Martin Willi
|
6367de28ad
|
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements
|
2011-01-07 15:51:35 +01:00 |
Martin Willi
|
6c302616f1
|
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
|
2010-12-20 09:45:39 +01:00 |
Martin Willi
|
cf5866b9c0
|
Renamed purgex509/crl to purgecerts/crls to be consistent with list commands
|
2010-12-10 11:21:55 +01:00 |
Martin Willi
|
6aa144ddb7
|
Added options to flush CRLs/X509 certs from the cert cache
|
2010-12-10 09:45:22 +01:00 |
Martin Willi
|
851d60484e
|
Added a stroke rekey command to trigger IKE/CHILD_SA rekeying manually
|
2010-11-03 15:12:05 +01:00 |
Martin Willi
|
64d7b0733f
|
Added support for the ipsec.conf aaa_identity keyword
|
2010-08-31 17:52:52 +02:00 |
Martin Willi
|
3d711a68fb
|
Added a stroke command to export cached x509 certificates to the console
|
2010-08-10 18:46:30 +02:00 |
Martin Willi
|
70789d28a1
|
Handle PIN: as a magic keyword for prompt, use getpass() to silently read credentials
|
2010-08-04 09:26:21 +02:00 |
Andreas Steffen
|
26c4d0102a
|
configuration of different marks for inbound and outbound direction
|
2010-07-09 09:06:07 +02:00 |
Andreas Steffen
|
ee26c537d7
|
support of xfrm marks for IKEv2
|
2010-07-02 23:46:09 +02:00 |
Reto Buerki
|
1f83541d7b
|
Include reqid in stroke add connection message.
|
2010-05-04 14:38:34 +02:00 |
Tobias Brunner
|
1c31d34ed5
|
Initialize libstrongswan in stroke (fixes Vstr logging).
|
2010-04-29 14:51:44 +02:00 |
Tobias Brunner
|
037fb02493
|
Fixed compiler warning.
|
2010-03-24 12:03:08 +01:00 |
Martin Willi
|
667b73721a
|
Added left-/rightikeport ipsec.conf options to use custom IKE ports
|
2010-02-26 11:44:33 +01:00 |
Martin Willi
|
8015c91cb9
|
Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
|
2010-01-27 16:05:11 +01:00 |
Andreas Steffen
|
270bb348e3
|
pluto now supports SQL-based virtual IP pools
|
2009-10-14 14:30:14 +02:00 |
Martin Willi
|
7daf5226b7
|
removed trailing spaces ([[:space:]]+$)
|
2009-09-04 13:46:09 +02:00 |
Tobias Brunner
|
abff49a7ff
|
Handling of new lifetime limits added to stroke.
|
2009-09-01 12:53:44 +02:00 |
Martin Willi
|
750bbcf9a8
|
added support for %prompt-ing private key passhprases in strokes "ipsec secrets"
|
2009-08-26 11:23:50 +02:00 |
Tobias Brunner
|
26965b4ef3
|
OpenSolaris needs libsocket and libnsl for socket().
|
2009-08-14 14:50:53 +02:00 |
Tobias Brunner
|
cc396286e8
|
Defined some missing fixed-width int types on OpenSolaris.
|
2009-08-14 14:50:22 +02:00 |
Tobias Brunner
|
599d2bcea8
|
Revert "gperf under FreeBSD does not know the -m option."
This reverts commit 0ead254919 .
|
2009-07-16 15:15:09 +02:00 |
Tobias Brunner
|
0ead254919
|
gperf under FreeBSD does not know the -m option.
