9c7faa8618
Added parser for unsigned long long ints to starter.
2009-09-01 12:53:44 +02:00
6180a55852
use time_monotonic() instead of time() for statistics and time difference calculations
2009-08-31 18:00:28 +02:00
5672eae131
make boolean expression less enigmatic
2009-08-25 21:09:54 +02:00
eb641993d4
set stroke connection flags to a clear TRUE/FALSE
2009-08-25 19:57:36 +02:00
26965b4ef3
OpenSolaris needs libsocket and libnsl for socket().
2009-08-14 14:50:53 +02:00
e580e0a9a2
sockio.h is required on OpenSolaris for SIOCGIFADDR.
2009-08-14 14:50:50 +02:00
a3ccf95f3f
LOG_AUTHPRIV is not defined on OpenSolaris.
2009-08-14 13:37:07 +02:00
5d8306de68
use SS_RC_FIRST and SS_RC_LAST
2009-08-06 16:42:44 +02:00
3646c8a159
abort pluto or charon if initialization fails
2009-08-06 16:32:52 +02:00
10c13ed264
fixed dereferencing bug caused by bool type redefinition
2009-08-02 16:58:32 +02:00
ecff28c5c5
fixe KW_END_FIRST..KW_END_LAST keyword range
2009-07-28 15:44:24 +02:00
9af7715c3d
Fixed installation of config files in out-of-tree builds.
2009-07-20 21:13:45 +02:00
7cdf712d3e
Use the numerical UID/GID to install the config files and create the ipsec.d directories.
2009-07-20 21:03:05 +02:00
eab241fb56
stop strongswan if integrity check of libstrongswan or daemon fails
2009-07-17 20:33:19 +02:00
ca366aeea0
enforce strongSwan coding rules
2009-07-17 16:57:07 +02:00
599d2bcea8
Revert "gperf under FreeBSD does not know the -m option."
...
This reverts commit 0ead254919
2009-07-16 15:15:09 +02:00
0ead254919
gperf under FreeBSD does not know the -m option.
...
We could use AC_PATH_PROGS_FEATURE_CHECK (added in Autoconf 2.62) to check for this option.
2009-07-14 12:09:22 +02:00
c7f76958d7
authby=pubkey is now the default authentication
2009-06-19 10:41:38 +02:00
ebde1a7ddd
consistent display of strongSwan version
2009-06-13 16:03:08 +02:00
11e6d28533
pluto supports ECDSA authentication
2009-06-12 19:59:49 +02:00
af1feed96a
NO_CREDENTIAL_FACTORY compile option not needed anymore
2009-05-28 15:44:22 +02:00
517895bd05
eliminated ipsec_policy.h
2009-05-26 17:19:26 +02:00
b75d6242c9
optimized gperf
2009-05-15 22:54:29 +02:00
bcbf110938
fixing compilation when using the Vstr string library
2009-04-24 05:30:50 +02:00
5533a88936
properly convert boolean flags when parsing ipsec.conf
2009-05-07 17:43:16 +02:00
723534283c
use bool instead of int
2009-05-07 17:42:25 +02:00
8c5d72cd0b
removing svn keyword $Id$ from all files
2009-04-30 13:19:35 +00:00
d24a74c5b4
merging changes from portability branch back to trunk
...
important change for developers: %Y replaces %D to print identities!
