ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
12,428 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

111 Commits

Author SHA1 Message Date
Martin Willi a07b97e804 starter: Add an 'ah' keyword for Authentication Header Security Associations 2013-10-11 10:15:20 +02:00
Tobias Brunner a2cebbe674 starter: Don't ignore keyingtries with rekey=no 
Since keyingtries also affects the number of retries initially or when
reestablishing an SA it should not be affected by the rekey option.

Fixes #418.
 2013-09-26 10:17:48 +02:00
Martin Willi 2bae838d5e stroke: re-enable modeconfig keyword 2013-09-04 10:33:38 +02:00
Martin Willi a36b49f3cb Merge branch 'opaque-ports' 
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
 2013-03-01 11:27:12 +01:00
Martin Willi cd41b951ee Pass complete port range over stroke interface for more flexibility 2013-02-21 11:52:33 +01:00
Martin Willi 7fbe516f88 Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets 2013-02-06 15:36:36 +01:00
Tobias Brunner 365d9a6f67 Added an option that allows to force IKEv1 fragmentation 2013-01-12 11:54:32 +01:00
Tobias Brunner 97973f8609 Use a connection specific option to en-/disable IKEv1 fragmentation 2012-12-24 13:00:01 +01:00
Tobias Brunner f05b427265 Moved debug.[ch] to utils folder 2012-10-24 16:00:51 +02:00
Tobias Brunner 9e730ef9df Starter unroutes removed or changed connections before loading and routing new ones 2012-10-18 14:42:11 +02:00
Martin Willi 96c2b3cf89 Support multiple addresses/pools in left/rightsourceip 2012-08-30 16:43:42 +02:00
Martin Willi 17319aa28d Add a left/rightdns keyword to configure connection specific DNS attributes 2012-08-21 09:38:00 +02:00
Martin Willi 46df61dff7 Add an ipsec.conf leftgroups2 parameter for the second authentication round 2012-07-26 11:51:58 +02:00
Tobias Brunner ee3026a1e2 starter: Remove all ties to pluto/libfreeswan. 
Moved some types/constants in the process.
 2012-06-11 17:33:32 +02:00
Tobias Brunner 5b09310e67 starter: Use custom type for SA specific options (flags). 2012-06-11 17:33:31 +02:00
Tobias Brunner eca839b0a7 starter: No special handling for left|rightsubnet, just pass it on as string. 2012-06-11 17:33:31 +02:00
Tobias Brunner 8dd094e185 starter: Don't resolve any addresses in starter. 
Also removed remains of some unknown iface option.
 2012-06-11 17:33:31 +02:00
Tobias Brunner 6d065f14ae starter: Store mode of the IPsec SA/policy in a separate member. 2012-06-11 17:33:30 +02:00
Tobias Brunner e838c39ba9 starter: Parse authby as string. 2012-06-11 17:33:30 +02:00
Tobias Brunner 163b227386 starter: Migrated logging to libstrongswan. 2012-06-11 17:33:29 +02:00
Andreas Steffen 1d315bddd3 implemented the right|leftallowany feature 2012-06-08 21:24:41 +02:00
Andreas Steffen 80c5b17d1a make IKEv1 DPD timeout configurable in charon 2012-05-17 19:49:22 +02:00
Martin Willi 9e25007646 Explicitly cast from strict_t to crl_policy_t 2012-05-14 14:11:54 +02:00
Martin Willi b24be29646 Merge branch 'ikev1' 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/encoding/generator.c
	src/libcharon/encoding/payloads/notify_payload.c
	src/libcharon/encoding/payloads/notify_payload.h
	src/libcharon/encoding/payloads/payload.c
	src/libcharon/network/receiver.c
	src/libcharon/sa/authenticator.c
	src/libcharon/sa/authenticator.h
	src/libcharon/sa/ikev2/tasks/ike_init.c
	src/libcharon/sa/task_manager.c
	src/libstrongswan/credentials/auth_cfg.c
 2012-05-02 11:12:31 +02:00
Andreas Steffen 5f1931ada1 added support for raw RSA public keys to stroke 2012-04-30 00:31:42 +02:00
Martin Willi c791def8c1 Added support for authby/xauth_server legacy options 2012-03-20 17:31:38 +01:00
Martin Willi e129168ba6 Added a "aggressive" ipsec.conf connection option 2012-03-20 17:31:34 +01:00
Martin Willi d94c923648 Support an "any" IKE version for both IKEv1 or IKEv2 2012-03-20 17:31:25 +01:00
Martin Willi 21a4fc832e Pass ipsec.conf xauth_identity option via stroke to charon configurations 2012-03-20 17:31:23 +01:00
Martin Willi e59a50009c starter passes unresolved DNS names to charon 
Based on an initial patch by Mirko Parthey.
 2011-08-29 09:58:18 +02:00
Andreas Steffen f87991704e implemented PASS and DROP shunt policies 2011-06-28 19:42:54 +02:00
Martin Willi f34ebc845b Add a closeaction ipsec.conf keyword to configure close action 2011-06-07 12:07:21 +02:00
Tobias Brunner bac28c73ed starter_conn_t.id is an unsigned long. 2011-04-14 18:10:27 +02:00
Martin Willi 6367de28ad Added a left/rightcertpolicy keyword to specify certificatePolicy requirements 2011-01-07 15:51:35 +01:00
Martin Willi 6c302616f1 Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality 2010-12-20 09:45:39 +01:00
Andreas Steffen 0bc5547d0c *** HISTORICAL MOMENT: IKEv2 becomes the default! *** 2010-10-09 20:46:55 +02:00
Tobias Brunner 08c0d340b8 Moved ipsec_transform_t to kernel_ipsec.h in libhydra. 
Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.
 2010-09-02 19:01:25 +02:00
Martin Willi 64d7b0733f Added support for the ipsec.conf aaa_identity keyword 2010-08-31 17:52:52 +02:00
Andreas Steffen 26c4d0102a configuration of different marks for inbound and outbound direction 2010-07-09 09:06:07 +02:00
Andreas Steffen ee26c537d7 support of xfrm marks for IKEv2 2010-07-02 23:46:09 +02:00
Reto Buerki 1f83541d7b Include reqid in stroke add connection message. 2010-05-04 14:38:34 +02:00
Martin Willi 667b73721a Added left-/rightikeport ipsec.conf options to use custom IKE ports 2010-02-26 11:44:33 +01:00
Martin Willi 8015c91cb9 Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs 2010-01-27 16:05:11 +01:00
Andreas Steffen 270bb348e3 pluto now supports SQL-based virtual IP pools 2009-10-14 14:30:14 +02:00
Martin Willi 7daf5226b7 removed trailing spaces ([[:space:]]+$) 2009-09-04 13:46:09 +02:00
Tobias Brunner abff49a7ff Handling of new lifetime limits added to stroke. 2009-09-01 12:53:44 +02:00
Andreas Steffen 5672eae131 make boolean expression less enigmatic 2009-08-25 21:09:54 +02:00
Martin Willi eb641993d4 set stroke connection flags to a clear TRUE/FALSE 2009-08-25 19:57:36 +02:00
Andreas Steffen 11e6d28533 pluto supports ECDSA authentication 2009-06-12 19:59:49 +02:00
Tobias Brunner 8c5d72cd0b removing svn keyword $Id$ from all files 2009-04-30 13:19:35 +00:00