c489c5881a
charon-nm: No additional secrets are required once a password has been entered
...
Recent versions of NM will call need_secrets() as long as it returns TRUE,
but then fail as the number of calls is limited by an assert.
Fixes #547 .
2014-03-18 14:53:40 +01:00
1c306c0ee9
libcharon: Remove unused charon->name
2014-02-12 14:34:33 +01:00
10c4f4e1fd
libhydra: Remove unused hydra->daemon
2014-02-12 14:34:32 +01:00
34d3bfcf14
lib: Add global config namespace
2014-02-12 14:34:31 +01:00
54ca25800c
agent: Keep CAP_DAC_OVERRIDE to connect to ssh-agent socket
...
This is also required if charon-cmd is used with capability dropping.
2014-01-23 10:08:23 +01:00
5ae822cfcd
nm: Handle PSK option in NM backend
2013-11-27 18:36:58 +01:00
3070697f9f
ike: support multiple addresses, ranges and subnets in IKE address config
...
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
2013-09-04 10:38:37 +02:00
9aeaa7396e
peer-cfg: add a pull/push mode option to use with mode config
2013-09-04 10:33:37 +02:00
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
896abbefc5
nm: omit deprecated g_type_init() when using >= GLIB 2.36
2013-07-18 14:21:17 +02:00
68b7448eab
capabilities: Make the user and group charon(-nm) changes to configurable
2013-06-25 17:16:33 +02:00
a2eb581781
capabilities: Move global capabilities_t instance to libstrongswan
2013-06-25 17:16:32 +02:00
2e21bac19a
capabilities: Ensure required capabilities are actually held by the process/user
2013-06-25 17:16:32 +02:00
607f8e9906
plugin-loader: Add method to print loaded plugins on a given log level
2013-06-21 15:17:53 +02:00
1b33e6c4ca
charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin features
...
This ensures the NM-specific credential set is unloaded before any
implementation of certificate/key objects, which causes a segmentation
fault during shutdown.
2013-03-19 16:25:26 +01:00
3651c8dcd5
charon-nm: Prevent NM from changing the default route
...
This is not required as we install our own (narrow) route(s) in our own
routing table. This should allow split tunneling if configured on the
gateway.
2013-03-19 16:25:26 +01:00
9cf09ecad7
charon-nm: Use VIP (if any) as local address
...
NM will install this address on the provided device.
2013-03-19 16:25:26 +01:00
c15eea7306
charon-nm: Pass a dummy TUN device to NetworkManager
...
NetworkManager modifies the addresses etc. on this interface so using
"lo" is not optimal. With the dummy interface NM is free to do its
thing.
2013-03-19 16:25:26 +01:00
b7645a5d30
charon-nm: Fix NM plugin utility macros
2013-03-19 16:25:26 +01:00
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
69c6a60176
g_thread_init() is deprecated since Glib 2.23
2013-01-24 19:13:40 +01:00
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
a2a28d90ac
Make streq() and strcaseeq() static inline functions so they can be used as callbacks
2012-09-21 18:16:26 +02:00
af16b5afb0
Use random ports in NetworkManager backend
2012-09-18 14:57:05 +02:00
e6fcc172f8
Use AUTH_RULE_IDENTITY_LOOSE in NetworkManager backend
2012-09-18 14:40:40 +02:00
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
b223d517c8
Replaced usages of CHARON_*_PORT with calls to get_port().
2012-08-08 15:12:25 +02:00
e7ea057fd2
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
2012-08-08 15:07:43 +02:00
63ac6d00b0
Proper fallback if capability dropping is not available
2012-07-27 14:46:42 +02:00
0619ddfaa4
Refactored heavily #ifdefd capability code to its own libstrongswan class
2012-07-04 11:01:40 +02:00
ce938e5cfa
Add charon-nm to .gitignore
2012-07-03 17:41:14 +02:00
d12635c77d
Pass "lo" as faked tundev to NM, as it now needs a valid interface since 0.9
2012-06-29 15:21:57 +02:00
aa54ecef44
Use static plugin features in libcharon to define essential dependencies
2012-06-27 11:31:16 +02:00
ec3b332bf8
Use static plugin features in charon-nm
2012-06-27 11:31:16 +02:00
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
1d315bddd3
implemented the right|leftallowany feature
2012-06-08 21:24:41 +02:00
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
18758e3d2e
Store the name of the binary using libcharon to enable specific settings.
2012-05-03 13:57:04 +02:00
b64f333612
Integrate nm plugin directly in charon-nm.
2012-05-03 13:57:03 +02:00
1c7a733e36
Added a small libcharon wrapper intended to directly host the nm plugin.
...
For this reason it reclaims the --enable-nm configure option.
2012-05-03 13:38:14 +02:00
Tobias Brunner