Andreas Steffen
|
0d9e375193
|
Selectively enable PT-TLS and/or RADIUS sockets in tnc-pdp plugin
|
2013-08-26 20:36:07 +02:00 |
|
Andreas Steffen
|
12b3db5006
|
moved tnc_imv plugin to libtnccs thanks to recommendation callback function
|
2013-08-15 23:34:22 +02:00 |
|
Andreas Steffen
|
9d8c28e2f5
|
Documented plugin move from libcharon to libtnccs in strongswan.conf
|
2013-08-15 23:34:22 +02:00 |
|
Andreas Steffen
|
f5b5d262e8
|
Add PT-TLS interface to strongSwan PDP
|
2013-08-15 23:34:22 +02:00 |
|
Tobias Brunner
|
e99cfe5f20
|
strongswan.conf: Add note about reserved threads
|
2013-08-07 09:06:01 +02:00 |
|
Tobias Brunner
|
3021139f6f
|
strongswan.conf: Moved some stuff around
|
2013-07-23 12:23:05 +02:00 |
|
Tobias Brunner
|
2ed8b36a8a
|
strongswan.conf: Add missing options
|
2013-07-22 17:46:41 +02:00 |
|
Tobias Brunner
|
0ceb288815
|
Fix various API doc issues and typos
Partially based on an old patch by Adrian-Ken Rueegsegger.
|
2013-07-18 18:30:36 +02:00 |
|
Tobias Brunner
|
b2dfa0624d
|
ipsec.conf.5: closeaction is now supported for IKEv1
|
2013-07-17 18:18:57 +02:00 |
|
Tobias Brunner
|
baa6419ec1
|
kernel-pfroute: Make time that is waited for VIPs to appear configurable
One second might be too short for IPs to appear/disappear, especially on
virtualized hosts.
|
2013-07-17 17:45:17 +02:00 |
|
Tobias Brunner
|
598bec78fa
|
socket-default: Add options to disable address families
|
2013-07-05 09:48:27 +02:00 |
|
Tobias Brunner
|
b7b5432ff8
|
stroke: Changed how proto/port are specified in left|rightsubnet
Using a colon as separator conflicts with IPv6 addresses.
|
2013-06-28 15:10:09 +02:00 |
|
Tobias Brunner
|
68b7448eab
|
capabilities: Make the user and group charon(-nm) changes to configurable
|
2013-06-25 17:16:33 +02:00 |
|
Andreas Steffen
|
adf8a05a3d
|
Removed obsoleted strongswan.conf options
|
2013-06-21 23:25:24 +02:00 |
|
Tobias Brunner
|
4d62ad7571
|
charon-cmd: Link strongswan.conf(5) and charon-cmd(8) man pages
|
2013-06-21 16:35:19 +02:00 |
|
Martin Willi
|
24df067810
|
man: update ipsec.conf.5, describing new proto/port definition within leftsubnet
|
2013-06-19 16:36:01 +02:00 |
|
Tobias Brunner
|
7971278c92
|
stroke: Load credentials from PKCS#12 files (P12 token)
|
2013-05-08 15:02:41 +02:00 |
|
Tobias Brunner
|
87692be215
|
Load any type (RSA/ECDSA) of public key via left|rightsigkey
|
2013-05-07 17:08:31 +02:00 |
|
Tobias Brunner
|
fa1d3d39dc
|
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
|
2013-05-07 15:38:28 +02:00 |
|
Martin Willi
|
0be946dce3
|
Use the GEN silent rule when generating files with sed
|
2013-05-06 15:04:56 +02:00 |
|
Tobias Brunner
|
37873f9994
|
kernel-netlink: Add an option to disable roam events
|
2013-05-03 15:11:19 +02:00 |
|
Andreas Steffen
|
6b99da026c
|
added libstrongswan.plugins.openssl.fips_mode to man page
|
2013-04-16 13:44:06 +02:00 |
|
Andreas Steffen
|
654c88bca8
|
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
|
2013-04-14 19:57:49 +02:00 |
|
Andreas Steffen
|
1044710b04
|
implemented periodic IF-MAP RenewSession request
|
2013-04-03 21:38:04 +02:00 |
|
Tobias Brunner
|
96ad2b17b0
|
Updated strongswan.conf(5) man page
|
2013-04-01 16:56:47 +02:00 |
|
Andreas Steffen
|
0cf4dc53c7
|
updated strongswan.conf man page for tn_ifmap plugin
|
2013-03-31 19:05:53 +02:00 |
|
Martin Willi
|
e82deaf6ce
|
Merge branch 'multi-cert'
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
|
2013-03-01 11:35:32 +01:00 |
|
Martin Willi
|
a36b49f3cb
|
Merge branch 'opaque-ports'
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
|
2013-03-01 11:27:12 +01:00 |
|
Martin Willi
|
0abeac3a0b
|
Document ipsec.conf leftprotoport extensions in manpage
|
2013-02-21 11:52:33 +01:00 |
|
Andreas Steffen
|
f2145c8d3a
|
Moved configuration from resolver manager to unbound plugin
Also streamlined log messages in unbound plugin.
