plugin specific file
2014-02-12 14:34:34 +01:00
828815b0d8
conf: Options of all plugins documented
...
Some options are still missing descriptions though.
2014-02-12 14:34:34 +01:00
1b98f85821
conf: Generate and install config sippets for option descriptions
...
The strongswan.d directory is also created relative to the configured
location of strongswan.conf.
2014-02-12 14:34:33 +01:00
Tobias Brunner