63b0bc9c2d
Invoke missing message() hook for incoming responses
2010-02-17 18:23:14 +01:00
b65d7f8a15
version bump to 4.4.0
2010-02-15 20:58:41 +01:00
38da64fe12
Detect windows hosts to add specific workarounds.
2010-02-12 10:57:39 +01:00
71baf5a8f0
Adding support for AES GMAC (RFC4543).
2010-02-12 10:57:39 +01:00
2aa553d773
Do not build own authentication data before we've verified others, we need the other identity in EAP
2010-02-09 16:11:07 +01:00
2d07095e01
hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6
2010-02-06 12:34:41 +01:00
dd0b1b9a16
generated hash-and-url files for rfc3779 certs
2010-02-06 11:41:44 +01:00
76fe5500c4
hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6
2010-02-06 11:39:33 +01:00
5094bfd85f
hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
2010-02-05 20:39:13 +01:00
61d7ff0c19
IPv6 fragment and http access are not needed in PSK scenario
2010-02-05 20:27:03 +01:00
699c47a9be
hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
2010-02-05 20:16:26 +01:00
3cc0cc4332
Increased the buffer for netlink responses.
...
If an error occurs while manipulating policies in the kernel, the
original netlink request gets attached to the response.
Prior to Linux 2.6.32 the size in the netlink header of the response was
wrong.
2010-02-05 20:10:54 +01:00
1f2da75069
IPv6 frag netfilter rule not needed anymore
2010-02-05 20:04:01 +01:00
563a177830
hash-and-url avoids IP fragmentation, cert and crl fetch based on IPv6
2010-02-05 19:58:42 +01:00
b917f49684
initialize variables to avoid compiler warning
2010-02-05 12:34:37 +01:00
313a53d4fc
Use destination address of ppp interfaces as nexthop in starters default route lookup
2010-02-05 09:28:31 +01:00
6c9c0baee9
init_fetch() changed to fetch_initialize()
2010-02-05 06:17:02 +01:00
52719d719c
use static IPsec policy netfilter rules in MOBIKE scenarios
2010-02-04 10:05:44 +01:00
8501181925
remove any charon.pid files remaining at the end of each scenario
2010-02-04 08:53:52 +01:00
00eb9267ad
IPSEC_ROUTING_TABLE is now called routing_table
2010-02-03 19:32:50 +01:00
ec37b04732
differentiate between executed and displayed iptables commands
2010-02-03 19:21:55 +01:00
7481f964ae
Use child_updown hook in updown plugin, fixes doubled invocation of down script
2010-02-03 11:07:53 +01:00
0d8bdf24ff
added ikev2/inactivity-timeout scenario
2010-02-03 10:28:30 +01:00
889ff9389b
renamed init_fetch() to fetch_initialize()
2010-02-02 19:44:34 +01:00
41faec0791
Some whitespace and code cleanups concerning the mediation extension.
2010-02-02 15:53:22 +01:00
dc5969242f
Join pluto's fetching thread instead of detaching it in order to avoid that the leak-detective reports a memleak.
2010-02-02 15:23:39 +01:00
b7fd2ea76c
corrected captions
2010-02-01 12:44:44 +01:00
bf1e0df7c5
warn if loaded local certificate is invalid
2010-02-01 12:29:32 +01:00
909c0c3d63
Updated NEWS about per-connection inactivity timeout
2010-01-27 16:08:06 +01:00
8015c91cb9
Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
2010-01-27 16:05:11 +01:00
71da001753
Made inactivity_timeout a per CHILD_SA config option
2010-01-27 15:47:08 +01:00
db05341916
Refactored EAP payload, avoid unaligned word access
2010-01-21 14:43:07 +01:00
23d2bf84a3
Added a METHOD2() macro that implements a method for two different interfaces
2010-01-21 14:42:08 +01:00
47498044c3
Support RADIUS messages up to 4096 bytes, RADIUS EAP-Message fragmentation
2010-01-19 16:47:21 +01:00
7eab4a1be6
Support TLS client authentication Extended Key Usage in x509 generation
2010-01-14 12:00:43 +01:00
776f59f7be
Block the signals before the call to sigwait.
2010-01-12 11:52:03 +01:00
aa9eeb5deb
Support for closing CHILD/IKE_SA if a CHILD_SA is inactive.
2010-01-12 10:23:42 +01:00
bc6ff2fc99
Added strongswan.conf options to configure retransmission timeouts
2010-01-11 16:42:12 +01:00
527f7f9b1c
Added a "double" getter to libstrongswan settings
2010-01-11 16:39:28 +01:00
dbee988e28
Cast unaligned memcpy() args to char*, avoids over-optimization on ARM
...
See http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka3934.html
2010-01-11 15:35:41 +01:00
8fb389b299
added ikev2/rw-eap-sim-only-radius scenario
2010-01-11 11:20:45 +01:00
b979032088
log EAP-only authentication proposal
2010-01-11 11:17:40 +01:00
87eb27681a
send strongSwan Vendor ID in ikev2/alg-sha256-96 scenario
2010-01-11 00:54:33 +01:00
dd37fa8620
pluto and charon are using the same strongSwan Vendor ID
2010-01-11 00:43:46 +01:00
aca9f9ab5a
Added NEWS about mutual EAP-only authentication
2010-01-07 16:16:22 +01:00
34948b9971
EAP-MSCHAPv2 is indeed mutual, but is prone to MITM dictionary attacks
2010-01-07 15:56:11 +01:00
f34702ff3f
Support EAP-only authentication for mutual and key deriving EAP methods
2010-01-07 15:51:30 +01:00
12fca6cc9f
Indicate and dected support for EAP-only authentication
2010-01-07 14:30:28 +01:00
cdad91de49
Added NEWS for the new Vendor ID requirement for private use allocations
2010-01-07 11:14:33 +01:00
023fd8f135
Match to private use algorithms only if we know we are talking to strongSwan
2010-01-07 11:07:53 +01:00
Martin Willi