Tobias Brunner
276acafa2d
p-cscf: Make sending requests configurable and disable it by default
2016-03-10 11:57:38 +01:00
Thom Troy
ac36ede93c
eap-radius: Add ability to configure RADIUS retransmission behavior
...
Closes strongswan/strongswan#19 .
2015-11-17 14:25:08 +01:00
Tobias Brunner
486d7b2671
conf: Add documentation for new osx-attr option
2015-08-28 15:49:58 +02:00
Tobias Brunner
6b0bdda010
conf: Fix declaration of default values for imc-hcd options
2015-08-27 17:07:13 +02:00
Tobias Brunner
8212f3d9a4
stroke: Add an option to disable side-swapping of configuration options
...
In some scenarios it might be preferred to ensure left is always local
and no unintended swaps occur.
2015-08-21 18:19:26 +02:00
Andreas Steffen
6a3d035505
Added imc-hcd attributes to strongswan.conf
2015-08-18 21:25:39 +02:00
Tobias Brunner
99b1a1a1d8
conf: Clarify resolution for two time settings
...
Fixes #1061 .
2015-08-10 12:02:13 +02:00
Tobias Brunner
186d25cbe6
eap-radius: Change trigger for Accounting Start messages for IKEv1
...
Some clients won't do Mode Config or XAuth during reauthentication.
Because Start messages previously were triggered by TRANSACTION exchanges
none were sent for new SAs of such clients, while Stop messages were still
sent for the old SAs when they were destroyed. This resulted in an
incorrect state on the RADIUS server.
Since 31be582399
the assign_vips() event is also triggered during
reauthentication if the client does not do a Mode Config exchange.
So instead of waiting for a TRANSACTION exchange we trigger the Start
message when a virtual IP is assigned to a client.
With this the charon.plugins.eap-radius.accounting_requires_vip option
would not have any effect for IKEv1 anymore. However, it previously also
only worked if the client did an XAuth exchange, which is probably
rarely used without virtual IPs, so this might not be much of a
regression.
Fixes #937 .
2015-08-06 14:57:26 +02:00
Tobias Brunner
197de6e66b
kernel-netlink: Use PAGE_SIZE as default size for the netlink receive buffer
...
The kernel uses NLMSG_GOODSIZE as default buffer size, which defaults to
the PAGE_SIZE if it is lower than 8192 or to that value otherwise.
In some cases (e.g. for dump messages) the kernel might use up to 16k
for messages, which might require increasing this value.
2015-08-04 14:15:19 +02:00
Tobias Brunner
cc902695e8
kernel-netlink: Make buffer size for received Netlink messages configurable
2015-05-21 10:19:08 +02:00
Andreas Steffen
b07fb365ef
Added PB-TNC test options to strongswan.conf man page
2015-03-27 21:05:00 +01:00
Andreas Steffen
8b36323b8c
Fixed strongswan.conf man page entry of imc-attestation
2015-03-27 20:56:44 +01:00
Andreas Steffen
c6aed8aa21
Optionally announce PB-TNC mutual protocol capability
2015-03-23 22:25:43 +01:00
Tobias Brunner
96e6130537
kernel-pfkey: Add option to set receive buffer size of event socket
...
If many requests are sent to the kernel the events generated by these
requests may fill the receive buffer before the daemon is able to read
these messages.
Fixes #783 .
2015-03-06 16:45:22 +01:00
Andreas Steffen
c2aca9eed2
Implemented improved BLISS-B signature algorithm
2015-02-25 21:45:34 +01:00
Martin Willi
ed14d3ebe4
forecast: Document strongswan.conf options
2015-02-20 16:34:55 +01:00
Tobias Brunner
8edea13a5a
kernel-netlink: Add missing documentation for two options
2014-12-19 15:36:01 +01:00
Martin Willi
87888f9926
kernel-netlink: Alternatively support global port based IKE bypass policies
...
The socket based IKE bypass policies are usually superior, but not supported
on all networking stacks. The port based variant uses global policies for the
UDP ports we have IKE sockets for.
