Martin Willi
|
3b71d3d033
|
Reload strongswan.conf and plugins supporting reloading on SIGHUP
|
2011-04-15 10:07:13 +02:00 |
Martin Willi
|
84f89634ef
|
Moved logger initialization from libcharon to charon
|
2011-01-05 16:45:40 +01:00 |
Andreas Steffen
|
ed08f7ce83
|
use DBG_TNC for TNC debugging output
|
2010-10-09 16:01:19 +02:00 |
Andreas Steffen
|
99dfc3c295
|
added --debug-tls to charon usage() function
|
2010-10-07 09:34:56 +02:00 |
Andreas Steffen
|
4776500055
|
added debug-tls comand line option
|
2010-08-23 17:51:40 +02:00 |
Martin Willi
|
0b71bc7af0
|
Moved eap-tls plugin to libcharon, updated to 4.4.1 APIs
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
400df4ca7c
|
Implemented EAP-TLS server functionality
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
97abf95412
|
TLS stack keeps a copy of server/peer identities
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
c8a2fca58c
|
Limit the number of EAP-TLS packets allowed
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
8fef06a683
|
Use stricter state handling while processing TLS messages
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
dc9f34be4d
|
Cleaned up the public TLS interface
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
84d67ead4e
|
Refactored common used operations into TLS crypto helper
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
3e7e777941
|
Properly send empty EAP-TLS messages
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
51313a39d1
|
Derive MSK for EAP-TLS authentication
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
110364b042
|
Verify Server Finished message
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
f139b5786f
|
Implemented input record decryption and verification
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
84543e6efa
|
Implemented key derivation, output record signing and encryption
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
18010de23d
|
Derive master secret, create Finished message
|
2010-08-03 15:39:25 +02:00 |
Martin Willi
|
149b7e6d01
|
Implemented the TLS specific PRF in its TLSv1.0 and TLSv1.2 variants
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
3ddd164e5e
|
Implemented sending of Certificate, ClientKeyExchange, CertificateVerify and ChangeCipherSpec as peer
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
3a1640dea1
|
Implemented a tls_writer class to simplify TLS data generation
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
4ef946dd64
|
Implemented a tls_reader class to simplify TLS data parsing
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
3e962b0843
|
Process ServerHello(Done), Certificate(Request) messages
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
698674c7f3
|
Send a ClientHello to start TLS negotiation
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
536dbc00b9
|
Added TLS crypto helper, currently supports cipher suite selection
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
4c0c2283a5
|
Added stubs for handshake handling, server and peer variants
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
4c0124a0a2
|
Accept follow-up fragments with a TLS message length
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
40e384ea01
|
Added dummy/identity implementations of the different TLS record layers
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
dcbbeb2d09
|
Pass TLS records to newly introduced TLS stack
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
f7f63c52e1
|
Added some TLS constants
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
b173819e5d
|
(De-)fragment EAP-TLS packets, pass TLS records to upper layer
|
2010-08-03 15:39:24 +02:00 |
Martin Willi
|
2107953804
|
Added EAP-TLS plugin stub
|
2010-08-03 15:39:24 +02:00 |
Tobias Brunner
|
4f9b82bc1d
|
Fixed compiler warning.
|
2010-06-15 19:58:59 +02:00 |
Tobias Brunner
|
404960e522
|
Run as vpn user on Android.
|
2010-06-15 19:57:31 +02:00 |
Tobias Brunner
|
b02a03a5dd
|
Truncate the PID file so that even if we fail to unlink it, the daemon can be restarted properly.
|
2010-06-15 19:57:14 +02:00 |
Martin Willi
|
091d178060
|
Option to skip slow addr2line resolution in leak-detective
|
2010-05-20 17:37:18 +02:00 |
Tobias Brunner
|
9d843ee6fa
|
Do a proper cleanup when printing usage info.
|
2010-05-04 18:34:27 +02:00 |
Tobias Brunner
|
6edbe1652b
|
Integrating libhydra into the Android build system.
