1044710b04
implemented periodic IF-MAP RenewSession request
2013-04-03 21:38:04 +02:00
96ad2b17b0
Updated strongswan.conf(5) man page
2013-04-01 16:56:47 +02:00
0cf4dc53c7
updated strongswan.conf man page for tn_ifmap plugin
2013-03-31 19:05:53 +02:00
e82deaf6ce
Merge branch 'multi-cert'
...
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
2013-03-01 11:35:32 +01:00
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
0abeac3a0b
Document ipsec.conf leftprotoport extensions in manpage
2013-02-21 11:52:33 +01:00
f2145c8d3a
Moved configuration from resolver manager to unbound plugin
...
Also streamlined log messages in unbound plugin.
2013-02-19 12:25:00 +01:00
932717fbde
ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf
2013-02-19 12:25:00 +01:00
e212033ef2
Merge branch 'ike-dscp'
2013-02-14 17:11:35 +01:00
88f4cd3988
Add ikedscp documentation to ipsec.conf.5
2013-02-06 15:42:14 +01:00
9d9410e7b9
Typo in strongswan.conf(5) man page fixed
2013-01-31 11:52:11 +01:00
c186b3940a
Documented new options in strongswan.conf(5) man page
2013-01-25 20:22:20 +01:00
11a7abf554
Add ipsec.conf.5 updates regarding multiple certificates in leftcert
2013-01-18 09:33:15 +01:00
ee6902ef7f
Added an option to configure the maximum size of a fragment
2013-01-12 11:54:58 +01:00
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
2f62bb1549
Add an option to en-/disable IKE fragmentation
...
Fragments are always accepted but will not be sent if disabled. The
vendor ID is only sent if the option is enabled.
2012-12-24 12:29:31 +01:00
133fb74841
add dlcose strongswan.conf option to tnc-imc/tnc-imv plugins
2012-12-09 19:40:13 +01:00
742722e2f5
updated strongswan.conf man page
2012-11-12 10:45:38 +01:00
ffd3556bad
scanner imc/imv pair uses IETF VPN PA-TNC message subtype
2012-10-31 21:58:21 +01:00
3689f0f6cc
FQDNs are actually not resolved when loading secrets
2012-10-29 10:06:43 +01:00
2380f3a830
Added documentation for NTLM secrets
2012-10-25 09:51:47 +02:00
cd844e1c97
Remove obsolete pluto smartcard syntax in ipsec.secrets.5
2012-10-24 13:07:53 +02:00
f6d8fb3687
Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcards
2012-10-24 13:07:53 +02:00
05e266ea9d
Add leftcert ipsec.conf.5 documentation about smartcard certificates
2012-10-24 13:07:53 +02:00
5b2e669ba2
Add ipsec.conf.5 documentation for explicit PRFs in IKE proposals
2012-10-24 11:49:37 +02:00
3c4d383443
Added an option to reload certificates from PKCS#11 tokens on SIGHUP
2012-10-18 14:42:09 +02:00
b4f6c39e55
Terminate unused resolver threads after a timeout
2012-10-18 12:26:00 +02:00
6ab1502519
implemented os_info_t class
2012-10-10 21:54:21 +02:00
358104a47f
Added description for flush_auth_cfg and acct_port plus some minor editorial changes
2012-09-25 12:22:05 +02:00
31990a19cc
Documentation about some time values clarified
2012-09-24 16:02:03 +02:00
e8e9048fee
Added an option to configure the interface on which virtual IP addresses are installed
2012-09-21 18:16:26 +02:00
9513225e6b
Added options and a lookup function that will allow filtering of network interfaces
2012-09-21 18:16:26 +02:00
55f126fd55
Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with Unity
2012-09-18 17:17:48 +02:00
b7a500e985
Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>
2012-09-18 14:40:41 +02:00
bc6ec4de73
Option added to enforce a configured destination address for DHCP packets
2012-09-13 10:59:24 +02:00
629cdca82c
Updates to strongswan.conf(5) man page (added several missing options)
2012-09-12 16:53:45 +02:00
72970b458d
Some updates to ipsec.conf(5) man page
2012-09-12 16:53:45 +02:00
f4cc7ea11b
Add uniqueids=never to ignore INITIAL_CONTACT notifies
...