We could use AC_PATH_PROGS_FEATURE_CHECK (added in Autoconf 2.62) to check for this option.
|
2009-07-14 12:09:22 +02:00 |
Andreas Steffen
|
b75d6242c9
|
optimized gperf
|
2009-05-15 22:54:29 +02:00 |
Martin Willi
|
832427064c
|
added a "purgeike" command to stroke, deleting all IKE_SAs without a CHILD_SA
|
2009-05-15 11:02:56 +02:00 |
Tobias Brunner
|
8c5d72cd0b
|
removing svn keyword $Id$ from all files
|
2009-04-30 13:19:35 +00:00 |
Tobias Brunner
|
d24a74c5b4
|
merging changes from portability branch back to trunk
important change for developers: %Y replaces %D to print identities!
|
2009-04-30 11:37:54 +00:00 |
Martin Willi
|
466f11bfaf
|
added .gitignore files, ready for the switch
|
2009-04-30 07:42:30 +00:00 |
Martin Willi
|
a44bb9345f
|
merged multi-auth branch back into trunk
|
2009-04-14 10:34:24 +00:00 |
Martin Willi
|
6b83549d1a
|
list assigned leases using "ipsec leases"
|
2008-12-10 13:00:02 +00:00 |
Andreas Steffen
|
c117f24e61
|
renamed proxy to proxy_mode in stroke_msg.h
|
2008-11-11 07:28:52 +00:00 |
Andreas Steffen
|
d487b4b727
|
preliminary support of Mobile IPv6
|
2008-11-11 06:37:37 +00:00 |
Tobias Brunner
|
1adaa02bb2
|
merging kernel_pfkey plugin back from kernel-interface branch
|
2008-10-14 08:46:31 +00:00 |
Andreas Steffen
|
d1cbe55127
|
implemented ipsec listalgs as a stroke command
|
2008-10-08 07:00:13 +00:00 |
Martin Willi
|
9482208633
|
crypto_factory algorithm enumeration API
implementation of "ipsec listalgs"
|
2008-08-28 09:24:42 +00:00 |
Martin Willi
|
822901061b
|
ported parts of two-sim branch
eap_identity parameter to exchange in eap_identity
some auth_info/peer_cfg refactorings
fixed some bugs, introduced new ones
|
2008-08-22 10:44:51 +00:00 |
Andreas Steffen
|
556e426fd8
|
renamed STROKE_DOWNSRCIP to STROKE_DOWN_SRCIP
|
2008-07-01 13:47:26 +00:00 |
Martin Willi
|
131064995a
|
added a "ipsec down-srcip <start> [<end>]" command to terminate IKE_SAs by remote virtual ip
|
2008-07-01 12:48:56 +00:00 |
Tobias Brunner
|
d4aad55434
|
IPComp for IKEv2
|
2008-05-08 16:19:11 +00:00 |
Martin Willi
|
3444390241
|
supporting multiple comma seperated subnets in left/rightsubnet definition
e.g. leftsubnet=10.2.0.0/16,10.4.0.0/16
|
2008-04-25 12:41:37 +00:00 |
Tobias Brunner
|
6439267a8c
|
support for hash and URL encoded certificate payloads in charon
|
2008-04-18 11:24:45 +00:00 |
Martin Willi
|
b360e3933d
|
respecting ipsec.conf cachecrls= option
|
2008-04-17 15:01:57 +00:00 |
Martin Willi
|
0644ebd3de
|
implemented IKE_SA uniqueness using ipsec.conf uniqueids paramater
additionally supports a "keep" value to keep the old IKE_SA
|
2008-04-14 13:23:24 +00:00 |
Martin Willi
|
cdcfe777f4
|
implementation of an CFG attribute framework, currently supporting virtual IPs
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
|
2008-04-09 12:54:47 +00:00 |
Tobias Brunner
|
dc04b7c743
|
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
|
2008-03-26 18:40:19 +00:00 |
Martin Willi
|
552cc11b1f
|
merged the modularization branch (credentials) back to trunk
|
2008-03-13 14:14:44 +00:00 |
Martin Willi
|
0f806802ae
|
implemented Expanded EAP types to support vendor specific methods
|
2007-12-13 17:31:21 +00:00 |
Andreas Steffen
|
d41a77e45c
|
added RCSID
|
2007-10-08 20:12:25 +00:00 |
Tobias Brunner
|
d5cc175833
|
experimental P2P-NAT-T for IKEv2 merged back from branch
|
2007-10-03 15:10:41 +00:00 |
Martin Willi
|
9dae1bed00
|
implemented IKEv2 force_encap connection parameter
enforces UDP encapsulation by faking NAT detection payloads
to hurdle restrictive firewalls
|
2007-10-01 12:19:39 +00:00 |