Martin Willi
1312eab036
swanctl: Change syntax of secrets to accept identities with special chars
...
Having identity strings in the settings key is problematic, as the parser can't
handle arbitrary characters in it. Further, the space separation makes it
impossible to define identities with spaces.
The new format uses key prefixes, similar to those used in local/remote auth
sections of connections. The secrets section takes subsections with type
prefixes, and each subsection uses "id" prefixes to define an arbitrary
number of identities.
2014-05-07 15:48:16 +02:00
Martin Willi
a2875525ae
swanctl: List local and remote addresses in list-conns
2014-05-07 15:48:16 +02:00
Martin Willi
43306afe8e
swanctl: Add a list-pools command to summarize pool status
2014-05-07 15:48:15 +02:00
Martin Willi
a77acc183a
swanctl: Add a load-pools command to (re-)load pool configurations from file
2014-05-07 15:48:15 +02:00
Martin Willi
4ee33b44df
swanctl: Encode connection "pools" as list items
2014-05-07 15:48:15 +02:00
Martin Willi
250c6e3d90
swanctl: Fix enumeration of registered commands if MAX_COMMANDS is hit
2014-05-07 15:48:15 +02:00
Martin Willi
7b35c02db4
swanctl: Implement a --log command to trace debugging log
2014-05-07 15:48:15 +02:00
Martin Willi
3b22e8e995
swanctl: Add a swanctl.conf template file
2014-05-07 15:48:15 +02:00
Martin Willi
2d5c3a0f0f
swanctl: Implement a --list-certs command to print or export daemon certificates
2014-05-07 15:48:15 +02:00
Martin Willi
ebe78940aa
swanctl: Be more verbose while loading connections and credentials
2014-05-07 15:48:15 +02:00
Martin Willi
51bdc1f3f1
swanctl: Add a list-conns command to query loaded connections
2014-05-07 15:48:14 +02:00
Martin Willi
da866234bb
swanctl: Register --version as last command
2014-05-07 15:48:14 +02:00
Martin Willi
c1e413db49
swanctl: Support groups, certs and cacerts keywords
2014-05-07 15:48:14 +02:00
Martin Willi
818acc8638
swanctl: Load shared secrets from the swanctl.conf secrets section
2014-05-07 15:48:14 +02:00
Martin Willi
d622e6da0f
swanctl: Load different private keys with load-creds
2014-05-07 15:48:14 +02:00
Martin Willi
2c1511dbf8
swanctl: Add a command to (re-)load credentials
2014-05-07 15:48:14 +02:00
Martin Willi
7c8a907895
swanctl: Use a ./configure-able swanctl base directory
2014-05-07 15:48:14 +02:00
Martin Willi
991c9b5e77
swanctl: After loading connections, unload those that are not in config anymore
2014-05-07 15:48:14 +02:00
Martin Willi
ee599d14ad
swanctl: Implement a load-conn command to load connections from a file
2014-05-07 15:48:13 +02:00
Martin Willi
283b0b9e92
swanctl: Implement a list-pols command to query trap/shunt policies
2014-05-07 15:48:13 +02:00
Martin Willi
90ae636ccb
swanctl: Implement install/uninstall commands to manage shunt/trap policies
2014-05-07 15:48:13 +02:00
Martin Willi
073be3cad4
swanctl: Add a version command to query daemon and OS info
2014-05-07 15:48:13 +02:00
Martin Willi
3dc377b37f
swanctl: Add a terminate command
2014-05-07 15:48:13 +02:00
Martin Willi
cb1c409b84
swanctl: Add a subcommand to initiate connections by name
2014-05-07 15:48:13 +02:00
Martin Willi
86910faeca
swanctl: Add a list-sas command to query active IKE_SAs
2014-05-07 15:48:13 +02:00
Martin Willi
e381e69f9b
swanctl: Add a stub for a vici based configuration and control utility
2014-05-07 15:48:10 +02:00
Martin Willi
4c56c4621b
libcharon: Execute scripts defined in strongswan.conf during startup/shutdown
2014-05-07 15:47:23 +02:00
Martin Willi
954c63a4bc
Merge branch 'vici'
...
Introduces the vici plugin providing a Versatile IKE Configuration Interface
to configure, monitor and control the IKE daemon charon over a stable IPC
socket interface.
2014-05-07 15:12:09 +02:00
Martin Willi
4787523cc3
NEWS: Add vici plugin news
2014-05-07 14:13:39 +02:00
Martin Willi
1e4ee168c8
vici: Check if header has been received before processing an empty message
...
If do_read() returns with EWOULDBLOCK, we must ensure that we actually have
processed the full length header before checking the zero-initialized buffer
length.
2014-05-07 14:13:39 +02:00
Martin Willi
afb7ef4908
vici: Properly filter by CHILD_SA name while undoing start actions
2014-05-07 14:13:39 +02:00
Martin Willi
682c9966fa
vici: Fallback to socket listening port if no explicit local port specified
2014-05-07 14:13:39 +02:00
Martin Willi
dffd60083d
vici: Support a "mtu" value for the tfc_padding option
2014-05-07 14:13:39 +02:00
Martin Willi
5619d40613
vici: Handle the "trap" action as an alias for "route"
2014-05-07 14:13:39 +02:00
Martin Willi
e0a34ee459
vici: Document errno values to expect from libvici API
2014-05-07 14:13:39 +02:00
Martin Willi
c2b6402eb0
vici: Log owners of a just loaded shared-secret
2014-05-07 14:13:39 +02:00
Martin Willi
41745e24f3
vici: Handle "xauth" as an alias for "eap" secrets
2014-05-07 14:13:38 +02:00
Martin Willi
bc006ac1f4
vici: Return number of matching and closed SAs in terminate command
2014-05-07 14:13:38 +02:00
Martin Willi
021a14b7a4
vici: Complete libvici doxygen comments
2014-05-07 14:13:38 +02:00
Martin Willi
374511c52c
vici: Ensure we have no active users before mangling event client registrations
2014-05-07 14:13:38 +02:00
Martin Willi
65cc8f5581
vici: Properly skip raise_event() for unknown event names
2014-05-07 14:13:38 +02:00
Martin Willi
3a9a46c20f
vici: Increase vici message length header from 16 to 32 bits
...
While we currently have no need for messages larger than 65KB, we should design
the protocol to be future-proof, as we plan to keep at least to lowest protocol
layer stable.
To avoid any allocation issues, we currently keep the message size limit at
512KB.
2014-05-07 14:13:38 +02:00
Martin Willi
7dbf9e1574
vici: Document strongswan.conf options
2014-05-07 14:13:38 +02:00
Martin Willi
f3e1ec4a85
vici: Have an explicit "relaxed" keyword for the default revocation policy
2014-05-07 14:13:38 +02:00
Martin Willi
585814470d
vici: Use a default child rekey time of 1 hour
2014-05-07 14:13:38 +02:00
Martin Willi
046befeca5
vici: Use a default IKE rekey time of 4 hours
2014-05-07 14:13:38 +02:00
Martin Willi
ff3217db4b
vici: Add low-level IPC protocol description
2014-05-07 14:13:38 +02:00
Martin Willi
c193732162
vici: Fix descending into non-matching sections during key find
2014-05-07 14:13:38 +02:00
Martin Willi
eacf864c21
vici: Add an IKE virtual IP and attribute backend
2014-05-07 14:13:38 +02:00
Martin Willi
afb8f492ef
vici: Support referencing external named pools for peer configs
2014-05-07 14:13:37 +02:00