Tobias Brunner
8bbc7ca710
* allow to load templates from arbitrary places
...
* changed implementation of guest?/iface?
2008-08-28 08:05:07 +00:00
Tobias Brunner
6c20579a43
mkdir_p: utility function to create a directory and all required parent directories
2008-08-28 07:47:55 +00:00
Martin Willi
ee210ca353
check user account validity after PAM authentication
2008-08-27 13:48:54 +00:00
Andreas Steffen
a9bb69c8a8
version bump to 4.2.7
2008-08-27 12:01:57 +00:00
Tobias Brunner
ca4f63383c
* guest#running?
...
* guest?, iface? (also Guest.include? resp. guest.include?)
* easy accessors for guests and ifaces (Guest.sun instead of Guest["sun"] and guest.eth0 instead of guest["eth0"])
* if a block is given for iface#add or iface#del then the change is only temporary while executing the block and gets reverted afterwards
2008-08-27 07:35:20 +00:00
Andreas Steffen
a44d02627f
cosmetics
2008-08-26 19:54:47 +00:00
Andreas Steffen
41dc6b56b0
ipsec statusall lists eap_type and eap_identity
2008-08-26 19:45:44 +00:00
Martin Willi
281dd55891
using strongSwan, not NetworkManager version number
2008-08-26 14:27:53 +00:00
Martin Willi
be49236373
fixing charon path for now for ubuntu package
2008-08-26 14:27:12 +00:00
Andreas Steffen
919019b3cd
completed support of AUTHZ_CA_CERT and AUTHZ_CA_CERT_NAME attributes
2008-08-26 05:15:34 +00:00
Andreas Steffen
3c87e92695
list CA restrictions in ipsec statusall
2008-08-25 12:35:18 +00:00
Martin Willi
f6ecd44fc6
added NM gnome plugin to distribution
2008-08-25 08:21:51 +00:00
Martin Willi
c1ee908e4c
removed generated Makefile.in.in from svn
2008-08-25 08:15:57 +00:00
Martin Willi
a88aae3df6
enforce DN of configured gateway certificate
2008-08-25 07:50:21 +00:00
Martin Willi
7945c90adb
new EAP-Identity handling uses ID_EAP in plugins
2008-08-25 07:49:48 +00:00
Martin Willi
1a109c9fc6
disabled PSK option until we have a way to enforce strong secrets
2008-08-25 07:48:11 +00:00
Martin Willi
1995f79f10
use username part of RFC822 IDs for PAM authentication
2008-08-25 07:47:16 +00:00
Martin Willi
822901061b
ported parts of two-sim branch
...
eap_identity parameter to exchange in eap_identity
some auth_info/peer_cfg refactorings
fixed some bugs, introduced new ones
2008-08-22 10:44:51 +00:00
Martin Willi
7c112a12c0
run guests with some niceness
2008-08-22 08:37:15 +00:00
Martin Willi
5ba7efb083
pool names are unique
2008-08-22 07:38:59 +00:00
Martin Willi
3e45b3a1ad
do not return IPv6 src addresses for IPv4 destinations
2008-08-21 15:17:45 +00:00
Martin Willi
b848f0377c
fixed EAP-GTC secret lookup
...
improved error logging
PAM authentication needs CAP_AUDIT_WRITE capability
2008-08-21 14:40:03 +00:00
Martin Willi
1caa265c61
a (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM
2008-08-21 12:10:07 +00:00
Andreas Steffen
dc6a2edd0d
corrected caption
2008-08-21 11:58:58 +00:00
Andreas Steffen
5cd07d18a3
charon.process_route = no does not process RTM_NEWROUTE and RTM_DELROUTE events. Useful for taking down hundreds of virtual IPs on the same host
2008-08-21 11:55:16 +00:00
Martin Willi
2d6559b107
added sqlite busy handler: retries on locking conflicts
2008-08-21 09:25:06 +00:00
Martin Willi
02e907fe66
avoid too many alloca()s in netlink send, problematic on MIPS
2008-08-21 07:55:16 +00:00
Martin Willi
bdbf3c49fc
some string fixes
2008-08-20 13:59:37 +00:00
Martin Willi
6368a58ffc
added missing tooltip
2008-08-20 12:02:53 +00:00
Martin Willi
1b9f6c2410
handle DBUS permission problems gracefully
2008-08-20 11:44:47 +00:00
Martin Willi
142eaea43c
fixed shared key lookup by ID
...
proper auth method selection
2008-08-20 08:51:18 +00:00
Martin Willi
592dc30108
fixed auth-dialog password flush
2008-08-20 08:49:47 +00:00
Andreas Steffen
af165431d2
fixed libstrongswan integrity test
2008-08-19 18:51:30 +00:00
Martin Willi
ec24987164
certificate based gateway authentication
...
prototype PSK user authentication with auth-dialog
2008-08-19 15:19:45 +00:00
Martin Willi
62556b2b45
updated nm plugin to NetworkManager API changes
2008-08-18 11:59:19 +00:00
Martin Willi
475814ce5f
roam jobs for routing table changes not fired for virtual IP routes
2008-08-18 11:07:26 +00:00
Andreas Steffen
7cdf728586
do not fire a roam job when virtual IP is deleted
2008-08-15 19:15:52 +00:00
Andreas Steffen
26fd3f0057
temporary workaround to prevent roam jobs due to virtual IP installations
2008-08-11 19:04:48 +00:00
Andreas Steffen
9f1ec81290
corrected typo
2008-08-11 18:40:22 +00:00
Tobias Brunner
e5d6f165fc
* ruby extension extracted from irdumm
...
* guests do not shutdown anymore on SIGINT in irb
2008-08-07 14:56:54 +00:00
Tobias Brunner
f753e03ab8
added missing cleanup on failure
2008-08-06 07:31:26 +00:00
Andreas Steffen
342c84ddec
initiator sends contents of rightca= if present as a certificate request without searching for further CA certificates
2008-08-05 09:05:57 +00:00
Andreas Steffen
ea36a1f159
fixed improper TAILQ fix which caused pluto to segfault
2008-08-03 18:01:21 +00:00
Andreas Steffen
619998b3ac
corrected caption
2008-08-01 12:59:08 +00:00
Andreas Steffen
7ebac6728b
Redhat/Fedora requires var/lock/subsys/ipsec for runlevel changes
2008-08-01 12:04:35 +00:00
Andreas Steffen
573fd9ce03
ipsec starter gives the charon daemon 8s to terminate gracefully before killing the process brutally
2008-08-01 10:35:59 +00:00
Andreas Steffen
181abd3fdd
fixed the close_peerlog() bug causing ipsec pluto --help to segfault
2008-08-01 10:12:33 +00:00
Martin Willi
39c0ae3780
configuration plugin for NetworkManager
2008-07-31 15:07:52 +00:00
Martin Willi
092a9b88ad
added options for virtual IP, UDP encapsulation, IPComp
...
proper handling of libstrongswan/glib TRUE/FALSE conflict
2008-07-31 14:32:11 +00:00
Tobias Brunner
5e9346ed92
exec on a guest now returns the return value of the executed process
2008-07-31 12:59:59 +00:00