2009-04-30 11:37:54 +00:00
466f11bfaf
added .gitignore files, ready for the switch
2009-04-30 07:42:30 +00:00
2e65569534
already had the correct formatting
2009-04-19 19:32:51 +00:00
65607eb370
cosmetics
2009-04-19 19:32:02 +00:00
9d53cc5d43
already had the correct formatting
2009-04-19 19:22:31 +00:00
3d7a244b54
conversion from 8 spaces to 4 spaces per tab
2009-04-19 19:16:09 +00:00
67411e66c3
port the libstrongswan memory allocation methods to pluto
2009-04-17 07:11:29 +00:00
6319cd74ea
pluto uses the libstrongswan leak detective and a stripped-down version of library_t
2009-04-16 08:25:47 +00:00
a44bb9345f
merged multi-auth branch back into trunk
2009-04-14 10:34:24 +00:00
0ad1a8daea
modelled invokepluto start and stop timing scheme after invokecharon
2009-03-27 16:14:59 +00:00
e4838d02b3
set the default of plutostart/charonstart according to ./configure options
2009-03-24 15:02:12 +00:00
4a6b84a934
reintegrated eap-radius branch into trunk
2009-03-24 10:24:58 +00:00
91480aa9fb
added eap=mschapv2 to ipsec.conf.5
2009-02-19 22:12:04 +00:00
f98cdf7a47
adding plugin for EAP-MS-CHAPv2
2009-02-18 19:57:15 +00:00
c59825fbfc
support of dynamic/128 and %any6
2009-02-05 22:13:48 +00:00
356bbeca7d
added eap=gtc option to ipsec.conf man page
2009-01-14 03:29:59 +00:00
3119fafd8d
cosmetics
2009-01-13 06:50:55 +00:00
04bcdc715d
changed type definition of level from char* to int
2009-01-13 06:36:31 +00:00
a46173dfb4
nat_traversal in manpage corrected
2008-12-10 17:45:44 +00:00
9dd1229407
fixing compilation on systems lacking linux/xfrm.h
2008-11-18 14:28:05 +00:00
84bec926a3
added type=transport_proxy and installpolicy=yes|no to man page
2008-11-13 06:29:53 +00:00
479f295049
fixed compiler warnings issued by:
...
gcc 4.3
curl.h gcc type-checking
glibc with enabled FORTIFY_SOURCE checking
2008-11-11 18:37:19 +00:00
ea625fabf9
merging kernel_klips plugin back into trunk
2008-11-11 09:22:00 +00:00
c117f24e61
renamed proxy to proxy_mode in stroke_msg.h
2008-11-11 07:28:52 +00:00
d487b4b727
preliminary support of Mobile IPv6
2008-11-11 06:37:37 +00:00
61670ba284
support of %any address string
2008-11-05 04:53:45 +00:00
1adaa02bb2
merging kernel_pfkey plugin back from kernel-interface branch
2008-10-14 08:46:31 +00:00
7827997346
also respect the mobike=no setting as responder
2008-09-30 12:36:58 +00:00
822901061b
ported parts of two-sim branch
...
eap_identity parameter to exchange in eap_identity
some auth_info/peer_cfg refactorings
fixed some bugs, introduced new ones
2008-08-22 10:44:51 +00:00
1caa265c61
a (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM
2008-08-21 12:10:07 +00:00
573fd9ce03
ipsec starter gives the charon daemon 8s to terminate gracefully before killing the process brutally
2008-08-01 10:35:59 +00:00
ce91f67f60
starter now waits for a maximum of 10s instead of 1s for charon before restarting the daemon
2008-07-29 19:44:54 +00:00
6d58c2be9a
cosmetics
2008-07-15 13:09:09 +00:00
0ef961b878
added pfsgroup to ipsec.conf.5 man page
2008-07-15 13:07:27 +00:00
1dec30625e
check if parsing of ipsec update was successful
2008-07-02 05:51:49 +00:00
a02bc1dbea
updated location of auth_class_t
2008-06-24 13:36:10 +00:00
7d4bb52073
make config_auth_method_t backward compatible to existing sql templates
2008-06-10 20:31:53 +00:00
ea0823dffd
ECDSA with OpenSSL
2008-06-10 09:08:27 +00:00
f13e23754f
tolerating chown failures on installation, required to build some packages
2008-06-04 12:09:24 +00:00
808ca43f92
fixed compiler warning (missing include)
2008-05-13 07:37:08 +00:00
0fc1fc0ec8
forgot about alphabetical order
2008-05-12 12:46:30 +00:00
2637c30c69
added description of plutostderrlog parameter to ipsec.conf.5 man page
2008-05-12 11:36:59 +00:00
a50818ed46
plutostderrlog parameter now declares a stderr redirection file
2008-05-12 10:05:49 +00:00
f85d02a419
fixed typos
2008-05-11 20:36:14 +00:00
9a6d9f10e2
support of plutostderrlog keyword
2008-05-11 07:59:00 +00:00
d4aad55434
IPComp for IKEv2
2008-05-08 16:19:11 +00:00
25b12c696b
replaced --with-gid/uid by --with-group/user
...
