Tobias Brunner
434e530f75
ipsec_types: Add utility function to parse mark_t from strings
2013-10-11 15:32:44 +02:00
Martin Willi
25f74be8f9
starter: Remove obsolete 'auth' option
2013-10-11 10:15:21 +02:00
Tobias Brunner
517823b466
starter: Properly refer to the ipsec script if it was renamed
2013-07-22 18:00:19 +02:00
Adrian-Ken Rueegsegger
4dc3ef94a1
starter: Make daemon name configurable
...
A daemon can be specified using the '--daemon' command line parameter. This
tells starter to invoke a daemon other than 'charon'.
Additionally the ipsec script uses the environment variable DAEMON_NAME to tell
the starter which daemon to use.
2013-03-19 15:23:45 +01:00
Martin Willi
0e7ef7f522
Optionally support port ranges in leftprotoport
2013-02-21 11:52:33 +01:00
Martin Willi
fd658bce28
Support %opaque keyword in leftprotoport for "opaque" ports
2013-02-21 11:52:33 +01:00
Martin Willi
cd41b951ee
Pass complete port range over stroke interface for more flexibility
2013-02-21 11:52:33 +01:00
Tobias Brunner
e74f184cb4
Remove MODP groups from default ESP proposal
...
This now actually makes pfs=no the default and it equals the default
listed in ipsec.conf.5. efc69e9f
preserved the default of pfs=yes.
2012-10-24 16:09:42 +02:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
23b4d3a52f
starter: Allow %any also for protocol in left|rightprotoport
2012-09-12 16:53:45 +02:00
Martin Willi
96c2b3cf89
Support multiple addresses/pools in left/rightsourceip
2012-08-30 16:43:42 +02:00
Martin Willi
da646ab94a
Remove unused ipsec.conf left/rightnatip keyword
2012-08-21 09:38:01 +02:00
Tobias Brunner
21d8392041
starter: Restore original config in case also= is used (which reads the same values)
2012-08-16 16:45:11 +02:00
Tobias Brunner
f102c5f341
Mask the configured mark value to ensure it is in range
2012-06-26 12:50:58 +02:00
Tobias Brunner
31bcaf604a
starter: Fixed parsing of %defaultroute.
2012-06-15 10:46:56 +02:00
Tobias Brunner
25fb9d3f4a
starter: Print additional help texts for selected deprecated keywords.
2012-06-12 16:15:03 +02:00
Tobias Brunner
9707d9db79
starter: Improved how deprecated keywords are handled.
...
We only throw a warning now instead of rejecting the config.
2012-06-12 16:15:03 +02:00
Tobias Brunner
5c7a219804
Revert "starter: Don't treat unsupported keywords as fatal errors just report them."
...
This reverts commit e55876a657
.
2012-06-12 16:15:03 +02:00
Tobias Brunner
e7c01bed49
starter: Fixed parsing of left|right=%any.
2012-06-12 10:16:51 +02:00
Tobias Brunner
3e2ff81e5d
starter: Removed all unsupported keywords.
2012-06-11 17:33:32 +02:00
Tobias Brunner
e55876a657
starter: Don't treat unsupported keywords as fatal errors just report them.
2012-06-11 17:33:32 +02:00
Tobias Brunner
fff4b74db2
Bye bye Pluto!
...
Charon will take over IKEv1 duties from here. This also removes
libfreeswan and whack.
2012-06-11 17:33:32 +02:00
Tobias Brunner
ee3026a1e2
starter: Remove all ties to pluto/libfreeswan.
...
Moved some types/constants in the process.
2012-06-11 17:33:32 +02:00
Tobias Brunner
5b09310e67
starter: Use custom type for SA specific options (flags).
2012-06-11 17:33:31 +02:00
Tobias Brunner
29906e0eab
starter: Parse left|rightprotoport directly in confread.c.
2012-06-11 17:33:31 +02:00
Tobias Brunner
eca839b0a7
starter: No special handling for left|rightsubnet, just pass it on as string.
