ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
16,485 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

29 Commits

Author SHA1 Message Date
Tobias Brunner 0bcfed1aa2 vici: Optionally terminate IKE_SA immediately 2018-05-22 10:06:07 +02:00
Tobias Brunner 7b72909774 controller: Add option to force destruction of an IKE_SA 
It's optionally possible to wait for a timeout to destroy the SA.
 2018-05-22 10:06:07 +02:00
Tobias Brunner 24fa1bb02a trap-manager: Remove reqid parameter from install() and change return type 
Reqids for the same traffic selectors are now stable so we don't have to
pass reqids of previously installed CHILD_SAs.  Likewise, we don't need
to know the reqid of the newly installed trap policy as we now uninstall
by name.
 2018-02-22 11:31:05 +01:00
Tobias Brunner ca213e1907 trap-manager: Uninstall trap policies by name and not reqid 
If a trap policy is concurrently uninstalled and reinstalled under a
different name the reqid will be the same so the wrong trap might be
removed.
 2018-02-22 11:31:05 +01:00
Tobias Brunner 6f569263a0 vici: Remove external enumeration to uninstall shunt policies 2018-02-22 11:31:05 +01:00
Tobias Brunner 550bd654a7 vici: Don't fall back to uninstalling traps if a matching shunt was found 
This is different if `ike` and `child` are provided and uninstall()
fails as we call that without knowing whether a matching shunt exists.
But if `ike` is not provided we explicitly search for a matching shunt
and if found don't need to look for a trap policy.
 2017-03-23 18:29:18 +01:00
Tobias Brunner 808472c9f9 vici: Add command to initiate SA rekeying 2017-02-16 19:24:08 +01:00
Tobias Brunner 7627f5f9c7 vici: Explicitly use peer name when uninstalling trap and shunt policies 
Also adds an `ike` parameter to the `uninstall` command.
 2017-02-16 19:24:07 +01:00
Tobias Brunner 7a0fdbab42 shunt-manager: Add an optional namespace for each shunt 
This will allow us to reuse the names of child configs e.g. when they
are defined in different connections.
 2017-02-16 19:24:07 +01:00
Tobias Brunner 83bf6db303 vici: Reload loggers after reloading strongswan.conf via reload-setting command 2017-01-25 14:58:12 +01:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner c13eb73719 vici: Don't redirect all SAs if no selectors are given 
This avoid confusion and redirecting all SAs can now easily be done
explicitly (e.g. peer_ip=0.0.0.0/0).
 2016-03-04 16:03:00 +01:00
Tobias Brunner 27074f3155 vici: Match subnets and ranges against peer IP in redirect command 2016-03-04 16:03:00 +01:00
Tobias Brunner bef4518de7 vici: Match identity with wildcards against remote ID in redirect command 2016-03-04 16:02:59 +01:00
Tobias Brunner 43b46b26ea vici: Add redirect command 
This allows redirecting IKE_SAs by multiple different selectors, if none
are given all SAs are redirected.
 2016-03-04 16:02:59 +01:00
Martin Willi eaca77d03e vici: Honor an optionally passed IKE configuration name in initiate/install 
If two IKE configurations have CHILD configurations with the same name,
we have no control about the CHILD_SA that actually gets controlled. The
new "ike" parameter specifies the peer config name to find the "child" config
under.
 2015-12-07 10:28:45 +01:00
Martin Willi 5e79ae2d65 vici: Support completely asynchronous initiating and termination 
In some situations the vici client is not interested in waiting for a
timeout at all, so don't register a logging callback if the timeout argument
is negative.
 2015-12-07 10:28:45 +01:00
Tobias Brunner 256e666d22 vici: Optionally check limits when initiating connections 
If the init-limits parameter is set (disabled by default) init limits
will be checked and might prevent new SAs from getting initiated.
 2015-08-21 18:21:13 +02:00
Tobias Brunner ff0abde9ed controller: Optionally adhere to init limits also when initiating IKE_SAs 2015-08-21 18:21:13 +02:00
Tobias Brunner 6967948241 Initialize variables that some compilers seem to warn about 2015-08-13 15:12:38 +02:00
Martin Willi 971a91685d controller: Use the CHILD_SA unique_id to terminate CHILD_SAs 2015-02-20 13:34:50 +01:00
Martin Willi 455e213cb0 vici: Add a command to reload strongswan.conf 2014-09-22 13:44:27 +02:00
Martin Willi bc006ac1f4 vici: Return number of matching and closed SAs in terminate command 2014-05-07 14:13:38 +02:00
Martin Willi 2676ffdb9f vici: Be less verbose about client connections 
Instead, log the explicit commands at a higher level.
 2014-05-07 14:13:37 +02:00
Martin Willi 5c6e81dcf8 vici: Add install/uninstall commands to manage trap and shunt policies 2014-05-07 14:13:36 +02:00
Martin Willi 550f3f5646 vici: Extract CHILD_SA config lookup method 2014-05-07 14:13:36 +02:00
Martin Willi 3b5808a0f6 vici: Avoid recursive control log invocations 2014-05-07 14:13:35 +02:00
Martin Willi c7d4dad66d vici: Implement a terminate command to close IKE or CHILD_SAs 2014-05-07 14:13:35 +02:00
Martin Willi 5f95657c65 vici: Add a control backend, currently to initiate connections by name 2014-05-07 14:13:35 +02:00