using named users, groups
fixed capability dropping in pluto
2008-05-08 10:58:04 +00:00
77b9c3a214
end->srcip string must be removed if it contains %config
2008-04-27 11:28:58 +00:00
2988273b3a
fixed starter_cmp_end()
2008-04-27 11:04:13 +00:00
937eb2db00
fixed memory corruption problem in starter
2008-04-27 10:49:31 +00:00
3444390241
supporting multiple comma seperated subnets in left/rightsubnet definition
...
e.g. leftsubnet=10.2.0.0/16,10.4.0.0/16
2008-04-25 12:41:37 +00:00
66bb16b033
shipping a default strongswan.conf
2008-04-18 12:52:47 +00:00
6439267a8c
support for hash and URL encoded certificate payloads in charon
2008-04-18 11:24:45 +00:00
c4ec8c9d18
fixed compiler warning
2008-04-17 15:08:48 +00:00
b360e3933d
respecting ipsec.conf cachecrls= option
2008-04-17 15:01:57 +00:00
f45411c045
set long-forgotten DPD defaults
2008-04-15 11:27:45 +00:00
0644ebd3de
implemented IKE_SA uniqueness using ipsec.conf uniqueids paramater
...
additionally supports a "keep" value to keep the old IKE_SA
2008-04-14 13:23:24 +00:00
b010310517
updated rightsourceip parameter in man page
2008-04-14 08:27:05 +00:00
ff41ca0dc4
host_srcip was not properly initialized in starterwhack.c
2008-04-13 21:42:44 +00:00
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
5df92bba51
changed force_encap to forceencaps
2008-04-08 12:53:36 +00:00
7a9d3ae471
support of force_keepalive parameter
2008-04-02 18:35:23 +00:00
0d2670e7e6
removed unused yynuput to fix compiler warning
2008-03-28 11:45:01 +00:00
e74bc8e51d
changed external interface to the mediation extension.
2008-03-27 12:31:35 +00:00
dc04b7c743
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
2008-03-26 18:40:19 +00:00
754c1c0ef7
suppress IKEv2-specific policy flags in pluto. Patch contributed by Heiko Hund from Astaro.
2008-03-21 09:34:40 +00:00
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
e633b1998f
creating sysconfdir if it does not exist
...
moved all directory creations into starters Makefile
2008-02-22 14:50:38 +00:00
aa1a730bfb
set nexthop default value to 0::0 in IPv6 connections
2007-12-19 00:49:32 +00:00
0f806802ae
implemented Expanded EAP types to support vendor specific methods
2007-12-13 17:31:21 +00:00
4b403e7672
merged EAP-MD5 into trunk
2007-12-12 14:29:10 +00:00
0b72091970
ipsec and starter exit with LSB-compliant return codes
2007-11-28 17:02:12 +00:00
1871cffdc4
be less agressive, but more verbose in killing charon
2007-11-15 18:34:05 +00:00
496e76cbdf
added RCSID
2007-10-08 19:57:54 +00:00
d5cc175833
experimental P2P-NAT-T for IKEv2 merged back from branch
2007-10-03 15:10:41 +00:00
f9b8417a7c
renamed force_encap to forceencaps (as it is named in openswan)
2007-10-02 06:57:58 +00:00
f53b74c96f
moved force_encap to ike_config, enables responder to enforce udp encapsulation
...
fixed bugs in force_encap code
2007-10-01 16:41:34 +00:00
9dae1bed00
implemented IKEv2 force_encap connection parameter
...
enforces UDP encapsulation by faking NAT detection payloads
to hurdle restrictive firewalls
2007-10-01 12:19:39 +00:00
3b4b26cdf3
moved loglite.c from openac to scepclient
2007-09-18 15:59:56 +00:00
8c4339bdd2
added mobike option to man page
2007-09-02 11:44:32 +00:00
9164e49ac0
added mobike=yes|no connection option
...
