ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
12,429 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

108 Commits

Author SHA1 Message Date
Tobias Brunner 434e530f75 ipsec_types: Add utility function to parse mark_t from strings 2013-10-11 15:32:44 +02:00
Martin Willi 25f74be8f9 starter: Remove obsolete 'auth' option 2013-10-11 10:15:21 +02:00
Tobias Brunner 517823b466 starter: Properly refer to the ipsec script if it was renamed 2013-07-22 18:00:19 +02:00
Adrian-Ken Rueegsegger 4dc3ef94a1 starter: Make daemon name configurable 
A daemon can be specified using the '--daemon' command line parameter. This
tells starter to invoke a daemon other than 'charon'.

Additionally the ipsec script uses the environment variable DAEMON_NAME to tell
the starter which daemon to use.
 2013-03-19 15:23:45 +01:00
Martin Willi 0e7ef7f522 Optionally support port ranges in leftprotoport 2013-02-21 11:52:33 +01:00
Martin Willi fd658bce28 Support %opaque keyword in leftprotoport for "opaque" ports 2013-02-21 11:52:33 +01:00
Martin Willi cd41b951ee Pass complete port range over stroke interface for more flexibility 2013-02-21 11:52:33 +01:00
Tobias Brunner e74f184cb4 Remove MODP groups from default ESP proposal 
This now actually makes pfs=no the default and it equals the default
listed in ipsec.conf.5. efc69e9f preserved the default of pfs=yes.
 2012-10-24 16:09:42 +02:00
Tobias Brunner f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Tobias Brunner 23b4d3a52f starter: Allow %any also for protocol in left|rightprotoport 2012-09-12 16:53:45 +02:00
Martin Willi 96c2b3cf89 Support multiple addresses/pools in left/rightsourceip 2012-08-30 16:43:42 +02:00
Martin Willi da646ab94a Remove unused ipsec.conf left/rightnatip keyword 2012-08-21 09:38:01 +02:00
Tobias Brunner 21d8392041 starter: Restore original config in case also= is used (which reads the same values) 2012-08-16 16:45:11 +02:00
Tobias Brunner f102c5f341 Mask the configured mark value to ensure it is in range 2012-06-26 12:50:58 +02:00
Tobias Brunner 31bcaf604a starter: Fixed parsing of %defaultroute. 2012-06-15 10:46:56 +02:00
Tobias Brunner 25fb9d3f4a starter: Print additional help texts for selected deprecated keywords. 2012-06-12 16:15:03 +02:00
Tobias Brunner 9707d9db79 starter: Improved how deprecated keywords are handled. 
We only throw a warning now instead of rejecting the config.
 2012-06-12 16:15:03 +02:00
Tobias Brunner 5c7a219804 Revert "starter: Don't treat unsupported keywords as fatal errors just report them." 
This reverts commit e55876a657.
 2012-06-12 16:15:03 +02:00
Tobias Brunner e7c01bed49 starter: Fixed parsing of left|right=%any. 2012-06-12 10:16:51 +02:00
Tobias Brunner 3e2ff81e5d starter: Removed all unsupported keywords. 2012-06-11 17:33:32 +02:00
Tobias Brunner e55876a657 starter: Don't treat unsupported keywords as fatal errors just report them. 2012-06-11 17:33:32 +02:00
Tobias Brunner fff4b74db2 Bye bye Pluto! 
Charon will take over IKEv1 duties from here.  This also removes
libfreeswan and whack.
 2012-06-11 17:33:32 +02:00
Tobias Brunner ee3026a1e2 starter: Remove all ties to pluto/libfreeswan. 
Moved some types/constants in the process.
 2012-06-11 17:33:32 +02:00
Tobias Brunner 5b09310e67 starter: Use custom type for SA specific options (flags). 2012-06-11 17:33:31 +02:00
Tobias Brunner 29906e0eab starter: Parse left|rightprotoport directly in confread.c. 2012-06-11 17:33:31 +02:00
Tobias Brunner eca839b0a7 starter: No special handling for left|rightsubnet, just pass it on as string. 2012-06-11 17:33:31 +02:00
Tobias Brunner 6ce841b213 starter: Use host_t to parse left|rightsourceip. 
Also for the yet unused natip option.
 2012-06-11 17:33:31 +02:00
Tobias Brunner 0ac29be793 starter: Remove left|rightsubnetwithin option (charon narrows left|rightsubnet down accordingly). 2012-06-11 17:33:31 +02:00
Tobias Brunner 8dd094e185 starter: Don't resolve any addresses in starter. 
Also removed remains of some unknown iface option.
 2012-06-11 17:33:31 +02:00
Tobias Brunner efc69e9f38 starter: Removed pfs and pfsgroup options (handled via esp option). 2012-06-11 17:33:31 +02:00
Tobias Brunner 6d065f14ae starter: Store mode of the IPsec SA/policy in a separate member. 2012-06-11 17:33:30 +02:00
Tobias Brunner f82365ad27 starter: Use custom type to mark seen keywords. 2012-06-11 17:33:30 +02:00
Tobias Brunner 57323f6259 starter: Remove left|rightnexthop option. 
Charon does this lookup dynamically.
 2012-06-11 17:33:30 +02:00
Tobias Brunner 7cce0e96f2 starter: Replaced all usages of clone_str() with strdupnull(). 2012-06-11 17:33:30 +02:00
Tobias Brunner e838c39ba9 starter: Parse authby as string. 2012-06-11 17:33:30 +02:00
Tobias Brunner 95e41fb80a starter: Drop support for %defaultroute. 2012-06-11 17:33:29 +02:00
Tobias Brunner 163b227386 starter: Migrated logging to libstrongswan. 2012-06-11 17:33:29 +02:00
Andreas Steffen 80c5b17d1a make IKEv1 DPD timeout configurable in charon 2012-05-17 19:49:22 +02:00
Martin Willi b1f2f05c92 Merge branch 'ikev1-clean' into ikev1-master 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/daemon.c
	src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
	src/libcharon/plugins/eap_radius/eap_radius_accounting.c
	src/libcharon/plugins/eap_radius/eap_radius_forward.c
	src/libcharon/plugins/farp/farp_listener.c
	src/libcharon/sa/ike_sa.c
	src/libcharon/sa/keymat.c
	src/libcharon/sa/task_manager.c
	src/libcharon/sa/trap_manager.c
	src/libstrongswan/plugins/x509/x509_cert.c
	src/libstrongswan/utils.h

Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
 2012-03-20 17:57:53 +01:00
Martin Willi c8d46f2959 Dropped support of deprecated authby=eap and eap= options 2012-03-20 17:31:38 +01:00
Martin Willi cf1772f685 Do not ignore configs for IKEv1 in charon anymore 2012-03-20 17:30:43 +01:00
Tobias Brunner edad908792 Fixed compiler warnings regarding enum comparison. 
Warnings like

  comparison of unsigned expression < 0 is always false

are reported with -Wextra when enum types that are compiled to an
unsigned type (which is up to the compiler) are checked for negativity.
 2011-11-25 09:40:30 +01:00
Mirko Parthey f3da58aaa9 Fix DNS error handling for keyexchange=ike. 
starter fails to load a connection when a peer's DNS name is temporarily
unresolvable and keyexchange=ike was specified, which defaults to IKEv2.
The connection loads just fine in case of keyexchange=ikev2.
 2011-10-25 09:44:17 +02:00
Tobias Brunner 6f4eaa41a7 starter: Use automake LEX/YACC automatisms. 2011-10-10 19:31:04 +02:00
Martin Willi 40921edc38 Support resolution of "allow_any" DNS names in charon (%hostname) 2011-09-02 13:42:45 +02:00
Martin Willi e59a50009c starter passes unresolved DNS names to charon 
Based on an initial patch by Mirko Parthey.
 2011-08-29 09:58:18 +02:00
Tobias Brunner 45048eae23 Verify that executables are available and set (pluto|charon)start accordingly. 
Some distributions enable both daemons but then distribute the
executables in two separate packages.  If only one package is installed
but both daemons are enabled in ipsec.conf, starter will try to start
the non existing daemon over and over again, and will each time readd
the configs to the other daemon.
 2011-08-11 13:38:05 +02:00
Andreas Steffen f87991704e implemented PASS and DROP shunt policies 2011-06-28 19:42:54 +02:00
Martin Willi 6c302616f1 Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality 2010-12-20 09:45:39 +01:00
Tobias Brunner a0d13f42e6 starter: Some whitespace cleanup. 2010-09-02 19:04:25 +02:00