ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
15,745 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

39 Commits

Author SHA1 Message Date
Tobias Brunner 46a3f92a76 Add an option to announce support for IKE fragmentation but not sending fragments 2017-05-23 16:41:57 +02:00
Noel Kuntze 693107f6ae swanctl: Reformulate IKEv1 selector restriction, describe problems with TS narrowing 2017-03-23 18:27:05 +01:00
Tobias Brunner d5a19a17dc swanctl: Describe what happens when a FQDN is specified in local|remote_addrs 2017-03-20 10:18:51 +01:00
Tobias Brunner f927ba975b vici: Add support for mediation extension 2017-02-16 19:24:09 +01:00
Tobias Brunner bd6ef6be7e vici: Add support to load CA certificates from tokens and paths in authority sections 2017-02-16 19:24:08 +01:00
Tobias Brunner 2f8354ca6c vici: Add support to load certificates from file paths 
Probably not that useful via swanctl.conf but could be when used via VICI.
 2017-02-16 19:24:08 +01:00
Tobias Brunner 00bf6a2a49 vici: Add support to load certificates from tokens 2017-02-16 19:24:08 +01:00
Tobias Brunner d2e3ff8e0c swanctl: Add `token` secrets for keys on tokens/smartcards 2017-02-16 19:24:07 +01:00
Tobias Brunner ed105f45af vici: Add support for NT Hash secrets 
Fixes #1002.
 2017-02-16 19:23:51 +01:00
Tobias Brunner 3bedf10b25 vici: Add support for IPv6 Transport Proxy Mode 2017-02-16 19:23:50 +01:00
Tobias Brunner e00bc9f6b2 vici: Add support for certificate policies 2017-02-16 19:23:50 +01:00
Tobias Brunner 44fcc83310 vici: Add missing dscp setting for IKE_SAs 
Fixes #2170.
 2017-02-16 19:23:31 +01:00
Tobias Brunner 7caba2eb55 swanctl: Add 'private' directory/section to load any type of private key 2016-10-05 11:33:36 +02:00
Tobias Brunner d5c6a0bac4 vici: Enable IKE fragmentation by default 2016-10-04 10:08:21 +02:00
Tobias Brunner 50721a61d8 vici: Make installation of outbound FWD policies configurable 2016-09-28 17:56:43 +02:00
Tobias Brunner f883cd6df6 swanctl: Document how DH groups in CHILD_SA proposals are applied 
References #1039.
 2016-08-31 11:47:25 +02:00
Andreas Steffen c26e4330e7 Implemented IPsec policies restricted to given network interface 2016-04-09 16:51:02 +02:00
Andreas Steffen 7f57c4f9fb Support manually-set IPsec policy priorities 2016-04-09 16:51:01 +02:00
Tobias Brunner b31e8c04f2 swanctl: Fix documented directory name for remote pubkeys 2016-03-22 18:11:51 +01:00
Tobias Brunner 229cdf6bc8 vici: Order auth rounds by optional `round` parameter instead of by position in the request 2016-03-08 10:04:55 +01:00
Tobias Brunner 130c485be6 swanctl: Document signature scheme constraints 2016-03-04 16:19:54 +01:00
Chris Patterson b84e905482 swanctl: Fix minor typos in documentation 
"UPD" should be "UDP".

Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
 2016-02-29 11:05:44 +01:00
Andreas Steffen 87371460f6 vici: Support of raw public keys 2016-01-09 07:23:29 +01:00
Andreas Steffen e333d4c0f1 swanctl.conf: IKEv2 fragmentation supported 2016-01-09 00:06:12 +01:00
Tobias Brunner 9322e5b398 vici: Add option to disable policy installation for CHILD_SAs 2015-08-17 12:01:36 +02:00
Andreas Steffen 63d370387d vici: Certification Authority support added. 
CDP and OCSP URIs for a one or multiple certification authorities
can be added via the VICI interface. swanctl allows to read
definitions from a new authorities section.
 2015-07-21 13:02:30 +02:00
Martin Willi 54cdf847cc swanctl: Support loading PKCS#12 containers from a pkcs12 swanctl directory 2015-03-18 13:34:22 +01:00
Martin Willi f6511e36b5 vici: If a IKE reauth_time is configured, disable the default rekey_time 2015-03-03 13:49:14 +01:00
Martin Willi cc1682bef9 ipsec-types: Support the %unique mark value 2015-02-20 16:34:53 +01:00
Tobias Brunner 5e92534313 vici: Add support for address range definitions of pools 2014-10-30 12:32:45 +01:00
Martin Willi 9da2b19189 swanctl: Document identity type prefixes 2014-10-30 11:07:10 +01:00
Tobias Brunner 8a59fa6467 swanctl: Document how connections.*.unique affects initiators 2014-09-09 10:56:15 +02:00
Tobias Brunner d236db8701 swanctl: Fix documentation of options for send_cert setting 2014-07-28 10:38:34 +02:00
Martin Willi 88a33f8aa7 swanctl: Fix the swanctl.conf cacerts option name in the manpage and template 2014-07-14 09:18:47 +02:00
Tobias Brunner ed01c1afff Fixed some typos 2014-06-30 13:16:16 +02:00
Martin Willi 19ea055092 swanctl: Support private key decryption passhprases in swanctl.conf 
While there is no real security benefit of storing private keys encrypted if
the passphrase is stored along with it, there still seems to be demand for this
functionality. We add it for compatibility with ipsec.secrets, even if it is
not really recommended.
 2014-06-17 17:52:14 +02:00
Martin Willi 5b7725f3b0 swanctl: Document replay_window option 2014-06-17 16:49:02 +02:00
Martin Willi 2230f18358 swanctl: Document most swanctl.conf options in manpage 2014-05-07 15:48:17 +02:00
Tobias Brunner 5fdba04312 swanctl: Convert swanctl.conf to an options file and generate config 2014-05-07 15:48:16 +02:00