Tobias Brunner
|
598bec78fa
|
socket-default: Add options to disable address families
|
2013-07-05 09:48:27 +02:00 |
Tobias Brunner
|
b7b5432ff8
|
stroke: Changed how proto/port are specified in left|rightsubnet
Using a colon as separator conflicts with IPv6 addresses.
|
2013-06-28 15:10:09 +02:00 |
Tobias Brunner
|
68b7448eab
|
capabilities: Make the user and group charon(-nm) changes to configurable
|
2013-06-25 17:16:33 +02:00 |
Andreas Steffen
|
adf8a05a3d
|
Removed obsoleted strongswan.conf options
|
2013-06-21 23:25:24 +02:00 |
Tobias Brunner
|
4d62ad7571
|
charon-cmd: Link strongswan.conf(5) and charon-cmd(8) man pages
|
2013-06-21 16:35:19 +02:00 |
Martin Willi
|
24df067810
|
man: update ipsec.conf.5, describing new proto/port definition within leftsubnet
|
2013-06-19 16:36:01 +02:00 |
Tobias Brunner
|
7971278c92
|
stroke: Load credentials from PKCS#12 files (P12 token)
|
2013-05-08 15:02:41 +02:00 |
Tobias Brunner
|
87692be215
|
Load any type (RSA/ECDSA) of public key via left|rightsigkey
|
2013-05-07 17:08:31 +02:00 |
Tobias Brunner
|
fa1d3d39dc
|
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
|
2013-05-07 15:38:28 +02:00 |
Martin Willi
|
0be946dce3
|
Use the GEN silent rule when generating files with sed
|
2013-05-06 15:04:56 +02:00 |
Tobias Brunner
|
37873f9994
|
kernel-netlink: Add an option to disable roam events
|
2013-05-03 15:11:19 +02:00 |
Andreas Steffen
|
6b99da026c
|
added libstrongswan.plugins.openssl.fips_mode to man page
|
2013-04-16 13:44:06 +02:00 |
Andreas Steffen
|
654c88bca8
|
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
|
2013-04-14 19:57:49 +02:00 |
Andreas Steffen
|
1044710b04
|
implemented periodic IF-MAP RenewSession request
|
2013-04-03 21:38:04 +02:00 |
Tobias Brunner
|
96ad2b17b0
|
Updated strongswan.conf(5) man page
|
2013-04-01 16:56:47 +02:00 |
Andreas Steffen
|
0cf4dc53c7
|
updated strongswan.conf man page for tn_ifmap plugin
|
2013-03-31 19:05:53 +02:00 |
Martin Willi
|
e82deaf6ce
|
Merge branch 'multi-cert'
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
|
2013-03-01 11:35:32 +01:00 |
Martin Willi
|
a36b49f3cb
|
Merge branch 'opaque-ports'
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
|
2013-03-01 11:27:12 +01:00 |
Martin Willi
|
0abeac3a0b
|
Document ipsec.conf leftprotoport extensions in manpage
|
2013-02-21 11:52:33 +01:00 |
Andreas Steffen
|
f2145c8d3a
|
Moved configuration from resolver manager to unbound plugin
Also streamlined log messages in unbound plugin.
