Martin Willi
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
Martin Willi
d109b48968
added support for leftprotoport and rightprotoport
2006-07-05 13:13:07 +00:00
Martin Willi
3dd3c5f39e
redesigned IKE_SA using a transaction mechanism:
...
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
2006-07-05 10:53:20 +00:00
Martin Willi
1135f79898
fixed memleak when initiating a connection already up
2006-07-04 13:29:16 +00:00
Andreas Steffen
971218c3ae
support of cert payloads
2006-07-03 06:27:45 +00:00
Andreas Steffen
6f74bfd6ac
added X.509 trust chain verification
2006-06-27 08:48:28 +00:00
Martin Willi
1396815afb
first merge of NATT code
2006-06-22 06:36:28 +00:00
Martin Willi
aed58dcc93
readded local_credential_store
...
added sendcert policy to connection
some other cleanups
2006-06-20 08:43:57 +00:00
Andreas Steffen
21b433c641
implemented rereadcrls rereadcacerts
2006-06-20 06:05:01 +00:00
Andreas Steffen
d92cca4a72
added listcrls
2006-06-16 05:55:02 +00:00
Martin Willi
c095388f7f
added support for "ike" and "esp" keywords
...
fixed bugs in proposal code
algorithm selection for charon works now with ipsec.conf
a lot of other fixes
2006-06-15 11:09:11 +00:00
Andreas Steffen
5347233204
support for stroke listcerts|listcacerts|listall and left|rightca=
2006-06-12 08:43:46 +00:00
Martin Willi
a2a3fb3e25
workaround for peers rekeying at the same time
...
loading lifetime policies from ipsec.conf
2006-06-12 07:33:20 +00:00
Martin Willi
5c131a016b
specifying keysize in bits, as it is required in IKEv2
...
added generic kernel SA algorithm handling, which brings us:
aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs
2006-06-09 07:31:30 +00:00
Andreas Steffen
b7f9ca5837
added support for leftsendcert= and left|rightca= parameters
2006-06-09 05:50:41 +00:00
Martin Willi
5238c9afef
fixed compile warnings when using -Wall
...
further CHILD_SA rekeying work done:
creation of a new CHILD_SA on a expire from a kernel works
delete of old CHILD_SA still missing
some issues when both initiate rekeing
2006-06-08 14:20:05 +00:00
Martin Willi
8d77eddec2
further work for rekeying:
...
get liftimes from policy
added new state
initiation of rekeying done
proposal redone:
removed support for AH+ESP proposals
2006-06-07 13:26:23 +00:00
Andreas Steffen
6848dac603
minimized prefixed on stroke logger output
2006-05-31 05:50:04 +00:00
Andreas Steffen
e1c00b96a6
list ca certificates
2006-05-30 07:48:29 +00:00
Martin Willi
139ce7871f
- fixed memleak when deleting a connection
2006-05-29 11:29:23 +00:00
Martin Willi
9fe14f4b8a
- policies contain a connections name now
...
- used for initiate and delete
- connections won't get initiated twice anymore
- deleting of connections is now possible, which allows us to use
ipsec update and ipsec reload
2006-05-29 11:09:45 +00:00
Andreas Steffen
ecadab2ba7
stroke now uses constant size string buffer
2006-05-29 07:14:57 +00:00
Martin Willi
3a13a78084
- handle IKE_SA setup without a piggy-packed CHILD_SA
...
more IKEv2 conform
2006-05-24 09:05:21 +00:00
Martin Willi
8b5be79d83
- show connection templates in status & statusall
...
- don't complain on termination of IKEv1 connections
2006-05-23 13:25:57 +00:00
Martin Willi
7ba69503aa
- changed config load strategy:
...
starter loads both connections in charon & pluto,
charon ignores anything with keyexchange!=ikev2.
pluto needs the same behavior.
2006-05-23 10:07:02 +00:00
Andreas Steffen
96b82ed821
load_end_certificate() now loads certificates
2006-05-23 08:16:15 +00:00
Martin Willi
86a7937b45
- applied patch from andreas, which allows certificate listing via stroke
2006-05-19 06:44:08 +00:00
Martin Willi
b5e1560659
- applied andreas's patch
...
- logger output improvements
- testin gupdates
- and a lot more
2006-05-18 06:02:28 +00:00
Martin Willi
b8577029d1
2006-05-10 08:02:49 +00:00