Martin Willi
|
a07b97e804
|
starter: Add an 'ah' keyword for Authentication Header Security Associations
|
2013-10-11 10:15:20 +02:00 |
Tobias Brunner
|
a2cebbe674
|
starter: Don't ignore keyingtries with rekey=no
Since keyingtries also affects the number of retries initially or when
reestablishing an SA it should not be affected by the rekey option.
Fixes #418.
|
2013-09-26 10:17:48 +02:00 |
Martin Willi
|
2bae838d5e
|
stroke: re-enable modeconfig keyword
|
2013-09-04 10:33:38 +02:00 |
Martin Willi
|
a36b49f3cb
|
Merge branch 'opaque-ports'
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
|
2013-03-01 11:27:12 +01:00 |
Martin Willi
|
cd41b951ee
|
Pass complete port range over stroke interface for more flexibility
|
2013-02-21 11:52:33 +01:00 |
Martin Willi
|
7fbe516f88
|
Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets
|
2013-02-06 15:36:36 +01:00 |
Tobias Brunner
|
365d9a6f67
|
Added an option that allows to force IKEv1 fragmentation
|
2013-01-12 11:54:32 +01:00 |
Tobias Brunner
|
97973f8609
|
Use a connection specific option to en-/disable IKEv1 fragmentation
|
2012-12-24 13:00:01 +01:00 |
Tobias Brunner
|
f05b427265
|
Moved debug.[ch] to utils folder
|
2012-10-24 16:00:51 +02:00 |
Tobias Brunner
|
9e730ef9df
|
Starter unroutes removed or changed connections before loading and routing new ones
|
2012-10-18 14:42:11 +02:00 |
Martin Willi
|
96c2b3cf89
|
Support multiple addresses/pools in left/rightsourceip
|
2012-08-30 16:43:42 +02:00 |
Martin Willi
|
17319aa28d
|
Add a left/rightdns keyword to configure connection specific DNS attributes
|
2012-08-21 09:38:00 +02:00 |
Martin Willi
|
46df61dff7
|
Add an ipsec.conf leftgroups2 parameter for the second authentication round
|
2012-07-26 11:51:58 +02:00 |
Tobias Brunner
|
ee3026a1e2
|
starter: Remove all ties to pluto/libfreeswan.
Moved some types/constants in the process.
|
2012-06-11 17:33:32 +02:00 |
Tobias Brunner
|
5b09310e67
|
starter: Use custom type for SA specific options (flags).
|
2012-06-11 17:33:31 +02:00 |
Tobias Brunner
|
eca839b0a7
|
starter: No special handling for left|rightsubnet, just pass it on as string.
|
2012-06-11 17:33:31 +02:00 |
Tobias Brunner
|
8dd094e185
|
starter: Don't resolve any addresses in starter.
Also removed remains of some unknown iface option.
|
2012-06-11 17:33:31 +02:00 |
Tobias Brunner
|
6d065f14ae
|
starter: Store mode of the IPsec SA/policy in a separate member.
|
2012-06-11 17:33:30 +02:00 |
Tobias Brunner
|
e838c39ba9
|
starter: Parse authby as string.
|
2012-06-11 17:33:30 +02:00 |
Tobias Brunner
|
163b227386
|
starter: Migrated logging to libstrongswan.