yes: include mobike support notifies as initiator
no: only enable mobike as responder when initiator supports it
default: yes
2007-08-29 12:11:25 +00:00
ec11518d1b
handle dns lookup failures
2007-08-02 18:38:28 +00:00
0761886051
added to ipsec.conf installation path
2007-07-11 16:22:02 +00:00
eea626ed25
describe eap option in ipsec.conf.5 man page
2007-07-04 05:42:58 +00:00
ae4388dca0
cosmetics
2007-07-04 05:42:09 +00:00
4f22a3e339
removed the ipsec.conf version number
2007-07-04 05:41:51 +00:00
dd0ee786db
support of PKCS#11 init arguments required by NSS softoken, patch contributed by Robert Varga
2007-07-03 09:33:02 +00:00
e0e6137dd3
support of PKCS#11 init arguments required by NSS softoken, patch contributed by Robert Varga
2007-07-03 09:26:44 +00:00
fdd32ee6e5
fix of the bug fix, courtesy of Robert Varga
2007-07-02 17:48:30 +00:00
2f806bd866
bug fix courtesy of Robert Varga
2007-07-02 17:42:16 +00:00
c2bc2b2782
alphabetical order
2007-06-27 21:49:09 +00:00
e0e7ef070d
separated pluto, charon, and klips setup config section parameters
2007-06-27 15:42:11 +00:00
487fe29ee3
added lefthostaccess and leftprotoport parameters
2007-06-27 14:03:56 +00:00
7900ab1b7a
update ipsec.conf man page
2007-06-27 13:29:36 +00:00
c4c916f90a
add starter.8 man page to distribution
2007-06-27 13:29:20 +00:00
6fa8bd61c1
cosmetics
2007-06-27 10:04:02 +00:00
2f153a2263
recognize wildcard keyingtries=%forever
2007-06-27 08:11:22 +00:00
a80521d13e
recognize wildcards right=%group and keyingtries=%forever
2007-06-27 08:11:08 +00:00
3f946e1c90
support of right=%<FQDN> wildcard
2007-06-25 11:28:39 +00:00
e6a22d8728
discarded unused functions
2007-06-25 09:06:13 +00:00
3345c0a1ed
make starter behave more gracefully in the presence of non-fatal errors
2007-06-25 07:10:23 +00:00
d0f55e236d
support of right|leftallowany flag
2007-06-18 17:51:45 +00:00
5e564f2bff
added setsid() to properly detach from console
2007-06-11 12:21:12 +00:00
532137e70f
fixed man page
2007-05-25 07:19:49 +00:00
8e79d8d3de
updated man-page for left/rightsourceip
2007-05-25 07:15:18 +00:00
16878f6823
support for virtual IP definition on client side:
...
if leftsourceip is defined, it is requested.
server may define rightsourceip=%config to accept any,
or it may overwrite it using rightsourceip.
if server does not return an IP, client enforces its configured leftsourceip.
2007-05-22 13:49:31 +00:00
3eb9630071
support of left|rightgroups parameter
2007-05-20 15:38:36 +00:00
6874bf698c
changing UID/GID after startup of pluto/charon
...
added --with-uid/--with-gid configure option
2007-05-07 12:38:46 +00:00
3d63b7639e
setting MALLOC_CHECK_=0 for charon to not use glibc's malloc checker
2007-05-02 09:59:47 +00:00
4841189b72
implementation of strictcrlpolicy=ifuri
2007-04-20 11:12:08 +00:00
7ef4be2cb1
unshare argument buffers
2007-04-19 14:26:11 +00:00
b7ade11b16
updated man page: proposals using PFS
2007-04-19 14:22:53 +00:00
8883eef7b8
support cachecrls=yes
2007-04-05 17:07:14 +00:00
e58afb1a0a
support of crlcheckinterval=0 to disable IKEv2 CRL fetching
2007-04-04 07:49:05 +00:00
9b45443dc2
updated NEWS, TODO and man page
2007-03-20 08:59:03 +00:00
b0f24449dd
added EAP-SIM authentication
...
