Tobias Brunner
20bda203f9
The AUTHORS file is required by automake
2012-06-25 10:59:27 +02:00
Tobias Brunner
d50b9be571
LICENSE file updated
2012-06-25 10:52:16 +02:00
Tobias Brunner
c236f19e50
ldaphost and ldapbase ca section keywords are deprecated
2012-06-25 10:52:16 +02:00
Tobias Brunner
693805cc98
Removed pluto-specifics from ipsec script
2012-06-25 10:52:16 +02:00
Tobias Brunner
f5a3b95a39
README file cleaned up and updated
2012-06-25 10:52:16 +02:00
Martin Willi
0ba1ddaa24
Enforce uniqueids=keep based on XAuth identity
2012-06-25 10:18:35 +02:00
Martin Willi
f145ea29e0
Don't send XAUTH_OK if a hook prevents SA to establish
2012-06-25 10:18:35 +02:00
Martin Willi
0c32b9c62f
Enforce uniqueids=keep only for non-XAuth Main/Agressive Modes
2012-06-25 10:18:35 +02:00
Martin Willi
dd1381e7d3
Show EAP/XAuth identity in "ipsec status", if available
2012-06-25 10:18:35 +02:00
Martin Willi
0fbfcf2a3a
Use XAuth/EAP remote identity for uniqueness check
2012-06-25 10:18:34 +02:00
Martin Willi
de5e8fb4e0
Add missing XAuth name variable when complaining about missing XAuth backend
2012-06-25 10:09:27 +02:00
Andreas Steffen
f84180bb89
removed AUTHORS and CREDITS
2012-06-25 08:45:10 +02:00
Andreas Steffen
a7b8e380dc
some copyright additions
2012-06-23 12:09:29 +02:00
Andreas Steffen
e398dfb4c3
update copyright
2012-06-23 11:57:42 +02:00
Andreas Steffen
83c75fd10f
version bump to 5.0.0
2012-06-23 11:32:54 +02:00
Tobias Brunner
e91157a4b6
Fix SIGSEGV if kernel install fails during Quick Mode as responder.
2012-06-22 11:34:38 +02:00
Andreas Steffen
fc16296391
adapted description to IKEv2
2012-06-22 09:53:37 +02:00
Tobias Brunner
aa8898bc45
Fixed compile error because of charon->name in certexpire plugin.
2012-06-21 13:59:18 +02:00
Andreas Steffen
bf577b6714
fixed typo
2012-06-20 11:15:09 +02:00
Andreas Steffen
0802b8359e
added ipv6/rw-ip6-in-ip4-ikev1 scenario
2012-06-20 11:13:20 +02:00
Andreas Steffen
36988a0a37
added ipv6/rw-ip6-in-ip4-ikev2 scenario
2012-06-20 11:03:51 +02:00
Martin Willi
e2dd114f37
Select requested virtual IP family based on remote TS, if no local TS available
2012-06-20 10:02:01 +02:00
Andreas Steffen
f2fc138e8e
upgraded UML options to 5.0.0
2012-06-19 19:34:26 +02:00
Tobias Brunner
5d227c79a9
Doxygen fix in PKCS#7 wrapper
2012-06-19 13:32:59 +02:00
Andreas Steffen
87f8ff168b
sleep one second more
2012-06-19 06:18:05 +02:00
Andreas Steffen
e4012ae386
use socket-default in scenario
2012-06-19 06:17:37 +02:00
Andreas Steffen
bc60bb8bf4
added ikev1/xauth-id-rsa-hybrid scenario
2012-06-18 22:51:50 +02:00
Andreas Steffen
771a66c6a0
added ikev1/xauth-id-rsa-aggressive scenario
2012-06-18 22:30:26 +02:00
Andreas Steffen
2045a9d36d
added secret as valid authby argument
2012-06-18 22:11:18 +02:00
Andreas Steffen
8b8f5c6141
rsasig is not recognized as authentication method
2012-06-18 22:03:36 +02:00
Andreas Steffen
49d18a8e06
enable potentially unsafe aggressive mode
2012-06-18 21:34:48 +02:00
Andreas Steffen
7a892288fb
change ikev1/xauth scenarios to modern notation
2012-06-18 21:22:01 +02:00
Tobias Brunner
6d3702ed61
testing: List IPv6 routing table in IPv6 test cases.
2012-06-15 16:46:27 +02:00
Tobias Brunner
5c1332bf7c
NLM_F_DUMP includes NLM_F_ROOT.
2012-06-15 16:46:27 +02:00
Tobias Brunner
8ec51f83e5
Don't create roam jobs based on cached/cloned routes.
2012-06-15 16:44:18 +02:00
Tobias Brunner
9896b6bd58
Don't compare ports when comparing cached routes.
...
At least src_ip has a port set sometimes.
2012-06-15 16:44:07 +02:00
Tobias Brunner
31bcaf604a
starter: Fixed parsing of %defaultroute.
2012-06-15 10:46:56 +02:00
Martin Willi
af518b450e
Adopt children as XAuth initiator (which is IKE responder)
2012-06-14 14:49:19 +02:00
Martin Willi
794cdbc53f
Added 5.0 NEWS about IKEv1 in charon
2012-06-14 10:57:29 +02:00
Martin Willi
e36497700c
Print the kind of *Swan during starter startup
2012-06-14 10:25:48 +02:00
Martin Willi
137035cc78
Show what kind of *Swan we run in "ipsec status"
2012-06-14 10:25:48 +02:00
Martin Willi
b31a56f128
Require a scary option to respond to Aggressive Mode PSK requests
...
While Aggressive Mode PSK is widely used, it is known to be subject
to dictionary attacks by passive attackers. We don't complain as
initiator to be compatible with existing (insecure) setups, but
require a scary strongswan.conf option if someone wants to use it
as responder.
2012-06-14 10:25:48 +02:00
Andreas Steffen
e49f18f74d
thanks to narrowing treat right|leftsubnetwithin as synonyms for right|leftsubnet
2012-06-14 07:55:12 +02:00
Andreas Steffen
daa857029f
removed plutostart parameter
2012-06-13 21:19:05 +02:00
Tobias Brunner
dd38e9fc83
scepclient: Fixed Makefile after removing enable-smartcard configure option.
2012-06-13 15:08:14 +02:00
Tobias Brunner
f7cbc0fafe
Use proper defines for IPV6_PKTINFO on Mac OS X Lion and newer.
2012-06-13 15:02:10 +02:00
Tobias Brunner
2015c46985
Some updates to the INSTALL document.
2012-06-13 12:24:23 +02:00
Tobias Brunner
6d599fb964
Removed remaining pluto related configure options.
2012-06-13 11:33:32 +02:00
Tobias Brunner
25fb9d3f4a
starter: Print additional help texts for selected deprecated keywords.
2012-06-12 16:15:03 +02:00
Tobias Brunner
9707d9db79
starter: Improved how deprecated keywords are handled.
...
We only throw a warning now instead of rejecting the config.
2012-06-12 16:15:03 +02:00