|
2012-06-11 17:33:29 +02:00 |
Andreas Steffen
|
1d315bddd3
|
implemented the right|leftallowany feature
|
2012-06-08 21:24:41 +02:00 |
Andreas Steffen
|
80c5b17d1a
|
make IKEv1 DPD timeout configurable in charon
|
2012-05-17 19:49:22 +02:00 |
Martin Willi
|
9e25007646
|
Explicitly cast from strict_t to crl_policy_t
|
2012-05-14 14:11:54 +02:00 |
Martin Willi
|
b24be29646
|
Merge branch 'ikev1'
Conflicts:
configure.in
man/ipsec.conf.5.in
src/libcharon/encoding/generator.c
src/libcharon/encoding/payloads/notify_payload.c
src/libcharon/encoding/payloads/notify_payload.h
src/libcharon/encoding/payloads/payload.c
src/libcharon/network/receiver.c
src/libcharon/sa/authenticator.c
src/libcharon/sa/authenticator.h
src/libcharon/sa/ikev2/tasks/ike_init.c
src/libcharon/sa/task_manager.c
src/libstrongswan/credentials/auth_cfg.c
|
2012-05-02 11:12:31 +02:00 |
Andreas Steffen
|
5f1931ada1
|
added support for raw RSA public keys to stroke
|
2012-04-30 00:31:42 +02:00 |
Martin Willi
|
c791def8c1
|
Added support for authby/xauth_server legacy options
|
2012-03-20 17:31:38 +01:00 |
Martin Willi
|
e129168ba6
|
Added a "aggressive" ipsec.conf connection option
|
2012-03-20 17:31:34 +01:00 |
Martin Willi
|
d94c923648
|
Support an "any" IKE version for both IKEv1 or IKEv2
|
2012-03-20 17:31:25 +01:00 |
Martin Willi
|
21a4fc832e
|
Pass ipsec.conf xauth_identity option via stroke to charon configurations
|
2012-03-20 17:31:23 +01:00 |
Martin Willi
|
e59a50009c
|
starter passes unresolved DNS names to charon
Based on an initial patch by Mirko Parthey.
|
2011-08-29 09:58:18 +02:00 |
Andreas Steffen
|
f87991704e
|
implemented PASS and DROP shunt policies
|
2011-06-28 19:42:54 +02:00 |
Martin Willi
|
f34ebc845b
|
Add a closeaction ipsec.conf keyword to configure close action
|
2011-06-07 12:07:21 +02:00 |
Tobias Brunner
|
bac28c73ed
|
starter_conn_t.id is an unsigned long.
|
2011-04-14 18:10:27 +02:00 |
Martin Willi
|
6367de28ad
|
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements
|
2011-01-07 15:51:35 +01:00 |
Martin Willi
|
6c302616f1
|
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
|
2010-12-20 09:45:39 +01:00 |
Andreas Steffen
|
0bc5547d0c
|
*** HISTORICAL MOMENT: IKEv2 becomes the default! ***
|
2010-10-09 20:46:55 +02:00 |
Tobias Brunner
|
08c0d340b8
|
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.
Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.
|
2010-09-02 19:01:25 +02:00 |
Martin Willi
|
64d7b0733f
|
Added support for the ipsec.conf aaa_identity keyword
|
2010-08-31 17:52:52 +02:00 |
Andreas Steffen
|
26c4d0102a
|
configuration of different marks for inbound and outbound direction
|
2010-07-09 09:06:07 +02:00 |
Andreas Steffen
|
ee26c537d7
|
support of xfrm marks for IKEv2
|
2010-07-02 23:46:09 +02:00 |
Reto Buerki
|
1f83541d7b
|
Include reqid in stroke add connection message.
|
2010-05-04 14:38:34 +02:00 |
Martin Willi
|
667b73721a
|
Added left-/rightikeport ipsec.conf options to use custom IKE ports
|
2010-02-26 11:44:33 +01:00 |
Martin Willi
|
8015c91cb9
|
Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
|
2010-01-27 16:05:11 +01:00 |
Andreas Steffen
|
270bb348e3
|
pluto now supports SQL-based virtual IP pools
|
2009-10-14 14:30:14 +02:00 |
Martin Willi
|
7daf5226b7
|
removed trailing spaces ([[:space:]]+$)
|
2009-09-04 13:46:09 +02:00 |
Tobias Brunner
|
abff49a7ff
|
Handling of new lifetime limits added to stroke.
|
2009-09-01 12:53:44 +02:00 |
Andreas Steffen
|
5672eae131
|
make boolean expression less enigmatic
|
2009-08-25 21:09:54 +02:00 |
Martin Willi
|
eb641993d4
|
set stroke connection flags to a clear TRUE/FALSE
|
2009-08-25 19:57:36 +02:00 |
Andreas Steffen
|
11e6d28533
|
pluto supports ECDSA authentication
|
2009-06-12 19:59:49 +02:00 |
Tobias Brunner
|
8c5d72cd0b
|
removing svn keyword $Id$ from all files
|
2009-04-30 13:19:35 +00:00 |