46a3f92a76
Add an option to announce support for IKE fragmentation but not sending fragments
2017-05-23 16:41:57 +02:00
81ba3c1a5e
starter: Use new parser to read config file
2014-06-19 14:00:49 +02:00
8839796c3e
starter: Remove unused ARG_LST argument type
2014-06-19 14:00:49 +02:00
d5367d2262
starter: Add a replay_window connection option
2014-06-17 16:41:31 +02:00
e48e530b44
starter: Reject connections having both 'ah' and 'esp' keywords set
...
We currently don't support mixed proposals or bundles, so don't create the
illusion we would.
2013-10-11 10:15:21 +02:00
25f74be8f9
starter: Remove obsolete 'auth' option
2013-10-11 10:15:21 +02:00
a07b97e804
starter: Add an 'ah' keyword for Authentication Header Security Associations
2013-10-11 10:15:20 +02:00
7fbe516f88
Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets
2013-02-06 15:36:36 +01:00
365d9a6f67
Added an option that allows to force IKEv1 fragmentation
2013-01-12 11:54:32 +01:00
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
f4cc7ea11b
Add uniqueids=never to ignore INITIAL_CONTACT notifies
...
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received. With this new option
it also ignores these notifies.
2012-09-10 17:37:18 +02:00
da646ab94a
Remove unused ipsec.conf left/rightnatip keyword
2012-08-21 09:38:01 +02:00
17319aa28d
Add a left/rightdns keyword to configure connection specific DNS attributes
2012-08-21 09:38:00 +02:00
46df61dff7
Add an ipsec.conf leftgroups2 parameter for the second authentication round
2012-07-26 11:51:58 +02:00
c236f19e50
ldaphost and ldapbase ca section keywords are deprecated
2012-06-25 10:52:16 +02:00
25fb9d3f4a
starter: Print additional help texts for selected deprecated keywords.
2012-06-12 16:15:03 +02:00
9707d9db79
starter: Improved how deprecated keywords are handled.
...
We only throw a warning now instead of rejecting the config.
2012-06-12 16:15:03 +02:00
3e2ff81e5d
starter: Removed all unsupported keywords.
2012-06-11 17:33:32 +02:00
ee3026a1e2
starter: Remove all ties to pluto/libfreeswan.
...
Moved some types/constants in the process.
2012-06-11 17:33:32 +02:00
0ac29be793
starter: Remove left|rightsubnetwithin option (charon narrows left|rightsubnet down accordingly).
2012-06-11 17:33:31 +02:00
8dd094e185
starter: Don't resolve any addresses in starter.
...
Also removed remains of some unknown iface option.
2012-06-11 17:33:31 +02:00
efc69e9f38
starter: Removed pfs and pfsgroup options (handled via esp option).
2012-06-11 17:33:31 +02:00
f82365ad27
starter: Use custom type to mark seen keywords.
2012-06-11 17:33:30 +02:00
57323f6259
starter: Remove left|rightnexthop option.
...
Charon does this lookup dynamically.
2012-06-11 17:33:30 +02:00
7cce0e96f2
starter: Replaced all usages of clone_str() with strdupnull().
2012-06-11 17:33:30 +02:00
e838c39ba9
starter: Parse authby as string.
2012-06-11 17:33:30 +02:00
163b227386
starter: Migrated logging to libstrongswan.
2012-06-11 17:33:29 +02:00
c8d46f2959
Dropped support of deprecated authby=eap and eap= options
2012-03-20 17:31:38 +01:00
e129168ba6
Added a "aggressive" ipsec.conf connection option
2012-03-20 17:31:34 +01:00
6f4eaa41a7
starter: Use automake LEX/YACC automatisms.
2011-10-10 19:31:04 +02:00
e59a50009c
starter passes unresolved DNS names to charon
...
Based on an initial patch by Mirko Parthey.
2011-08-29 09:58:18 +02:00
889a62a8d4
pluto: --debug-kernel aliasing was not fully complete.
2011-08-02 18:15:50 +02:00
f34ebc845b
Add a closeaction ipsec.conf keyword to configure close action
2011-06-07 12:07:21 +02:00
1c004bebd8
Clearly mark switch cases that fall through.
2011-04-19 13:48:50 +02:00
6367de28ad
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements
2011-01-07 15:51:35 +01:00
6c302616f1
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
2010-12-20 09:45:39 +01:00
64d7b0733f
Added support for the ipsec.conf aaa_identity keyword
2010-08-31 17:52:52 +02:00
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
8143f10914
introduced xauth_identity keyword
2010-05-15 10:18:29 +02:00
2b26a9c30d
Add reqid keyword to config connection section.
2010-05-04 14:38:34 +02:00
61e48488d9
final fix for cloning and deleting sourceip strings
2010-05-02 15:55:46 +02:00
667b73721a
Added left-/rightikeport ipsec.conf options to use custom IKE ports
2010-02-26 11:44:33 +01:00
8015c91cb9
Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
2010-01-27 16:05:11 +01:00
93e2377c7f
allow ECP DH groups in pfsgroup definition
2009-11-24 14:35:25 +01:00
270bb348e3
pluto now supports SQL-based virtual IP pools
2009-10-14 14:30:14 +02:00
7daf5226b7
removed trailing spaces ([[:space:]]+$)
2009-09-04 13:46:09 +02:00
ca41aa0602
Added keywords for the new lifetime limits to starter.
2009-09-01 12:53:44 +02:00
9c7faa8618
Added parser for unsigned long long ints to starter.
2009-09-01 12:53:44 +02:00
Tobias Brunner