|
2010-04-12 16:47:47 +02:00 |
Martin Willi
|
29a46aacad
|
Moved ha plugin to libcharon
|
2010-04-07 13:55:16 +02:00 |
Martin Willi
|
3e8caf6af6
|
Make resync/monitoring functionality optional
|
2010-04-07 13:55:16 +02:00 |
Martin Willi
|
f24ca1dd55
|
Listen to ike_updown/rekey hook instead of ike_state_change
|
2010-04-07 13:55:16 +02:00 |
Martin Willi
|
c866a42737
|
Request a complete resync after daemon startup
|
2010-04-07 13:55:16 +02:00 |
Martin Willi
|
1466af8556
|
Do not automatically take over segments, as we need to resync first
|
2010-04-07 13:55:16 +02:00 |
Martin Willi
|
ea249cc6f0
|
Drop overlapping segments only if we have no active SAs on it
|
2010-04-07 13:55:16 +02:00 |
Martin Willi
|
a05e388540
|
Do not install iptables rules, they should stay active after shutdown
|
2010-04-07 13:55:16 +02:00 |
Martin Willi
|
e262f4e543
|
Take over all segments if heartbeat becomes silent
|
2010-04-07 13:55:15 +02:00 |
Martin Willi
|
d87489661c
|
Renamed ha-sync plugin to ha
|
2010-04-07 13:55:15 +02:00 |
Martin Willi
|
3c82381296
|
Try to send HA sync messages synchronously
|
2010-04-07 13:55:15 +02:00 |
Martin Willi
|
f4f394e67c
|
Do not sync a delete for a child in a destroying IKE_SA
|
2010-04-07 13:55:15 +02:00 |
Martin Willi
|
5a0a359b88
|
Include ICMP traffic in sync tunnel
|
2010-04-07 13:55:15 +02:00 |
Martin Willi
|
874c0bd8b8
|
Refactored segment enabling/disabling
|
2010-04-07 13:55:15 +02:00 |
Martin Willi
|
5d67259042
|
Use a connected UDP socket
|
2010-04-07 13:55:15 +02:00 |
Martin Willi
|
06308d9ede
|
Removed obsolete socket subclasses
|
2010-04-07 13:55:15 +02:00 |
Martin Willi
|
3912fdb1ec
|
Automatically segment cluster using periodically sent status messages
|
2010-04-07 13:55:14 +02:00 |
Martin Willi
|
b7f15be136
|
Do not enable/disable our own sync tunnel
|
2010-04-07 13:55:14 +02:00 |
Martin Willi
|
9fdf5f712e
|
Enable/disable inactive/active segments only
|
2010-04-07 13:55:14 +02:00 |
Martin Willi
|
310498f3de
|
Deactivate all active segments before shutting down
|
2010-04-07 13:55:14 +02:00 |
Martin Willi
|
4e248733a8
|
HA kernel interface can mangle netfilter rules, currently with iptables invocation
|
2010-04-07 13:55:14 +02:00 |
Martin Willi
|
dbc91f7c84
|
Added support for kernel segment manipulation
|
2010-04-07 13:55:14 +02:00 |
Martin Willi
|
6921e8d5a9
|
Moved segment configuration parsing to ha_sync_plugin
|
2010-04-07 13:55:14 +02:00 |
Martin Willi
|
37459ea928
|
Propagate segment manipulation to cluster node
|
2010-04-07 13:55:14 +02:00 |
Martin Willi
|
3d672d4b0a
|
Segment manipulation in HA sync is thread save
|
2010-04-07 13:55:14 +02:00 |
Martin Willi
|
c573b11c55
|
Passing 0 to segments->(de-)activate enables/disables all segments
|
2010-04-07 13:55:14 +02:00 |
Martin Willi
|
7ceaf50b05
|
separated auto-tunnel functionality from socket
|
2010-04-07 13:55:13 +02:00 |
Martin Willi
|
f5632db953
|
create external fifo socket only if "fifo_interface" option is set
|
2010-04-07 13:55:13 +02:00 |
Martin Willi
|
47d365deef
|
updated linuxdir include variable
|
2010-04-07 13:55:13 +02:00 |
Martin Willi
|
724736ff1c
|
updated HA sync plugin to new lifetime config
|
2010-04-07 13:55:13 +02:00 |
Martin Willi
|
f825238594
|
print "none" if not serving any segments
|
2010-04-07 13:55:13 +02:00 |
Martin Willi
|
a33eb8631c
|
automatically establish a PSK authenticated SA between cluster nodes
|
2010-04-07 13:55:13 +02:00 |
Martin Willi
|
80624c79d5
|
fixed memleak when installing synced virtual IPs
