Tobias Brunner
c489c5881a
charon-nm: No additional secrets are required once a password has been entered
...
Recent versions of NM will call need_secrets() as long as it returns TRUE,
but then fail as the number of calls is limited by an assert.
Fixes #547 .
2014-03-18 14:53:40 +01:00
Tobias Brunner
54ca25800c
agent: Keep CAP_DAC_OVERRIDE to connect to ssh-agent socket
...
This is also required if charon-cmd is used with capability dropping.
2014-01-23 10:08:23 +01:00
Tobias Brunner
5ae822cfcd
nm: Handle PSK option in NM backend
2013-11-27 18:36:58 +01:00
Martin Willi
3070697f9f
ike: support multiple addresses, ranges and subnets in IKE address config
...
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
2013-09-04 10:38:37 +02:00
Martin Willi
9aeaa7396e
peer-cfg: add a pull/push mode option to use with mode config
2013-09-04 10:33:37 +02:00
Martin Willi
896abbefc5
nm: omit deprecated g_type_init() when using >= GLIB 2.36
2013-07-18 14:21:17 +02:00
Tobias Brunner
a2eb581781
capabilities: Move global capabilities_t instance to libstrongswan
2013-06-25 17:16:32 +02:00
Tobias Brunner
2e21bac19a
capabilities: Ensure required capabilities are actually held by the process/user
2013-06-25 17:16:32 +02:00
Tobias Brunner
1b33e6c4ca
charon-nm: Add dependencies to CERT_DECODE and PRIVKEY plugin features
...
This ensures the NM-specific credential set is unloaded before any
implementation of certificate/key objects, which causes a segmentation
fault during shutdown.
2013-03-19 16:25:26 +01:00
Tobias Brunner
3651c8dcd5
charon-nm: Prevent NM from changing the default route
...
This is not required as we install our own (narrow) route(s) in our own
routing table. This should allow split tunneling if configured on the
gateway.
2013-03-19 16:25:26 +01:00
Tobias Brunner
9cf09ecad7
charon-nm: Use VIP (if any) as local address
...
NM will install this address on the provided device.
2013-03-19 16:25:26 +01:00
Tobias Brunner
c15eea7306
charon-nm: Pass a dummy TUN device to NetworkManager
...
NetworkManager modifies the addresses etc. on this interface so using
"lo" is not optimal. With the dummy interface NM is free to do its
thing.
2013-03-19 16:25:26 +01:00
Tobias Brunner
b7645a5d30
charon-nm: Fix NM plugin utility macros
2013-03-19 16:25:26 +01:00
Martin Willi
306a269e34
Add a DSCP configuration value to IKE configs
2013-02-06 15:20:32 +01:00
Tobias Brunner
69c6a60176
g_thread_init() is deprecated since Glib 2.23
2013-01-24 19:13:40 +01:00
Tobias Brunner
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
Tobias Brunner
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
Tobias Brunner
2e7cc07ecd
Moved host_t and host_resolver_t to a new networking subfolder
2012-10-24 15:06:18 +02:00
Martin Willi
1fdd62ffce
Remove version argument on peer_cfg constructor, use ike_cfg version instead
2012-10-24 10:19:33 +02:00
Martin Willi
9fc7cc6f9b
Add IKE version information to ike_cfg_t
2012-10-24 10:18:35 +02:00
Tobias Brunner
a2a28d90ac
Make streq() and strcaseeq() static inline functions so they can be used as callbacks
2012-09-21 18:16:26 +02:00
Tobias Brunner
e6fcc172f8
Use AUTH_RULE_IDENTITY_LOOSE in NetworkManager backend
2012-09-18 14:40:40 +02:00
Martin Willi
feb8550401
Pass a list instead of a single virtual IP to attribute enumerators
2012-08-30 16:43:42 +02:00
Martin Willi
497ce2cf51
Support multiple address pools configured on a peer_cfg
2012-08-30 16:43:42 +02:00
Martin Willi
101d26babe
Support multiple virtual IPs on peer_cfg and ike_sa classes
2012-08-30 16:43:42 +02:00
Tobias Brunner
b223d517c8
Replaced usages of CHARON_*_PORT with calls to get_port().
2012-08-08 15:12:25 +02:00
Tobias Brunner
e7ea057fd2
Make the UDP ports charon listens for packets on (and uses as source ports) configurable.
2012-08-08 15:07:43 +02:00
Tobias Brunner
63ac6d00b0
Proper fallback if capability dropping is not available
2012-07-27 14:46:42 +02:00
Martin Willi
0619ddfaa4
Refactored heavily #ifdefd capability code to its own libstrongswan class
2012-07-04 11:01:40 +02:00
Martin Willi
d12635c77d
Pass "lo" as faked tundev to NM, as it now needs a valid interface since 0.9
2012-06-29 15:21:57 +02:00
Tobias Brunner
aa54ecef44
Use static plugin features in libcharon to define essential dependencies
2012-06-27 11:31:16 +02:00
Tobias Brunner
ec3b332bf8
Use static plugin features in charon-nm
2012-06-27 11:31:16 +02:00
Tobias Brunner
26d77eb3e6
Centralized thread cancellation in processor_t
...
This ensures that no threads are active when plugins and the rest of the
daemon are unloaded.
callback_job_t was simplified a lot in the process as its main
functionality is now contained in processor_t. The parent-child
relationships were abandoned as these were only needed to simplify job
cancellation.
2012-06-25 17:38:59 +02:00
Andreas Steffen
1d315bddd3
implemented the right|leftallowany feature
2012-06-08 21:24:41 +02:00
Andreas Steffen
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
Tobias Brunner
b64f333612
Integrate nm plugin directly in charon-nm.
2012-05-03 13:57:03 +02:00