bb49dfb02e
man: strongswan.conf(5) updated
2013-10-29 11:45:25 +01:00
6956061197
ipsec.conf.5: Note about ICMP[v6] message type/code added
2013-10-17 16:57:39 +02:00
6ecf1aab35
unbound: Add support for DLV (DNSSEC Lookaside Validation)
...
Fixes #392 .
2013-10-11 15:45:25 +02:00
eeb34af069
kernel-libipsec: Add an option to allow remote TS to match the IKE peer
...
Setting the fwmark options for the kernel-netlink and socket-default
plugins allow this kind of setup.
It is probably required to set net.ipv4.conf.all.rp_filter to 2 to make
it work.
2013-10-11 15:32:44 +02:00
80f8b3a6d8
socket-default: Allow setting firewall mark on outbound packets
2013-10-11 15:32:44 +02:00
51fefe4606
kernel-netlink: Allow setting firewall marks on routing rule
2013-10-11 15:32:44 +02:00
5fdbb3c6ad
ipsec.conf: Add a description for the new 'ah' keyword.
2013-10-11 10:15:22 +02:00
3e3db3743e
xauth-pam: Make trimming of email addresses optional
...
Fixes #430 .
2013-10-04 10:49:54 +02:00
255b9dac5d
kernel-netlink: Allow to override xfrm_acq_expires value
...
When using auto=route, current xfrm_acq_expires default value
implies that tunnel can be down for up to 165 seconds, if
other peer rejected first IKE request with an AUTH_FAILED or
NO_PROPOSAL_CHOSEN error message. These error messages are
completely normal in setups where another application
pushes configuration to both strongSwans without waiting
for acknowledgment that they have updated their configurations.
This patch allows strongswan to override xfrm_acq_expires default
value by setting charon.plugins.kernel-netlink.xfrm_acq_expires in
strongswan.conf.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
2013-09-23 10:45:14 +02:00
b07aee496a
strongswan.conf: Use configured piddir for UNIX sockets
2013-09-13 14:32:51 +02:00
8250fc10e8
Build generated man pages via configure script
2013-09-13 14:32:51 +02:00
ae32172619
Make SWID directory where tags are stored configurable
2013-09-05 12:25:02 +02:00
6301ec0ac5
man: add support for multiple addresses/ranges/subnets in ipsec.conf left=
2013-09-04 10:38:37 +02:00
16149401e9
man: update ipsec.conf modeconfig keyword
2013-09-04 10:33:38 +02:00
0d9e375193
Selectively enable PT-TLS and/or RADIUS sockets in tnc-pdp plugin
2013-08-26 20:36:07 +02:00
12b3db5006
moved tnc_imv plugin to libtnccs thanks to recommendation callback function
2013-08-15 23:34:22 +02:00
9d8c28e2f5
Documented plugin move from libcharon to libtnccs in strongswan.conf
2013-08-15 23:34:22 +02:00
f5b5d262e8
Add PT-TLS interface to strongSwan PDP
2013-08-15 23:34:22 +02:00
e99cfe5f20
strongswan.conf: Add note about reserved threads
2013-08-07 09:06:01 +02:00
3021139f6f
strongswan.conf: Moved some stuff around
2013-07-23 12:23:05 +02:00
2ed8b36a8a
strongswan.conf: Add missing options
2013-07-22 17:46:41 +02:00
0ceb288815
Fix various API doc issues and typos
...
Partially based on an old patch by Adrian-Ken Rueegsegger.
2013-07-18 18:30:36 +02:00
b2dfa0624d
ipsec.conf.5: closeaction is now supported for IKEv1
2013-07-17 18:18:57 +02:00
baa6419ec1
kernel-pfroute: Make time that is waited for VIPs to appear configurable
...
One second might be too short for IPs to appear/disappear, especially on
virtualized hosts.
2013-07-17 17:45:17 +02:00
598bec78fa
socket-default: Add options to disable address families
2013-07-05 09:48:27 +02:00
b7b5432ff8
stroke: Changed how proto/port are specified in left|rightsubnet
...
Using a colon as separator conflicts with IPv6 addresses.
2013-06-28 15:10:09 +02:00
68b7448eab
capabilities: Make the user and group charon(-nm) changes to configurable
2013-06-25 17:16:33 +02:00
adf8a05a3d
Removed obsoleted strongswan.conf options
2013-06-21 23:25:24 +02:00
4d62ad7571
charon-cmd: Link strongswan.conf(5) and charon-cmd(8) man pages
2013-06-21 16:35:19 +02:00
24df067810
man: update ipsec.conf.5, describing new proto/port definition within leftsubnet
2013-06-19 16:36:01 +02:00
7971278c92
stroke: Load credentials from PKCS#12 files (P12 token)
2013-05-08 15:02:41 +02:00
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
fa1d3d39dc
left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly
...
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
2013-05-07 15:38:28 +02:00
0be946dce3
Use the GEN silent rule when generating files with sed
2013-05-06 15:04:56 +02:00
37873f9994
kernel-netlink: Add an option to disable roam events
2013-05-03 15:11:19 +02:00
6b99da026c
added libstrongswan.plugins.openssl.fips_mode to man page
2013-04-16 13:44:06 +02:00
654c88bca8
Added charon.initiator_only option which causes charon to ignore IKE initiation requests by peers
2013-04-14 19:57:49 +02:00
1044710b04
implemented periodic IF-MAP RenewSession request
2013-04-03 21:38:04 +02:00
96ad2b17b0
Updated strongswan.conf(5) man page
2013-04-01 16:56:47 +02:00
0cf4dc53c7
updated strongswan.conf man page for tn_ifmap plugin
2013-03-31 19:05:53 +02:00
e82deaf6ce
Merge branch 'multi-cert'
...
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
2013-03-01 11:35:32 +01:00
a36b49f3cb
Merge branch 'opaque-ports'
...
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
2013-03-01 11:27:12 +01:00
0abeac3a0b
Document ipsec.conf leftprotoport extensions in manpage
2013-02-21 11:52:33 +01:00
f2145c8d3a
Moved configuration from resolver manager to unbound plugin
...
Also streamlined log messages in unbound plugin.
2013-02-19 12:25:00 +01:00
932717fbde
ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.conf
2013-02-19 12:25:00 +01:00
e212033ef2
Merge branch 'ike-dscp'
2013-02-14 17:11:35 +01:00
88f4cd3988
Add ikedscp documentation to ipsec.conf.5
2013-02-06 15:42:14 +01:00
9d9410e7b9
Typo in strongswan.conf(5) man page fixed
2013-01-31 11:52:11 +01:00
c186b3940a
Documented new options in strongswan.conf(5) man page
2013-01-25 20:22:20 +01:00
11a7abf554
Add ipsec.conf.5 updates regarding multiple certificates in leftcert
2013-01-18 09:33:15 +01:00
Tobias Brunner