|
2010-04-07 13:55:13 +02:00 |
Martin Willi
|
b1d495f469
|
do not sync CHILD_SAs without an IKE_SA
|
2010-04-07 13:55:13 +02:00 |
Martin Willi
|
5b7c0f4409
|
removed $Id$ from ha plugin
|
2010-04-07 13:55:13 +02:00 |
Martin Willi
|
26d08a241a
|
fixed ike_sa condition/extension parsing
|
2010-04-07 13:55:12 +02:00 |
Martin Willi
|
1e977438af
|
fixed sync of CHILD_SA delete
|
2010-04-07 13:55:12 +02:00 |
Martin Willi
|
9ffcbea6f1
|
added HA resync option to (re-)integrate nodes to a cluster
|
2010-04-07 13:55:12 +02:00 |
Martin Willi
|
c81f4fa29d
|
apply peer config during rekeying
|
2010-04-07 13:55:12 +02:00 |
Martin Willi
|
34d240a6e3
|
manage synced SAs in IKE_SA Manager, tag them with IKE_PASSIVE state
|
2010-04-07 13:55:12 +02:00 |
Martin Willi
|
d4113a42e9
|
support for IKE_SA rekeying sync
|
2010-04-07 13:55:12 +02:00 |
Martin Willi
|
aa98188af5
|
IKE_SA activation/deactivation magic using a fifo socket
|
2010-04-07 13:55:12 +02:00 |
Martin Willi
|
c94fe198e9
|
syncing of complete IKE/CHILD_SAs works
|
2010-04-07 13:55:11 +02:00 |
Martin Willi
|
7999be5b0e
|
pushing basic CHILD_SA sync data to backup node
|
2010-04-07 13:55:11 +02:00 |
Martin Willi
|
765935c8f6
|
basic syncing of IKE_SAs
recreating SAs with keymat derivation
|
2010-04-07 13:55:11 +02:00 |
Martin Willi
|
190edaf527
|
added a dispatcher class to receive HA sync messages
simple attribute parser enumerator (probably needs a cleaner implementation)
|
2010-04-07 13:55:11 +02:00 |
Martin Willi
|
12ec91ba3a
|
generating basic IKE_SA sync messages
pushing to statically configured failover node
|
2010-04-07 13:55:11 +02:00 |
Martin Willi
|
e5e91eec29
|
set up basic infrastructure ha_sync plugin
|
2010-04-07 13:55:11 +02:00 |
Martin Willi
|
e16d76f9a4
|
added child_sa serialization to ha_sync plugin
|
2010-04-07 13:55:11 +02:00 |
Martin Willi
|
e67f5136c0
|
HA sync plugin stub
|
2010-04-07 13:55:11 +02:00 |
Tobias Brunner
|
9ed6341d3f
|
Adding support for debug groups in libstrongswan's logger.
|
2010-04-06 12:47:40 +02:00 |
Tobias Brunner
|
facf887253
|
Store the name of the daemon that initialized libhydra to load daemon-specific settings.
|
2010-04-06 12:47:40 +02:00 |
Tobias Brunner
|
a1f90c7a85
|
Fixed deinit for charon --version.
|
2010-03-24 18:53:10 +01:00 |
Tobias Brunner
|
52bff307e1
|
Init/deinit libhydra in charon and pluto.
|
2010-03-24 18:53:10 +01:00 |
Tobias Brunner
|
39856897e6
|
Link pluto and charon to libhydra, fixes monolithic build.
|
2010-03-24 18:53:10 +01:00 |
Tobias Brunner
|
c92c94542a
|
Missed to include charon's Android.mk in the distribution.
|
2010-03-22 11:32:20 +01:00 |
Martin Willi
|
6150efa885
|
Added charon to .gitignore
|
2010-03-19 17:17:54 +01:00 |
Tobias Brunner
|
d92b337fe9
|
Do not indent the source file lists in Android.mk files so we can easily compare them to the lists in the Makefile.am files.
|
2010-03-19 13:34:53 +01:00 |
Tobias Brunner
|
52c7257366
|
Adding support for the build of libcharon (and charon) on Android.
|
2010-03-19 13:34:53 +01:00 |
Tobias Brunner
|
ef87a61efd
|
Explicitly link charon to libstrongswan.
Also fixed the reference to the pthread library.
|
2010-03-19 13:34:53 +01:00 |
Tobias Brunner
|
349fa52852
|
Replacing the original charon with a small wrapper around libcharon.
|
2010-03-19 13:34:52 +01:00 |
Tobias Brunner
|
08c5572602
|
Moving charon to libcharon.
|
2010-03-19 13:34:52 +01:00 |
Martin Willi
|
f0da32c58d
|
Introduced ipsec.conf NTLM keyword for NT hashes
|
2010-03-17 18:51:00 +01:00 |