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received. With this new option
it also ignores these notifies.
2012-09-10 17:37:18 +02:00
c51af950b1
Add random plugin options to strongswan.conf.5
2012-09-10 17:07:51 +02:00
3b51f34040
added libimcv.assessment_result to strongswan.conf man page
2012-09-09 23:50:32 +02:00
1323dc1138
Merge branch 'multi-vip'
...
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
2012-08-31 12:55:56 +02:00
5f6ef5d5ce
Documentation for eap-dynamic added
2012-08-31 11:42:03 +02:00
26bc695806
Updated ipsec.conf.5 with multiple left/rightsourceip support
2012-08-30 16:43:45 +02:00
c60f1da424
Add a description of the leftdns option to ipsec.conf.5
2012-08-21 09:38:01 +02:00
e4ef4c9877
Merge branch 'android-ndk'
...
This branch comes with some preliminary changes for the user-land IPsec
implementation and the Android App.
One important change is that the UDP ports used by the socket-default plugin
were made configurable (either via ./configure or strongswan.conf).
Also, the plugin does randomly allocate a port if it is configured to 0,
which is useful for client implementations. A consequence of these
changes is that the local UDP port used when creating ike_cfg_t objects has
to be fetched from the socket.
2012-08-13 10:45:39 +02:00
9ede42e112
Documentation fixes regarding xauth-pam/eap-gtc plugins
2012-08-11 16:05:05 +02:00
da21793679
make max_message_size parameter consistent with similar options
2012-08-09 14:11:08 +02:00
6fbf4472ea
Added option to prevent socket-default from setting the source address on outbound packets
2012-08-08 15:39:07 +02:00
224ab4c59b
socket-default plugin allocates random ports if configured to 0.
...
Also added strongswan.conf options to change the ports.
2012-08-08 15:30:27 +02:00
56d07af3be
Added ESP log group for libipsec log messages.
2012-08-08 15:12:25 +02:00
162621ed57
Moved Android specific logger to separate plugin.
...
This is mainly because the other parts of the existing android plugin
can not be built in the NDK (access to keystore and system properties are
not part of the stable NDK libraries).
2012-08-08 15:07:43 +02:00
46df61dff7
Add an ipsec.conf leftgroups2 parameter for the second authentication round
2012-07-26 11:51:58 +02:00
be735f0148
added PA-TNC max_msg_len option to man page
2012-07-13 11:02:23 +02:00
d7dcbc95a9
make maximum PB-TNC batch size configurable
2012-07-11 17:09:05 +02:00
c8aabefd08
added charon.plugins.eap-tnc.protocol option
2012-07-11 17:09:05 +02:00
4492ffc907
EAP-TNC does not support fragmentation
2012-07-11 17:09:04 +02:00
87efdef35b
configure size of ITA Dummy PA-TNC attribute
2012-07-11 17:09:04 +02:00
3bd452f8f3
max_message_count = 0 disables limit
2012-07-11 17:09:04 +02:00
66e12b926e
Some updates in ipsec.conf(5) for 5.0.0
2012-06-26 12:39:53 +02:00
c38d6905a2
added charon.cisco_unity to strongswan.conf.5 man page
2012-06-25 11:47:40 +02:00
2045a9d36d
added secret as valid authby argument
2012-06-18 22:11:18 +02:00
7c4214bd38
Add documentation for signature hash algorithm enforcing to man ipsec.conf
2012-06-12 15:01:39 +02:00
95e41fb80a
starter: Drop support for %defaultroute.
2012-06-11 17:33:29 +02:00
60c82591c5
Retry IKE_SA initiation if DNS resolution failed.
...
This is disabled by default and can be enabled with the
charon.retry_initiate_interval option in strongswan.conf.
2012-05-30 15:32:52 +02:00
18dac73f02
Updated ipsec.conf(5) to reflect changes to IPComp support.
2012-05-24 15:32:28 +02:00
b24be29646
Merge branch 'ikev1'
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
2012-05-02 11:12:31 +02:00
13de38e354
Documented strongswan.conf options for radattr plugin.
2012-05-01 13:32:43 +02:00
5895c2e948
Option added to set identifier for syslog(3) logging.
...
This identifier is added to each log message by syslog.
