ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
6,546 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

97 Commits

Author SHA1 Message Date
Martin Willi 6367de28ad Added a left/rightcertpolicy keyword to specify certificatePolicy requirements 2011-01-07 15:51:35 +01:00
Martin Willi 6c302616f1 Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality 2010-12-20 09:45:39 +01:00
Martin Willi cf5866b9c0 Renamed purgex509/crl to purgecerts/crls to be consistent with list commands 2010-12-10 11:21:55 +01:00
Martin Willi 6aa144ddb7 Added options to flush CRLs/X509 certs from the cert cache 2010-12-10 09:45:22 +01:00
Martin Willi 851d60484e Added a stroke rekey command to trigger IKE/CHILD_SA rekeying manually 2010-11-03 15:12:05 +01:00
Martin Willi 64d7b0733f Added support for the ipsec.conf aaa_identity keyword 2010-08-31 17:52:52 +02:00
Martin Willi 3d711a68fb Added a stroke command to export cached x509 certificates to the console 2010-08-10 18:46:30 +02:00
Martin Willi 70789d28a1 Handle PIN: as a magic keyword for prompt, use getpass() to silently read credentials 2010-08-04 09:26:21 +02:00
Andreas Steffen 26c4d0102a configuration of different marks for inbound and outbound direction 2010-07-09 09:06:07 +02:00
Andreas Steffen ee26c537d7 support of xfrm marks for IKEv2 2010-07-02 23:46:09 +02:00
Reto Buerki 1f83541d7b Include reqid in stroke add connection message. 2010-05-04 14:38:34 +02:00
Tobias Brunner 1c31d34ed5 Initialize libstrongswan in stroke (fixes Vstr logging). 2010-04-29 14:51:44 +02:00
Tobias Brunner 037fb02493 Fixed compiler warning. 2010-03-24 12:03:08 +01:00
Martin Willi 667b73721a Added left-/rightikeport ipsec.conf options to use custom IKE ports 2010-02-26 11:44:33 +01:00
Martin Willi 8015c91cb9 Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs 2010-01-27 16:05:11 +01:00
Andreas Steffen 270bb348e3 pluto now supports SQL-based virtual IP pools 2009-10-14 14:30:14 +02:00
Martin Willi 7daf5226b7 removed trailing spaces ([[:space:]]+$) 2009-09-04 13:46:09 +02:00
Tobias Brunner abff49a7ff Handling of new lifetime limits added to stroke. 2009-09-01 12:53:44 +02:00
Martin Willi 750bbcf9a8 added support for %prompt-ing private key passhprases in strokes "ipsec secrets" 2009-08-26 11:23:50 +02:00
Tobias Brunner 26965b4ef3 OpenSolaris needs libsocket and libnsl for socket(). 2009-08-14 14:50:53 +02:00
Tobias Brunner cc396286e8 Defined some missing fixed-width int types on OpenSolaris. 2009-08-14 14:50:22 +02:00
Tobias Brunner 599d2bcea8 Revert "gperf under FreeBSD does not know the -m option." 
This reverts commit 0ead254919.
 2009-07-16 15:15:09 +02:00
Tobias Brunner 0ead254919 gperf under FreeBSD does not know the -m option. 
We could use AC_PATH_PROGS_FEATURE_CHECK (added in Autoconf 2.62) to check for this option.
 2009-07-14 12:09:22 +02:00
Andreas Steffen b75d6242c9 optimized gperf 2009-05-15 22:54:29 +02:00
Martin Willi 832427064c added a "purgeike" command to stroke, deleting all IKE_SAs without a CHILD_SA 2009-05-15 11:02:56 +02:00
Tobias Brunner 8c5d72cd0b removing svn keyword $Id$ from all files 2009-04-30 13:19:35 +00:00
Tobias Brunner d24a74c5b4 merging changes from portability branch back to trunk 
important change for developers: %Y replaces %D to print identities!
 2009-04-30 11:37:54 +00:00
Martin Willi 466f11bfaf added .gitignore files, ready for the switch 2009-04-30 07:42:30 +00:00
Martin Willi a44bb9345f merged multi-auth branch back into trunk 2009-04-14 10:34:24 +00:00
Martin Willi 6b83549d1a list assigned leases using "ipsec leases" 2008-12-10 13:00:02 +00:00
Andreas Steffen c117f24e61 renamed proxy to proxy_mode in stroke_msg.h 2008-11-11 07:28:52 +00:00
Andreas Steffen d487b4b727 preliminary support of Mobile IPv6 2008-11-11 06:37:37 +00:00
Tobias Brunner 1adaa02bb2 merging kernel_pfkey plugin back from kernel-interface branch 2008-10-14 08:46:31 +00:00
Andreas Steffen d1cbe55127 implemented ipsec listalgs as a stroke command 2008-10-08 07:00:13 +00:00
Martin Willi 9482208633 crypto_factory algorithm enumeration API 
implementation of "ipsec listalgs"
 2008-08-28 09:24:42 +00:00
Martin Willi 822901061b ported parts of two-sim branch 
eap_identity parameter to exchange in eap_identity
	some auth_info/peer_cfg refactorings
	fixed some bugs, introduced new ones
 2008-08-22 10:44:51 +00:00
Andreas Steffen 556e426fd8 renamed STROKE_DOWNSRCIP to STROKE_DOWN_SRCIP 2008-07-01 13:47:26 +00:00
Martin Willi 131064995a added a "ipsec down-srcip <start> [<end>]" command to terminate IKE_SAs by remote virtual ip 2008-07-01 12:48:56 +00:00
Tobias Brunner d4aad55434 IPComp for IKEv2 2008-05-08 16:19:11 +00:00
Martin Willi 3444390241 supporting multiple comma seperated subnets in left/rightsubnet definition 
e.g. leftsubnet=10.2.0.0/16,10.4.0.0/16
 2008-04-25 12:41:37 +00:00
Tobias Brunner 6439267a8c support for hash and URL encoded certificate payloads in charon 2008-04-18 11:24:45 +00:00
Martin Willi b360e3933d respecting ipsec.conf cachecrls= option 2008-04-17 15:01:57 +00:00
Martin Willi 0644ebd3de implemented IKE_SA uniqueness using ipsec.conf uniqueids paramater 
additionally supports a "keep" value to keep the old IKE_SA
 2008-04-14 13:23:24 +00:00
Martin Willi cdcfe777f4 implementation of an CFG attribute framework, currently supporting virtual IPs 
updated ipsec.conf sourceip parameter to support
	CIDR notatation to serve from a pool
	%poolname to query a separate (database?) pool
 2008-04-09 12:54:47 +00:00
Tobias Brunner dc04b7c743 mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed 2008-03-26 18:40:19 +00:00
Martin Willi 552cc11b1f merged the modularization branch (credentials) back to trunk 2008-03-13 14:14:44 +00:00
Martin Willi 0f806802ae implemented Expanded EAP types to support vendor specific methods 2007-12-13 17:31:21 +00:00
Andreas Steffen d41a77e45c added RCSID 2007-10-08 20:12:25 +00:00
Tobias Brunner d5cc175833 experimental P2P-NAT-T for IKEv2 merged back from branch 2007-10-03 15:10:41 +00:00
Martin Willi 9dae1bed00 implemented IKEv2 force_encap connection parameter 
enforces UDP encapsulation by faking NAT detection payloads
  to hurdle restrictive firewalls
 2007-10-01 12:19:39 +00:00