1312eab036
swanctl: Change syntax of secrets to accept identities with special chars
...
Having identity strings in the settings key is problematic, as the parser can't
handle arbitrary characters in it. Further, the space separation makes it
impossible to define identities with spaces.
The new format uses key prefixes, similar to those used in local/remote auth
sections of connections. The secrets section takes subsections with type
prefixes, and each subsection uses "id" prefixes to define an arbitrary
number of identities.
2014-05-07 15:48:16 +02:00
a2875525ae
swanctl: List local and remote addresses in list-conns
2014-05-07 15:48:16 +02:00
43306afe8e
swanctl: Add a list-pools command to summarize pool status
2014-05-07 15:48:15 +02:00
a77acc183a
swanctl: Add a load-pools command to (re-)load pool configurations from file
2014-05-07 15:48:15 +02:00
4ee33b44df
swanctl: Encode connection "pools" as list items
2014-05-07 15:48:15 +02:00
250c6e3d90
swanctl: Fix enumeration of registered commands if MAX_COMMANDS is hit
2014-05-07 15:48:15 +02:00
7b35c02db4
swanctl: Implement a --log command to trace debugging log
2014-05-07 15:48:15 +02:00
3b22e8e995
swanctl: Add a swanctl.conf template file
2014-05-07 15:48:15 +02:00
2d5c3a0f0f
swanctl: Implement a --list-certs command to print or export daemon certificates
2014-05-07 15:48:15 +02:00
ebe78940aa
swanctl: Be more verbose while loading connections and credentials
2014-05-07 15:48:15 +02:00
51bdc1f3f1
swanctl: Add a list-conns command to query loaded connections
2014-05-07 15:48:14 +02:00
da866234bb
swanctl: Register --version as last command
2014-05-07 15:48:14 +02:00
c1e413db49
swanctl: Support groups, certs and cacerts keywords
2014-05-07 15:48:14 +02:00
818acc8638
swanctl: Load shared secrets from the swanctl.conf secrets section
2014-05-07 15:48:14 +02:00
d622e6da0f
swanctl: Load different private keys with load-creds
2014-05-07 15:48:14 +02:00
2c1511dbf8
swanctl: Add a command to (re-)load credentials
2014-05-07 15:48:14 +02:00
7c8a907895
swanctl: Use a ./configure-able swanctl base directory
2014-05-07 15:48:14 +02:00
991c9b5e77
swanctl: After loading connections, unload those that are not in config anymore
2014-05-07 15:48:14 +02:00
ee599d14ad
swanctl: Implement a load-conn command to load connections from a file
2014-05-07 15:48:13 +02:00
283b0b9e92
swanctl: Implement a list-pols command to query trap/shunt policies
2014-05-07 15:48:13 +02:00
90ae636ccb
swanctl: Implement install/uninstall commands to manage shunt/trap policies
2014-05-07 15:48:13 +02:00
073be3cad4
swanctl: Add a version command to query daemon and OS info
2014-05-07 15:48:13 +02:00
3dc377b37f
swanctl: Add a terminate command
2014-05-07 15:48:13 +02:00
cb1c409b84
swanctl: Add a subcommand to initiate connections by name
2014-05-07 15:48:13 +02:00
86910faeca
swanctl: Add a list-sas command to query active IKE_SAs
2014-05-07 15:48:13 +02:00
e381e69f9b
swanctl: Add a stub for a vici based configuration and control utility
2014-05-07 15:48:10 +02:00
4c56c4621b
libcharon: Execute scripts defined in strongswan.conf during startup/shutdown
2014-05-07 15:47:23 +02:00
954c63a4bc
Merge branch 'vici'
...
Introduces the vici plugin providing a Versatile IKE Configuration Interface
to configure, monitor and control the IKE daemon charon over a stable IPC
socket interface.
2014-05-07 15:12:09 +02:00
4787523cc3
NEWS: Add vici plugin news
2014-05-07 14:13:39 +02:00
1e4ee168c8
vici: Check if header has been received before processing an empty message
...
If do_read() returns with EWOULDBLOCK, we must ensure that we actually have
processed the full length header before checking the zero-initialized buffer
length.
2014-05-07 14:13:39 +02:00
afb7ef4908
vici: Properly filter by CHILD_SA name while undoing start actions
2014-05-07 14:13:39 +02:00
682c9966fa
vici: Fallback to socket listening port if no explicit local port specified
2014-05-07 14:13:39 +02:00
dffd60083d
vici: Support a "mtu" value for the tfc_padding option
2014-05-07 14:13:39 +02:00
5619d40613
vici: Handle the "trap" action as an alias for "route"
2014-05-07 14:13:39 +02:00
e0a34ee459
vici: Document errno values to expect from libvici API
2014-05-07 14:13:39 +02:00
c2b6402eb0
vici: Log owners of a just loaded shared-secret
2014-05-07 14:13:39 +02:00
41745e24f3
vici: Handle "xauth" as an alias for "eap" secrets
2014-05-07 14:13:38 +02:00
bc006ac1f4
vici: Return number of matching and closed SAs in terminate command
2014-05-07 14:13:38 +02:00
021a14b7a4
vici: Complete libvici doxygen comments
2014-05-07 14:13:38 +02:00
374511c52c
vici: Ensure we have no active users before mangling event client registrations
2014-05-07 14:13:38 +02:00
65cc8f5581
vici: Properly skip raise_event() for unknown event names
2014-05-07 14:13:38 +02:00
3a9a46c20f
vici: Increase vici message length header from 16 to 32 bits
...
While we currently have no need for messages larger than 65KB, we should design
the protocol to be future-proof, as we plan to keep at least to lowest protocol
layer stable.
To avoid any allocation issues, we currently keep the message size limit at
512KB.
2014-05-07 14:13:38 +02:00
7dbf9e1574
vici: Document strongswan.conf options
2014-05-07 14:13:38 +02:00
f3e1ec4a85
vici: Have an explicit "relaxed" keyword for the default revocation policy
2014-05-07 14:13:38 +02:00
585814470d
vici: Use a default child rekey time of 1 hour
2014-05-07 14:13:38 +02:00
046befeca5
vici: Use a default IKE rekey time of 4 hours
2014-05-07 14:13:38 +02:00
ff3217db4b
vici: Add low-level IPC protocol description
2014-05-07 14:13:38 +02:00
c193732162
vici: Fix descending into non-matching sections during key find
2014-05-07 14:13:38 +02:00
eacf864c21
vici: Add an IKE virtual IP and attribute backend
2014-05-07 14:13:38 +02:00
afb8f492ef
vici: Support referencing external named pools for peer configs
2014-05-07 14:13:37 +02:00
Martin Willi