2012-04-20 09:26:12 +02:00
0293f09597
updated supported EAP methods
2012-03-30 11:15:10 +02:00
ed2cab08d2
Make resolvconf interface prefix configurable.
2012-03-27 10:44:21 +02:00
b1f2f05c92
Merge branch 'ikev1-clean' into ikev1-master
...
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/daemon.c
src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
src/libcharon/plugins/eap_radius/eap_radius_accounting.c
src/libcharon/plugins/eap_radius/eap_radius_forward.c
src/libcharon/plugins/farp/farp_listener.c
src/libcharon/sa/ike_sa.c
src/libcharon/sa/keymat.c
src/libcharon/sa/task_manager.c
src/libcharon/sa/trap_manager.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/utils.h
Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
2012-03-20 17:57:53 +01:00
75e3d90d43
Updated ipsec.conf man page for the use of IKEv1 with pluto
2012-03-20 17:31:39 +01:00
c8d46f2959
Dropped support of deprecated authby=eap and eap= options
2012-03-20 17:31:38 +01:00
f673958e59
added the strongswan.conf options of the tnc-pdp plugin
2012-03-16 11:14:40 +01:00
e01751035e
completed imc/imv-attestation settings
2012-02-07 22:11:51 +01:00
9ec66bc1a5
Added an option to load CA certificates without CA basic constraint.
...
Enabling this option treats all certificates in ipsec.d/cacerts and
ipsec.conf ca sections as CA certificates even if they do not contain a
CA basic constraint.
2012-02-01 14:34:52 +01:00
503dee4d2f
Added RADIUS accounting option to strongswan.conf manual
2012-02-01 11:35:13 +01:00
7c0c2349a9
Make number of concurrently handled stroke messages configurable.
2011-12-29 18:41:39 +01:00
54d096a712
Added ASN debug group to log low-level encoding/decoding (ASN.1, X.509).
...
This will allow us to remove quite some clutter from the LIB debug group
for higher debug levels.
2011-12-16 16:44:38 +01:00
49b44c98c1
Charon also supports type=passthrough|drop.
2011-12-14 19:01:39 +01:00
b768d6a4a5
Documented xauth_identity in ipsec.conf(5) man page.
2011-12-14 18:04:39 +01:00
6d4c6b8f41
Documented binary secrets in ipsec.secrets(5) man page.
2011-12-14 17:46:27 +01:00
15b3dc5b26
added libimcv.plugins.imc-attestation.aik_blob parameter
2011-12-11 22:03:43 +01:00
63179fd459
upgraded Test IMC/IMV pair to fully support multple IMC IDs
2011-12-11 22:01:49 +01:00
53e2fc690e
pkcs11: Documented use_pubkey option in strongswan.conf(5).
2011-11-03 18:36:34 +01:00
1a9e3e0147
pkcs11: Documented new options in strongswan.conf(5).
2011-10-31 18:50:10 +01:00
f0a8bf47f7
refactored TNC framework
2011-10-25 01:10:16 +02:00
848a36fed7
starter.load documented in strongswan.conf(5) man page.
2011-10-21 17:30:39 +02:00
de13eab0e6
Documented the strict flag (!) for ike and esp options in ipsec.conf.
2011-09-26 17:51:53 +02:00
7213abcbfb
PTS log group documented in man pages.
2011-09-12 15:07:20 +02:00
5b217e4994
Document charon's default log levels in ipsec.conf(5).
2011-09-12 15:07:20 +02:00
f7a98122ea
added strongswan.conf attributes for attestation IMC/IMV
2011-09-08 12:08:17 +02:00
a4541f1d20
added tnc-ifmap.ssl_passphrase to strongswan.conf
2011-09-02 06:38:39 +02:00
49c03672a3
updated strongswan.conf
2011-08-12 18:11:32 +02:00
535798cfe3
added tnc-ifmap attributes to manpage
2011-08-10 15:58:18 +02:00
45945fa137
Added tnc, imc, imv debug message groups to man page.
2011-07-26 09:38:13 +02:00
4f3ca916c5
Documentation about job priorities added to man page.
...
Also includes docs about IKE_SA_INIT dropping.
2011-07-21 16:17:08 +02:00
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
355728110a
Added missing load-tester options to man page.
2011-07-18 19:01:18 +02:00
Andreas Steffen