client side only
uses an external SIM reader library specified with SIM_READER_LIB
untested
2007-03-13 15:01:02 +00:00
0c8aba6771
added support for 0.0.0.0/0 traffic selectors
...
fixed routing to make correct 0.0.0.0/0 routes
2007-03-01 11:42:08 +00:00
c60c7694d2
merged tasking branch into trunk
2007-02-28 14:04:36 +00:00
7eb4010c01
replace ca is realized as del_ca followed by add_ca
2007-02-24 23:20:27 +00:00
98a905838a
last CA keyword is KW_OCSPURI2
2007-02-24 23:19:28 +00:00
113be7f186
support of ca info records
2007-02-23 15:13:21 +00:00
a02ae4ccd5
using "left" as my host per default, swapping to "right" when needed
2007-02-15 12:13:18 +00:00
06133e1de7
enabled adding and deleting ca information records
2007-02-14 01:02:09 +00:00
3a5f6dff7a
fixed starter crash due to freeing default IPSEC_EAPDIR string
2007-02-14 00:56:58 +00:00
8245a9142c
add --eapdir option only if defined in ipsec.conf
2007-02-14 00:53:45 +00:00
f27f6296e6
merged EAP framework from branch into trunk
...
includes a lot of other modifications
2007-02-12 15:56:47 +00:00
af87afed47
added config option for BEET mode
2007-01-03 13:16:21 +00:00
fb34660632
negated POLICY_REAUTH to POLICY_DONT_REAUTH
2006-12-21 20:05:08 +00:00
7652be891c
added support for transport mode and (experimental!) BEET mode
...
support for the type=transport/tunnel parameter in charon
2006-12-21 14:35:17 +00:00
532f2347dc
first try to update ipsec.conf manual
2006-12-19 08:32:25 +00:00
6fe03b0af0
implemented reauthentication using the new reauth=yes|no parameter
2006-12-19 07:30:07 +00:00
4dfb3cb0f5
fixed stddef.h include
2006-12-14 15:58:32 +00:00
5347a84f81
fixed HAVE_BACKTRACE checks
...
starter Makefile now uses proper $(COMPILE) to build pluto objects
2006-12-11 09:29:34 +00:00
15b050c945
added XAUTH support
2006-12-05 23:13:02 +00:00
923ee10eef
solved 64 bit issue in push/pop stroke interface
2006-10-31 23:17:21 +00:00
0e4d1d05ad
added 'modeconfig=pull|push' and 'left|rightnatip' keywords
2006-10-25 08:40:34 +00:00
b701b7895b
added has_natip flag
2006-10-25 08:39:39 +00:00
5c4cc9a4e3
added verbosity level to stroke
2006-10-24 08:44:47 +00:00
107936f55a
added charondebug config parameter to set debug level at startup
2006-10-18 11:46:57 +00:00
5d71e72db5
added hostaccess support
2006-09-25 05:46:56 +00:00
4f383c6950
added auth_method field
2006-09-18 07:46:16 +00:00
1239c6f40b
implemented handling of dpdaction and dpddelay ipsec.conf parameters
2006-09-08 06:12:02 +00:00
a655f5c09c
reuse reqid when a ROUTED child_sa gets INSTALLED
...
fixed a bug in retransmission code
added support for the "keyingtries" ipsec.conf parameter
added support for the "dpddelay" ipsec.conf parameter
done some work for "dpdaction" behavior
some other cleanups and fixes
2006-09-05 14:07:25 +00:00
48d9883a3e
initial support for IPv6 (more testing needed)
...
socket works (without v6 filter)
traffic selector handle IPv4/v4 cleanly
improvements in traffic selector code
kernel interface accepts v6 traffic selectors and hosts
host_t class has full IPv6 support
2006-08-30 17:12:56 +00:00
45f76a7ddd
added possibility to route CHILD_SAs, without to set them up
...