2014-11-21 10:55:45 +01:00
Martin Willi
6f9df556ba
conf: Document kernel-netlink retransmission and parallelization options
2014-11-21 10:55:45 +01:00
Tobias Brunner
3633b80147
eap-radius: Add option to set interval for interim accounting updates
...
Any interval returned by the RADIUS server in the Access-Accept message
overrides the configured interval. But it might be useful if RADIUS is
only used for accounting.
2014-10-10 09:51:13 +02:00
Martin Willi
b2c1973ffb
ext-auth: Add an ext-auth plugin invoking an external authorization script
...
Original patch courtesy of Vyronas Tsingaras.
2014-10-06 18:30:46 +02:00
Shea Levy
213e02b872
stroke: Allow specifying the ipsec.secrets location in strongswan.conf
2014-10-02 14:31:00 +02:00
Tobias Brunner
90e6675a65
kernel-netlink: Optionally install protocol and ports on transport mode SAs
2014-09-12 10:45:50 +02:00
Tobias Brunner
47a0e289d9
kernel-netlink: Add global option to configure MSS-clamping on installed routes
2014-09-12 10:13:30 +02:00
Tobias Brunner
c1adf7e0c4
kernel-netlink: Add global option to set MTU on installed routes
2014-09-12 10:13:30 +02:00
Tobias Brunner
33967467e2
conf: Document load-tester.crl option
2014-06-30 13:25:13 +02:00
Tobias Brunner
566d1a90cd
Remove kernel-klips plugin
2014-06-19 14:20:33 +02:00
Andreas Steffen
18ba2a3035
Fixed typo in strongswan.conf
2014-06-05 11:26:54 +02:00
Andreas Steffen
bfd8f8c5fe
Updated IMC/IMV entries in strongswan.conf man page
2014-05-31 20:37:57 +02:00
Andreas Steffen
8d59090349
Implemented PT-EAP protocol (RFC 7171)
2014-05-12 06:59:21 +02:00
Andreas Steffen
688b5b99ed
Changed default value to libimcv.imc-attestation.pcr_info = no
2014-05-10 20:08:20 +02:00
Martin Willi
7dbf9e1574
vici: Document strongswan.conf options
2014-05-07 14:13:38 +02:00
Andreas Steffen
8c40609f96
Use python-based swidGenerator to generated SWID tags
2014-04-15 09:21:06 +02:00
Andreas Steffen
0bd64fa5bf
Renamed the AIK public key parameter to imc-attestation.aik_pubkey
2014-04-15 09:21:05 +02:00
Andreas Steffen
c54c26dd17
Implemented configurable Device ID in OS IMC
2014-04-15 09:21:05 +02:00
Tobias Brunner
00b91c4325
eap-radius: Add option to not close IKE_SAs on timeouts during interim accouting updates
...
Fixes #528 .
2014-03-31 14:32:44 +02:00
Andreas Steffen
342bc6e545
Disable mandatory ECP support for attestion
2014-03-07 21:56:34 +01:00
Tobias Brunner
efce4559e8
conf: Install config files world-readable but warn about permissions for certain options
2014-02-12 15:16:57 +01:00
Tobias Brunner
5ac757872b
conf: Document options of plugins in libpts
2014-02-12 14:34:34 +01:00
Tobias Brunner
bf3f4bf7a2
conf: Document libimcv options
2014-02-12 14:34:34 +01:00
Tobias Brunner
4576f7f960
conf: Document libtnccs options
2014-02-12 14:34:34 +01:00
Tobias Brunner
fc380b175d
conf: Move load-tester options to plugin specific file
2014-02-12 14:34:34 +01:00
Tobias Brunner
828815b0d8
conf: Options of all plugins documented
...
Some options are still missing descriptions though.
2014-02-12 14:34:34 +01:00
Tobias Brunner
1b98f85821
conf: Generate and install config sippets for option descriptions
...
The strongswan.d directory is also created relative to the configured
location of strongswan.conf.
2014-02-12 14:34:33 +01:00