Andreas Steffen
7f65a8c271
vici: Increased various string buffers to BUF_LEN (512 bytes)
2016-07-29 12:34:40 +02:00
Martin Willi
518a5b2ece
configure: Check for and explicitly link against -latomic
...
Some C libraries, such as uClibc, require an explicit link for some atomic
functions. Check for any libatomic, and explcily link it.
2016-06-14 14:27:20 +02:00
Andreas Steffen
6a6876390d
swanctl: indicate initiator and responder in --list-sas
2016-05-07 17:54:56 +02:00
Andreas Steffen
b9522f9d64
swanctl: Do not display rekey times for shunts
2016-05-05 14:53:22 +02:00
Andreas Steffen
b1df631212
vici list-conns sends reauthentication and rekeying time information
2016-05-04 18:13:52 +02:00
Andreas Steffen
e88f21cf65
swanctl: --list-conns shows eap_id, xauth_id and aaa_id
2016-05-04 18:13:52 +02:00
Andreas Steffen
afcd466192
swanctl: list EAP type in --list-conns
2016-04-26 17:15:37 +02:00
Andreas Steffen
4e3234afb4
swanctl: log errors to stderr
2016-04-24 23:33:23 +02:00
Andreas Steffen
e9704e90cf
Include manual policy priorities and restriction to interfaces in vici list-conn command
2016-04-09 16:51:02 +02:00
Andreas Steffen
c26e4330e7
Implemented IPsec policies restricted to given network interface
2016-04-09 16:51:02 +02:00
Andreas Steffen
7f57c4f9fb
Support manually-set IPsec policy priorities
2016-04-09 16:51:01 +02:00
Tobias Brunner
b31e8c04f2
swanctl: Fix documented directory name for remote pubkeys
2016-03-22 18:11:51 +01:00
Tobias Brunner
229cdf6bc8
vici: Order auth rounds by optional `round` parameter instead of by position in the request
2016-03-08 10:04:55 +01:00
Andreas Steffen
99b794a4cf
Display IKE ports with swanctl --list-sas
2016-03-05 18:19:00 +01:00
Tobias Brunner
130c485be6
swanctl: Document signature scheme constraints
2016-03-04 16:19:54 +01:00
Tobias Brunner
27074f3155
vici: Match subnets and ranges against peer IP in redirect command
2016-03-04 16:03:00 +01:00
Tobias Brunner
bef4518de7
vici: Match identity with wildcards against remote ID in redirect command
2016-03-04 16:02:59 +01:00
Tobias Brunner
e92364db66
swanctl: Add --redirect command
2016-03-04 16:02:59 +01:00
Chris Patterson
b84e905482
swanctl: Fix minor typos in documentation
...
"UPD" should be "UDP".
Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
2016-02-29 11:05:44 +01:00
Andreas Steffen
abe6d07463
swanctl: Load pubkeys with load-creds
2016-01-09 07:23:30 +01:00
Andreas Steffen
4c38c79452
vici: list-cert sends subject, not-before and not-after attributes for pubkeys
2016-01-09 07:23:30 +01:00
Andreas Steffen
87371460f6
vici: Support of raw public keys
2016-01-09 07:23:29 +01:00
Andreas Steffen
e333d4c0f1
swanctl.conf: IKEv2 fragmentation supported
2016-01-09 00:06:12 +01:00
Tobias Brunner
3f2c305226
swanctl: Slightly change usage summary for --list-certs
2015-12-16 12:20:35 +01:00
Tobias Brunner
b0f00b2a3c
swanctl: Never print more than MAX_LINES of usage summary
...
Print a warning if a registered command exceeds that limit.
2015-12-16 12:09:20 +01:00
Andreas Steffen
47e5640378
swanctl --stats lists loaded plugins
2015-12-13 17:07:28 +01:00
Andreas Steffen
02d431022c
Refactored certificate management for the vici and stroke interfaces
2015-12-12 00:19:24 +01:00
Andreas Steffen
44d3b02b57
Removed VICI protocol versioning
2015-12-11 18:26:55 +01:00
Andreas Steffen
b6dba6db74
Use of certificate_printer by swanctl --list-certs command
2015-12-11 18:26:55 +01:00
Andreas Steffen
334119b843
Share vici_cert_info.c with vici_cred.c
2015-12-11 18:26:55 +01:00
Andreas Steffen
fad851e2d3
Use VICI 2.0 protocol version for certificate queries
2015-12-11 18:26:54 +01:00
Martin Willi
9709418871
swanctl: Explicitly link against -lpthread and -ldl if required
...
We already do this for charon, as some toolchains require an explicit
link even if libstrongswan already depends on it.
2015-12-04 08:02:03 +01:00
Tobias Brunner
731cf55579
swanctl: Add --list-algs command to query loaded algorithms
2015-11-30 10:55:55 +01:00
Tobias Brunner
c2967484a0
swanctl: Add option to query leases with --get-pools
2015-11-10 10:43:25 +01:00
Tobias Brunner
304a9a97e8
swanctl: List virtual IPs in --list-sas
2015-11-10 10:43:24 +01:00
Tobias Brunner
0709280175
swanctl: Correctly build man page in out-of-tree builds from the repository
2015-08-27 12:46:53 +02:00
Tobias Brunner
9322e5b398
vici: Add option to disable policy installation for CHILD_SAs
2015-08-17 12:01:36 +02:00
Andreas Steffen
2096d54198
Improved legibility of swanctl CRL listings
2015-07-22 17:46:15 +02:00
Andreas Steffen
63d370387d
vici: Certification Authority support added.