|
2013-02-19 12:25:00 +01:00 |
|
Reto Guadagnini
|
932717fbde
|
ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf
|
2013-02-19 12:25:00 +01:00 |
|
Martin Willi
|
e212033ef2
|
Merge branch 'ike-dscp'
|
2013-02-14 17:11:35 +01:00 |
|
Martin Willi
|
88f4cd3988
|
Add ikedscp documentation to ipsec.conf.5
|
2013-02-06 15:42:14 +01:00 |
|
Tobias Brunner
|
9d9410e7b9
|
Typo in strongswan.conf(5) man page fixed
|
2013-01-31 11:52:11 +01:00 |
|
Tobias Brunner
|
c186b3940a
|
Documented new options in strongswan.conf(5) man page
|
2013-01-25 20:22:20 +01:00 |
|
Martin Willi
|
11a7abf554
|
Add ipsec.conf.5 updates regarding multiple certificates in leftcert
|
2013-01-18 09:33:15 +01:00 |
|
Tobias Brunner
|
ee6902ef7f
|
Added an option to configure the maximum size of a fragment
|
2013-01-12 11:54:58 +01:00 |
|
Tobias Brunner
|
365d9a6f67
|
Added an option that allows to force IKEv1 fragmentation
|
2013-01-12 11:54:32 +01:00 |
|
Tobias Brunner
|
97973f8609
|
Use a connection specific option to en-/disable IKEv1 fragmentation
|
2012-12-24 13:00:01 +01:00 |
|
Tobias Brunner
|
2f62bb1549
|
Add an option to en-/disable IKE fragmentation
Fragments are always accepted but will not be sent if disabled. The
vendor ID is only sent if the option is enabled.
|
2012-12-24 12:29:31 +01:00 |
|
Andreas Steffen
|
133fb74841
|
add dlcose strongswan.conf option to tnc-imc/tnc-imv plugins
|
2012-12-09 19:40:13 +01:00 |
|
Andreas Steffen
|
742722e2f5
|
updated strongswan.conf man page
|
2012-11-12 10:45:38 +01:00 |
|
Andreas Steffen
|
ffd3556bad
|
scanner imc/imv pair uses IETF VPN PA-TNC message subtype
|
2012-10-31 21:58:21 +01:00 |
|
Tobias Brunner
|
3689f0f6cc
|
FQDNs are actually not resolved when loading secrets
|
2012-10-29 10:06:43 +01:00 |
|
Tobias Brunner
|
2380f3a830
|
Added documentation for NTLM secrets
|
2012-10-25 09:51:47 +02:00 |
|
Martin Willi
|
cd844e1c97
|
Remove obsolete pluto smartcard syntax in ipsec.secrets.5
|
2012-10-24 13:07:53 +02:00 |
|
Martin Willi
|
f6d8fb3687
|
Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcards
|
2012-10-24 13:07:53 +02:00 |
|
Martin Willi
|
05e266ea9d
|
Add leftcert ipsec.conf.5 documentation about smartcard certificates
|
2012-10-24 13:07:53 +02:00 |
|
Martin Willi
|
5b2e669ba2
|
Add ipsec.conf.5 documentation for explicit PRFs in IKE proposals
|
2012-10-24 11:49:37 +02:00 |
|
Tobias Brunner
|
3c4d383443
|
Added an option to reload certificates from PKCS#11 tokens on SIGHUP
|
2012-10-18 14:42:09 +02:00 |