|
2013-02-19 12:25:00 +01:00 |
Reto Guadagnini
|
932717fbde
|
ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf
|
2013-02-19 12:25:00 +01:00 |
Martin Willi
|
e212033ef2
|
Merge branch 'ike-dscp'
|
2013-02-14 17:11:35 +01:00 |
Martin Willi
|
88f4cd3988
|
Add ikedscp documentation to ipsec.conf.5
|
2013-02-06 15:42:14 +01:00 |
Tobias Brunner
|
9d9410e7b9
|
Typo in strongswan.conf(5) man page fixed
|
2013-01-31 11:52:11 +01:00 |
Tobias Brunner
|
c186b3940a
|
Documented new options in strongswan.conf(5) man page
|
2013-01-25 20:22:20 +01:00 |
Martin Willi
|
11a7abf554
|
Add ipsec.conf.5 updates regarding multiple certificates in leftcert
|
2013-01-18 09:33:15 +01:00 |
Tobias Brunner
|
ee6902ef7f
|
Added an option to configure the maximum size of a fragment
|
2013-01-12 11:54:58 +01:00 |
Tobias Brunner
|
365d9a6f67
|
Added an option that allows to force IKEv1 fragmentation
|
2013-01-12 11:54:32 +01:00 |
Tobias Brunner
|
97973f8609
|
Use a connection specific option to en-/disable IKEv1 fragmentation
|
2012-12-24 13:00:01 +01:00 |
Tobias Brunner
|
2f62bb1549
|
Add an option to en-/disable IKE fragmentation
Fragments are always accepted but will not be sent if disabled. The
vendor ID is only sent if the option is enabled.
|
2012-12-24 12:29:31 +01:00 |
Andreas Steffen
|
133fb74841
|
add dlcose strongswan.conf option to tnc-imc/tnc-imv plugins
|
2012-12-09 19:40:13 +01:00 |
Andreas Steffen
|
742722e2f5
|
updated strongswan.conf man page
|
2012-11-12 10:45:38 +01:00 |
Andreas Steffen
|
ffd3556bad
|
scanner imc/imv pair uses IETF VPN PA-TNC message subtype
|
2012-10-31 21:58:21 +01:00 |
Tobias Brunner
|
3689f0f6cc
|
FQDNs are actually not resolved when loading secrets
|
2012-10-29 10:06:43 +01:00 |
Tobias Brunner
|
2380f3a830
|
Added documentation for NTLM secrets
|
2012-10-25 09:51:47 +02:00 |
Martin Willi
|
cd844e1c97
|
Remove obsolete pluto smartcard syntax in ipsec.secrets.5
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
f6d8fb3687
|
Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcards
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
05e266ea9d
|
Add leftcert ipsec.conf.5 documentation about smartcard certificates
|
2012-10-24 13:07:53 +02:00 |
Martin Willi
|
5b2e669ba2
|
Add ipsec.conf.5 documentation for explicit PRFs in IKE proposals
|
2012-10-24 11:49:37 +02:00 |
Tobias Brunner
|
3c4d383443
|
Added an option to reload certificates from PKCS#11 tokens on SIGHUP
|
2012-10-18 14:42:09 +02:00 |
Tobias Brunner
|
b4f6c39e55
|
Terminate unused resolver threads after a timeout
|
2012-10-18 12:26:00 +02:00 |
Andreas Steffen
|
6ab1502519
|
implemented os_info_t class
|
2012-10-10 21:54:21 +02:00 |
Tobias Brunner
|
358104a47f
|
Added description for flush_auth_cfg and acct_port plus some minor editorial changes
|
2012-09-25 12:22:05 +02:00 |
Tobias Brunner
|
31990a19cc
|
Documentation about some time values clarified
|
2012-09-24 16:02:03 +02:00 |
Tobias Brunner
|
e8e9048fee
|
Added an option to configure the interface on which virtual IP addresses are installed
|
2012-09-21 18:16:26 +02:00 |
Tobias Brunner
|
9513225e6b
|
Added options and a lookup function that will allow filtering of network interfaces
|
2012-09-21 18:16:26 +02:00 |
Martin Willi
|
55f126fd55
|
Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with Unity
|
2012-09-18 17:17:48 +02:00 |
Tobias Brunner
|
b7a500e985
|
Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>
|
2012-09-18 14:40:41 +02:00 |
Tobias Brunner
|
bc6ec4de73
|
Option added to enforce a configured destination address for DHCP packets
|
2012-09-13 10:59:24 +02:00 |
Tobias Brunner
|
629cdca82c
|
Updates to strongswan.conf(5) man page (added several missing options)
|
2012-09-12 16:53:45 +02:00 |