...
CDP and OCSP URIs for a one or multiple certification authorities
can be added via the VICI interface. swanctl allows to read
definitions from a new authorities section.
2015-07-21 13:02:30 +02:00
Martin Willi
54d0d20bda
swanctl: Fix --uri option
...
As we now pass the vici connection to the command dispatcher callback, we can't
parse the --uri option to create the connection from the same callback. Instead
pre-process the common command options in a separate loop, and ignore the same
options while processing the actual command.
2015-05-05 10:46:48 +02:00
Timo Teräs
acbdf8c806
swanctl: Implement monitoring of IKE_SA and CHILD_SA changes
...
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2015-05-04 13:39:08 +02:00
Romain Francoise
ea79cd6ade
swanctl: Add missing unit in install-time log
2015-05-04 13:25:30 +02:00
Martin Willi
d143e7b04b
swanctl: Append /ESN to proposal for a CHILD_SA using Extended Sequence Numbers
...
We previously printed just the value for the "esn" keyword, which is "1", and
not helpful as such.
Fixes #904 .
2015-03-23 10:15:07 +01:00
Martin Willi
94bb26fae3
vici: Return authentication rounds with unique names
...
To simplify handling of authentication rounds in dictionaries/hashtables on the
client side, we assign unique names to each authentication round when listing
connection.
2015-03-18 13:59:14 +01:00
Martin Willi
1e366429fd
swanctl: Cache entered PKCS#12 decryption secret
...
It is usually used more than once, but most likely the same for decryption and
MAC verification.
2015-03-18 13:34:22 +01:00
Martin Willi
54cdf847cc
swanctl: Support loading PKCS#12 containers from a pkcs12 swanctl directory
2015-03-18 13:34:22 +01:00
Martin Willi
a1fb5251e0
swanctl: Generalize private key decryption to support other credential types
2015-03-18 13:34:22 +01:00
Martin Willi
f6511e36b5
vici: If a IKE reauth_time is configured, disable the default rekey_time
2015-03-03 13:49:14 +01:00
Martin Willi
cc1682bef9
ipsec-types: Support the %unique mark value
2015-02-20 16:34:53 +01:00
Martin Willi
e4a131b1ce
swanctl: List CHILD_SA unique ID as the primary identifier, but print reqid, too
2015-02-20 13:34:50 +01:00
Martin Willi
108e388580
swanctl: Fail loading a connection if loading a cacert constraint fails
2014-12-12 10:23:59 +01:00
Tobias Brunner
5e92534313
vici: Add support for address range definitions of pools
2014-10-30 12:32:45 +01:00
Martin Willi
9da2b19189
swanctl: Document identity type prefixes
2014-10-30 11:07:10 +01:00
Tobias Brunner
f8dc376c77
swanctl: Fix man page build on FreeBSD
...
BSD make seems to only evaluate $< for certain rules (like the suffix rule
used to generate the config template).
2014-10-14 16:49:40 +02:00
Martin Willi
67f9f09dd3
swanctl: Fix exit codes based on errno
...
As fprintf() most likely sets errno, we should save it before printing the
error message.
2014-10-10 11:42:18 +02:00
Shea Levy
0efea2fd86
Don't fail to install if sysconfdir isn't writable
2014-09-26 10:52:37 +02:00
Martin Willi
d9a2f1330a
swanctl: Complete --load-creds command summary
2014-09-22 13:55:11 +02:00
Martin Willi
71d85b33d9
swanctl: Fix description of load-pools command summary
2014-09-22 13:55:11 +02:00
Martin Willi
67402e67af
swanctl: Add a --load-all command, performing --load-{creds,pools,conns}
2014-09-22 13:55:11 +02:00
Martin Willi
214a859cd6
swanctl: Add a --reload-settings command
2014-09-22 13:55:11 +02:00
Tobias Brunner
bc9acd7b9e
swanctl: Document --stats command
2014-09-19 11:30:08 +02:00
Tobias Brunner
8a59fa6467
swanctl: Document how connections.*.unique affects initiators
2014-09-09 10:56:15 +02:00
Tobias Brunner
d236db8701
swanctl: Fix documentation of options for send_cert setting
2014-07-28 10:38:34 +02:00
Martin Willi
88a33f8aa7
swanctl: Fix the swanctl.conf cacerts option name in the manpage and template
2014-07-14 09:18:47 +02:00
Tobias Brunner
1bd175a9ef
swanctl: Fix Doxygen group assignment
2014-06-30 13:16:16 +02:00
Tobias Brunner
ed01c1afff
Fixed some typos
2014-06-30 13:16:16 +02:00
Martin Willi
df93458685
swanctl: Add a --stats command to print daemon infos and statistics
2014-06-17 17:55:45 +02:00
Martin Willi
19ea055092
swanctl: Support private key decryption passhprases in swanctl.conf
...
