Andreas Steffen
b1df631212
vici list-conns sends reauthentication and rekeying time information
2016-05-04 18:13:52 +02:00
Cameron McCord
be41d5cba2
vici: Fix documentation of some dictionary keys of two request messages
...
Closes strongswan/strongswan#40 .
2016-03-31 11:26:44 +02:00
Tobias Brunner
27074f3155
vici: Match subnets and ranges against peer IP in redirect command
2016-03-04 16:03:00 +01:00
Tobias Brunner
bef4518de7
vici: Match identity with wildcards against remote ID in redirect command
2016-03-04 16:02:59 +01:00
Tobias Brunner
43b46b26ea
vici: Add redirect command
...
This allows redirecting IKE_SAs by multiple different selectors, if none
are given all SAs are redirected.
2016-03-04 16:02:59 +01:00
Tobias Brunner
35d0b8b152
vici: Provide ports of local and remote IKE endpoints
2016-03-03 17:13:35 +01:00
Tobias Brunner
fedb16236c
vici: Correctly document 'up' key for updown events
...
Instead of sending 'no' it is omitted when an SA goes down.
2016-03-01 11:05:34 +01:00
Andreas Steffen
4c38c79452
vici: list-cert sends subject, not-before and not-after attributes for pubkeys
2016-01-09 07:23:30 +01:00
Andreas Steffen
02d431022c
Refactored certificate management for the vici and stroke interfaces
2015-12-12 00:19:24 +01:00
Martin Willi
1a8a420c1c
vici: Fix documentation about the initiate/terminate timeout
2015-12-07 10:28:45 +01:00
Martin Willi
eaca77d03e
vici: Honor an optionally passed IKE configuration name in initiate/install
...
If two IKE configurations have CHILD configurations with the same name,
we have no control about the CHILD_SA that actually gets controlled. The
new "ike" parameter specifies the peer config name to find the "child" config
under.
2015-12-07 10:28:45 +01:00
Martin Willi
5e79ae2d65
vici: Support completely asynchronous initiating and termination
...
In some situations the vici client is not interested in waiting for a
timeout at all, so don't register a logging callback if the timeout argument
is negative.
2015-12-07 10:28:45 +01:00
Andreas Steffen
a17b6d469c
Built the CPAN file structure for the Vici::Session perl module
2015-12-01 14:52:43 +01:00
Tobias Brunner
de34defcd0
vici: Add get-algorithms command to query loaded algorithms and implementations
2015-11-30 10:55:55 +01:00
Tobias Brunner
f4641f9e45
vici: Add option to query leases of pools
...
We could later perhaps add filter parameters similar to those of the
`ipsec leases` command (pool name/virtual IP).
2015-11-10 10:43:25 +01:00
Tobias Brunner
bdb8b76515
vici: Return local and remote virtual IPs when listing SAs
2015-11-10 10:43:24 +01:00
Tobias Brunner
04f22cdabc
vici: Add NAT information when listing IKE_SAs
...
The `nat-local` and `nat-remote` keys contain information on the NAT
status of the local and remote IKE endpoints, respectively. If a
responder did not detect a NAT but is configured to fake a NAT situation
this is indicated by `nat-fake` (if an initiator fakes a NAT situation
`nat-local` is set). If any NAT is detected or faked `nat-any` is set.
Closes strongswan/strongswan#16 .
2015-11-09 11:55:51 +01:00
Tobias Brunner
256e666d22
vici: Optionally check limits when initiating connections
...
If the init-limits parameter is set (disabled by default) init limits
will be checked and might prevent new SAs from getting initiated.
2015-08-21 18:21:13 +02:00
Tobias Brunner
65ac0851c0
vici: Add ike/child-rekey events
2015-08-17 11:12:17 +02:00
Tobias Brunner
7f21363ee5
vici: Document the ike/child-updown events
2015-08-17 11:12:17 +02:00
Andreas Steffen
63d370387d
vici: Certification Authority support added.
...
CDP and OCSP URIs for a one or multiple certification authorities
can be added via the VICI interface. swanctl allows to read
definitions from a new authorities section.
2015-07-21 13:02:30 +02:00
Martin Willi
90c5b48c96
vici: Catch Python GeneratorExit to properly cancel streamed event iteration
2015-03-18 13:59:14 +01:00
Martin Willi
a47e431ba9
vici: Return a Python generator instead of a list for streamed responses
...
In addition that it may reduce memory usage and improve performance for large
responses, it returns immediate results. This is important for longer lasting
commands, such as initiate/terminate, where immediate log feedback is preferable
when interactively calling such commands.
2015-03-18 13:59:14 +01:00
Martin Willi
871cffa141
vici: Add initial Python egg documentation to README
2015-03-18 13:59:14 +01:00
Martin Willi
fb8b119cfa
vici: Use default Unix vici socket if none passed to ruby constructor
...
While we currently have a static path instead of one generated with Autotools,
this at least is congruent to what we have in the Python library.
2015-03-18 13:59:14 +01:00
Martin Willi
adc1885bf7
vici: Include the CHILD_SA unique ID in list-sa event
2015-02-20 13:34:50 +01:00
Martin Willi
96df0a0ebd
vici: Fix README example encoding element type values, off by one
...
While we fixed the wrong values in the description with d39e04b5
, the example
values are still off by one.
Fixes #828 .
2015-01-21 09:31:24 +01:00
Martin Willi
6f55149335
vici: Document the ruby gem and add some simple examples
2014-10-10 11:42:18 +02:00
Martin Willi
dccb2c6eba
vici: Add some simple libvici examples to the README
2014-10-10 11:42:18 +02:00
Martin Willi
56f17733c9
vici: Document the available vici command and event messages
2014-10-10 11:42:18 +02:00
Martin Willi
d39e04b557
vici: Fix message encoding type values in documentation
2014-10-10 11:42:17 +02:00
Tobias Brunner
ed01c1afff
Fixed some typos
2014-06-30 13:16:16 +02:00
Martin Willi
3a9a46c20f
vici: Increase vici message length header from 16 to 32 bits
...
While we currently have no need for messages larger than 65KB, we should design
the protocol to be future-proof, as we plan to keep at least to lowest protocol
layer stable.
To avoid any allocation issues, we currently keep the message size limit at
512KB.
2014-05-07 14:13:38 +02:00
Martin Willi
ff3217db4b
vici: Add low-level IPC protocol description
2014-05-07 14:13:38 +02:00