2012-06-11 17:33:31 +02:00
Tobias Brunner
6ce841b213
starter: Use host_t to parse left|rightsourceip.
...
Also for the yet unused natip option.
2012-06-11 17:33:31 +02:00
Tobias Brunner
0ac29be793
starter: Remove left|rightsubnetwithin option (charon narrows left|rightsubnet down accordingly).
2012-06-11 17:33:31 +02:00
Tobias Brunner
8dd094e185
starter: Don't resolve any addresses in starter.
...
Also removed remains of some unknown iface option.
2012-06-11 17:33:31 +02:00
Tobias Brunner
efc69e9f38
starter: Removed pfs and pfsgroup options (handled via esp option).
2012-06-11 17:33:31 +02:00
Tobias Brunner
6d065f14ae
starter: Store mode of the IPsec SA/policy in a separate member.
2012-06-11 17:33:30 +02:00
Tobias Brunner
f82365ad27
starter: Use custom type to mark seen keywords.
2012-06-11 17:33:30 +02:00
Tobias Brunner
57323f6259
starter: Remove left|rightnexthop option.
...
Charon does this lookup dynamically.
2012-06-11 17:33:30 +02:00
Tobias Brunner
7cce0e96f2
starter: Replaced all usages of clone_str() with strdupnull().
2012-06-11 17:33:30 +02:00
Tobias Brunner
e838c39ba9
starter: Parse authby as string.
2012-06-11 17:33:30 +02:00
Tobias Brunner
95e41fb80a
starter: Drop support for %defaultroute.
2012-06-11 17:33:29 +02:00
Tobias Brunner
163b227386
starter: Migrated logging to libstrongswan.
2012-06-11 17:33:29 +02:00
Andreas Steffen
80c5b17d1a
make IKEv1 DPD timeout configurable in charon
2012-05-17 19:49:22 +02:00
Martin Willi
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
Martin Willi
c8d46f2959
Dropped support of deprecated authby=eap and eap= options
2012-03-20 17:31:38 +01:00
Martin Willi
cf1772f685
Do not ignore configs for IKEv1 in charon anymore
2012-03-20 17:30:43 +01:00
Tobias Brunner
edad908792
Fixed compiler warnings regarding enum comparison.
...
Warnings like
comparison of unsigned expression < 0 is always false
are reported with -Wextra when enum types that are compiled to an
unsigned type (which is up to the compiler) are checked for negativity.
2011-11-25 09:40:30 +01:00
Mirko Parthey
f3da58aaa9
Fix DNS error handling for keyexchange=ike.
...
starter fails to load a connection when a peer's DNS name is temporarily
unresolvable and keyexchange=ike was specified, which defaults to IKEv2.
The connection loads just fine in case of keyexchange=ikev2.
2011-10-25 09:44:17 +02:00
Tobias Brunner
6f4eaa41a7
starter: Use automake LEX/YACC automatisms.
2011-10-10 19:31:04 +02:00
Martin Willi
40921edc38
Support resolution of "allow_any" DNS names in charon (%hostname)
2011-09-02 13:42:45 +02:00
Martin Willi
e59a50009c
starter passes unresolved DNS names to charon
...
Based on an initial patch by Mirko Parthey.
2011-08-29 09:58:18 +02:00
Tobias Brunner
45048eae23
Verify that executables are available and set (pluto|charon)start accordingly.
...
Some distributions enable both daemons but then distribute the
executables in two separate packages. If only one package is installed
but both daemons are enabled in ipsec.conf, starter will try to start
the non existing daemon over and over again, and will each time readd
the configs to the other daemon.
2011-08-11 13:38:05 +02:00
Andreas Steffen
f87991704e
implemented PASS and DROP shunt policies
2011-06-28 19:42:54 +02:00
Martin Willi
6c302616f1
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
2010-12-20 09:45:39 +01:00
Tobias Brunner
a0d13f42e6
starter: Some whitespace cleanup.
2010-09-02 19:04:25 +02:00