While there is no real security benefit of storing private keys encrypted if
the passphrase is stored along with it, there still seems to be demand for this
functionality. We add it for compatibility with ipsec.secrets, even if it is
not really recommended.
2014-06-17 17:52:14 +02:00
Martin Willi
5b7725f3b0
swanctl: Document replay_window option
2014-06-17 16:49:02 +02:00
Andreas Steffen
dacb75f5c0
Split swanctl --raw mode into single-line and --pretty mode
2014-06-14 15:40:22 +02:00
Andreas Steffen
6d092615e3
Added missing units (s = seconds)
2014-06-10 16:18:23 +02:00
Martin Willi
f59e2b7bb3
swanctl: Stop logging with Ctrl+C on Windows as well
2014-06-04 15:53:12 +02:00
Martin Willi
b67069b00c
swanctl: Concatenate relative certificate paths correctly on Windows
2014-06-04 15:53:09 +02:00
Tobias Brunner
b2b54bd71d
Make sure getpass() is available
...
It's not on Android for example.
2014-05-29 12:28:53 +02:00
Martin Willi
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
Martin Willi
78db68cecf
swanctl: Properly initialize return value of --install command
2014-05-16 15:42:07 +02:00
Martin Willi
e20e0a0586
swanctl: Increase default debug level to 1
...
We initially intended to silence debugging only during thread initialization,
not for swanctl in general.
2014-05-14 16:28:01 +02:00
Martin Willi
b1076bc8fd
swanctl: By default print local swanctl version with --version
...
But add a --daemon option to query the IKE daemon for its version.
2014-05-07 15:48:17 +02:00
Martin Willi
92884b4683
swanctl: Install empty credential folders with appropriate permissions
2014-05-07 15:48:17 +02:00
Martin Willi
2230f18358
swanctl: Document most swanctl.conf options in manpage
2014-05-07 15:48:17 +02:00
Martin Willi
d909e51918
swanctl: Keep swanctl.conf man/template section order as defined
2014-05-07 15:48:17 +02:00
Martin Willi
85d26e0c87
swanctl: Add a swanctl command overview manpage
2014-05-07 15:48:17 +02:00
Tobias Brunner
b18191ba0f
swanctl: Generate swanctl.conf(5) man page
2014-05-07 15:48:16 +02:00
Tobias Brunner
6a461f0852
swanctl: Generate man page snippet with config options
2014-05-07 15:48:16 +02:00
Tobias Brunner
5fdba04312
swanctl: Convert swanctl.conf to an options file and generate config
2014-05-07 15:48:16 +02:00
Tobias Brunner
49d8a5f554
swanctl: Install swanctl.conf if it does not exist yet
2014-05-07 15:48:16 +02:00
Martin Willi
1312eab036
swanctl: Change syntax of secrets to accept identities with special chars
...
Having identity strings in the settings key is problematic, as the parser can't
handle arbitrary characters in it. Further, the space separation makes it
impossible to define identities with spaces.
The new format uses key prefixes, similar to those used in local/remote auth
sections of connections. The secrets section takes subsections with type
prefixes, and each subsection uses "id" prefixes to define an arbitrary
number of identities.
2014-05-07 15:48:16 +02:00
Martin Willi
a2875525ae
swanctl: List local and remote addresses in list-conns
2014-05-07 15:48:16 +02:00
Martin Willi
43306afe8e
swanctl: Add a list-pools command to summarize pool status
2014-05-07 15:48:15 +02:00
Martin Willi
a77acc183a
swanctl: Add a load-pools command to (re-)load pool configurations from file
2014-05-07 15:48:15 +02:00
Martin Willi
4ee33b44df
swanctl: Encode connection "pools" as list items
2014-05-07 15:48:15 +02:00
Martin Willi
250c6e3d90
swanctl: Fix enumeration of registered commands if MAX_COMMANDS is hit
2014-05-07 15:48:15 +02:00
Martin Willi
7b35c02db4
swanctl: Implement a --log command to trace debugging log
2014-05-07 15:48:15 +02:00
Martin Willi
3b22e8e995
swanctl: Add a swanctl.conf template file
2014-05-07 15:48:15 +02:00
Martin Willi
2d5c3a0f0f
swanctl: Implement a --list-certs command to print or export daemon certificates
2014-05-07 15:48:15 +02:00
Martin Willi
ebe78940aa
swanctl: Be more verbose while loading connections and credentials
2014-05-07 15:48:15 +02:00
Martin Willi
51bdc1f3f1
swanctl: Add a list-conns command to query loaded connections
2014-05-07 15:48:14 +02:00
Martin Willi
da866234bb
swanctl: Register --version as last command
2014-05-07 15:48:14 +02:00
Martin Willi
c1e413db49
swanctl: Support groups, certs and cacerts keywords
2014-05-07 15:48:14 +02:00
Martin Willi
818acc8638
swanctl: Load shared secrets from the swanctl.conf secrets section
2014-05-07 15:48:14 +02:00