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
2006-07-21 13:31:53 +00:00
d109b48968
added support for leftprotoport and rightprotoport
2006-07-05 13:13:07 +00:00
5c149670df
generation of default key
2006-07-03 06:21:56 +00:00
0e3cb317e2
cosmetics
2006-07-03 06:21:40 +00:00
b17e4d2bfd
added support of updown parameter
2006-07-03 06:21:14 +00:00
13b8fa0e8d
fixed execv call args to work when using strictcrl and syslog
2006-06-20 10:04:35 +00:00
56f1a8f2d6
handling of "rekey=no" parameter added
2006-06-15 11:02:15 +00:00
ad038f770d
changed default algorithms to:
...
ike: aes128-sha-modp2048
esp: aes128-sha1, 3des-md5
2006-06-15 11:01:17 +00:00
311b225740
added strictcrlpolicy command line argument
2006-06-14 12:43:51 +00:00
5347233204
support for stroke listcerts|listcacerts|listall and left|rightca=
2006-06-12 08:43:46 +00:00
a2a3fb3e25
workaround for peers rekeying at the same time
...
loading lifetime policies from ipsec.conf
2006-06-12 07:33:20 +00:00
2a13996de0
corrected type
2006-06-09 11:06:37 +00:00
b7f9ca5837
added support for leftsendcert= and left|rightca= parameters
2006-06-09 05:50:41 +00:00
fc0afb6810
created IPv6 environment
2006-06-06 05:41:21 +00:00
6d5e617f7d
full support of ikev1 and ikev2 connection flags
2006-05-30 11:10:42 +00:00
9fe14f4b8a
- policies contain a connections name now
...
- used for initiate and delete
- connections won't get initiated twice anymore
- deleting of connections is now possible, which allows us to use
ipsec update and ipsec reload
2006-05-29 11:09:45 +00:00
ecadab2ba7
stroke now uses constant size string buffer
2006-05-29 07:14:57 +00:00
298b06c28c
- build gets perl and gperf from configure now
...
- moved built sources to maintainer-clean
2006-05-24 06:36:46 +00:00
3572b3b689
- updated ipsec.conf manual to reflect actual state of
...
keyexchange-parameter
2006-05-23 10:53:44 +00:00
7ba69503aa
- changed config load strategy:
...
starter loads both connections in charon & pluto,
charon ignores anything with keyexchange!=ikev2.
pluto needs the same behavior.
2006-05-23 10:07:02 +00:00
4a5bba25e2
- reimplemented proper IKE SA deletion using a seperate state,
...
should conform now to IKEv2
2006-05-23 08:01:49 +00:00
7ca49e4037
- removed lex, yacc and gperf output from svn,
...
added them to "dist" and "distclean"
2006-05-19 14:05:26 +00:00
bea98d4dd7
- added missing ipsec.conf.5 to distribution :-/
2006-05-19 11:16:48 +00:00
fea5e716c4
- added missing ipsec.conf ipsec.conf.5
...
- existing ipsec.conf won't get overwritten anymore
2006-05-19 08:59:19 +00:00
3e61d63a3a
- added ipsec.conf template and man page back
...
- removed old Makefiles
- added new strongswan KDevelop project & startup hack
2006-05-18 14:21:58 +00:00
b5e1560659
- applied andreas's patch
...
- logger output improvements
- testin gupdates
- and a lot more
2006-05-18 06:02:28 +00:00
db26d00e73
- added random source ./configure options
...
- fixed default-pkcs11 option
2006-05-17 14:21:38 +00:00
f2c2d395ff
- introduced autotools
...
- first working version
- make dist should work
- things to do:
- UML testing!
- more cleanups
2006-05-16 14:24:03 +00:00
37a2b616e2
- fixed stroke error output to starter
2006-05-10 07:11:52 +00:00
65cf07ac1d
- applied patch from andreas
...
- added charonstart option to config
- new ikev2 tests for UML
2006-05-06 07:09:45 +00:00
9820c0e208
- applied patch from andreas
...
- pem loading
- secrets file parsing
- ikev2 testcase
- some other additions here and there
2006-05-04 07:55:42 +00:00
1029d84d23
2006-04-28 10:51:19 +00:00
Tobias Brunner