Tobias Brunner
46a3f92a76
Add an option to announce support for IKE fragmentation but not sending fragments
2017-05-23 16:41:57 +02:00
Noel Kuntze
693107f6ae
swanctl: Reformulate IKEv1 selector restriction, describe problems with TS narrowing
2017-03-23 18:27:05 +01:00
Tobias Brunner
d5a19a17dc
swanctl: Describe what happens when a FQDN is specified in local|remote_addrs
2017-03-20 10:18:51 +01:00
Tobias Brunner
f927ba975b
vici: Add support for mediation extension
2017-02-16 19:24:09 +01:00
Tobias Brunner
bd6ef6be7e
vici: Add support to load CA certificates from tokens and paths in authority sections
2017-02-16 19:24:08 +01:00
Tobias Brunner
2f8354ca6c
vici: Add support to load certificates from file paths
...
Probably not that useful via swanctl.conf but could be when used via VICI.
2017-02-16 19:24:08 +01:00
Tobias Brunner
00bf6a2a49
vici: Add support to load certificates from tokens
2017-02-16 19:24:08 +01:00
Tobias Brunner
d2e3ff8e0c
swanctl: Add `token` secrets for keys on tokens/smartcards
2017-02-16 19:24:07 +01:00
Tobias Brunner
ed105f45af
vici: Add support for NT Hash secrets
...
Fixes #1002 .
2017-02-16 19:23:51 +01:00
Tobias Brunner
3bedf10b25
vici: Add support for IPv6 Transport Proxy Mode
2017-02-16 19:23:50 +01:00
Tobias Brunner
e00bc9f6b2
vici: Add support for certificate policies
2017-02-16 19:23:50 +01:00
Tobias Brunner
44fcc83310
vici: Add missing dscp setting for IKE_SAs
...
Fixes #2170 .
2017-02-16 19:23:31 +01:00
Tobias Brunner
7caba2eb55
swanctl: Add 'private' directory/section to load any type of private key
2016-10-05 11:33:36 +02:00
Tobias Brunner
d5c6a0bac4
vici: Enable IKE fragmentation by default
2016-10-04 10:08:21 +02:00
Tobias Brunner
50721a61d8
vici: Make installation of outbound FWD policies configurable
2016-09-28 17:56:43 +02:00
Tobias Brunner
f883cd6df6
swanctl: Document how DH groups in CHILD_SA proposals are applied
...
References #1039 .
2016-08-31 11:47:25 +02:00
Andreas Steffen
c26e4330e7
Implemented IPsec policies restricted to given network interface
2016-04-09 16:51:02 +02:00
Andreas Steffen
7f57c4f9fb
Support manually-set IPsec policy priorities
2016-04-09 16:51:01 +02:00
Tobias Brunner
b31e8c04f2
swanctl: Fix documented directory name for remote pubkeys
2016-03-22 18:11:51 +01:00
Tobias Brunner
229cdf6bc8
vici: Order auth rounds by optional `round` parameter instead of by position in the request
2016-03-08 10:04:55 +01:00
Tobias Brunner
130c485be6
swanctl: Document signature scheme constraints
2016-03-04 16:19:54 +01:00
Chris Patterson
b84e905482
swanctl: Fix minor typos in documentation
...
"UPD" should be "UDP".
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
2016-02-29 11:05:44 +01:00
Andreas Steffen
87371460f6
vici: Support of raw public keys
2016-01-09 07:23:29 +01:00
Andreas Steffen
e333d4c0f1
swanctl.conf: IKEv2 fragmentation supported
2016-01-09 00:06:12 +01:00
Tobias Brunner
9322e5b398
vici: Add option to disable policy installation for CHILD_SAs
2015-08-17 12:01:36 +02:00
Andreas Steffen
63d370387d
vici: Certification Authority support added.
...
CDP and OCSP URIs for a one or multiple certification authorities
can be added via the VICI interface. swanctl allows to read
definitions from a new authorities section.
2015-07-21 13:02:30 +02:00
Martin Willi
54cdf847cc
swanctl: Support loading PKCS#12 containers from a pkcs12 swanctl directory
2015-03-18 13:34:22 +01:00
Martin Willi
f6511e36b5
vici: If a IKE reauth_time is configured, disable the default rekey_time
2015-03-03 13:49:14 +01:00
Martin Willi
cc1682bef9
ipsec-types: Support the %unique mark value
2015-02-20 16:34:53 +01:00
Tobias Brunner
5e92534313
vici: Add support for address range definitions of pools
2014-10-30 12:32:45 +01:00
Martin Willi
9da2b19189
swanctl: Document identity type prefixes
2014-10-30 11:07:10 +01:00
Tobias Brunner
8a59fa6467
swanctl: Document how connections.*.unique affects initiators
2014-09-09 10:56:15 +02:00
Tobias Brunner
d236db8701
swanctl: Fix documentation of options for send_cert setting
2014-07-28 10:38:34 +02:00
Martin Willi
88a33f8aa7
swanctl: Fix the swanctl.conf cacerts option name in the manpage and template
2014-07-14 09:18:47 +02:00
Tobias Brunner
ed01c1afff
Fixed some typos
2014-06-30 13:16:16 +02:00
Martin Willi
19ea055092
swanctl: Support private key decryption passhprases in swanctl.conf
...
While there is no real security benefit of storing private keys encrypted if
the passphrase is stored along with it, there still seems to be demand for this
functionality. We add it for compatibility with ipsec.secrets, even if it is
not really recommended.
2014-06-17 17:52:14 +02:00
Martin Willi
5b7725f3b0
swanctl: Document replay_window option
2014-06-17 16:49:02 +02:00
Martin Willi
2230f18358
swanctl: Document most swanctl.conf options in manpage
2014-05-07 15:48:17 +02:00
Tobias Brunner
5fdba04312
swanctl: Convert swanctl.conf to an options file and generate config
2014-05-07 15:48:16 +02:00