ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,819 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

112 Commits

Author SHA1 Message Date
Tobias Brunner 4dc9edfa55 swanctl: Don't print status message if nothing was loaded to stderr 
This is not an error (as reflected by the returned status code) so we
should not print to stderr as output there might still be considered an
error (or at least an audit-worthy event) by some scripts.
 2021-02-04 16:50:36 +01:00
Tobias Brunner 30d47ea4cb swanctl: Support any key type for decrypted keys 
The previous code required explicit support for a particular key type,
of which Ed25519 and Ed448 were missing.  While a fallback to `any` would
have been possible (this is already the case for unencrypted keys in the
`private` and `pkcs8` directories, which are not parsed by swanctl), it's
not necessary (as long as swanctl and the daemon are from the same release)
and does not require the daemon to detect the key type again.

Fixes #3586.
 2020-10-27 11:17:44 +01:00
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner 73ee7b6664 swanctl: Add missing header guards for load commands 2020-01-28 15:29:40 +01:00
Martin Willi 026024bc02 swanctl: Include ca_id property in list-conns command 2019-12-06 10:07:46 +01:00
Tobias Brunner b9949e98c2 Some whitespace fixes 
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
 2019-08-22 15:18:06 +02:00
Tobias Brunner c863960eb1 vici: Support initiation of IKE_SAs 
The configuration must allow the initiation of a childless IKE_SA (which
is already the case with the default of 'accept').
 2019-04-25 15:23:19 +02:00
Tobias Brunner 19b6d9a622 swanctl: Report interface IDs in --list-sas 2019-04-04 09:31:38 +02:00
Tobias Brunner 501bd53a6c swanctl: Make credential directories relative to swanctl.conf 
All directories are now considered relative to the loaded swanctl.conf
file, in particular, when loading it from a custom location via --file
argument.  The base directory, which is used if no custom location for
swanctl.conf is specified, is now also configurable at runtime via
SWANCTL_DIR environment variable.

Closes strongswan/strongswan#120.
 2018-12-14 09:11:14 +01:00
Matt Selsky b98db90763 swanctl: Fix typos in usage for swanctl rekey/terminate commands 
Closes strongswan/strongswan#113.
 2018-10-02 09:30:03 +02:00
Tobias Brunner 784d96e031 Fixed some typos, courtesy of codespell 2018-09-17 18:51:44 +02:00
Tobias Brunner 0b8d00adaf counters: Fix exit status in error case 2018-09-17 18:51:42 +02:00
Tobias Brunner 80e8845d36 swanctl: Allow passing a custom config file for each --load* command 
Mainly for debugging, but could also be used to e.g. use a separate file
for connections and secrets.
 2018-09-11 18:14:45 +02:00
Tobias Brunner 755985867e swanctl: Report the use of a PPK in --list-sas 
If we later decide the PPK_ID would be helpful, printing this on a
separate line would probably make sense.
 2018-09-10 18:03:30 +02:00
Tobias Brunner 1fb46f7119 swanctl: Report PPK configuration in --list-conns 2018-09-10 18:03:02 +02:00
Tobias Brunner 3703dff2aa swanctl: Add support for PPKs 2018-09-10 18:03:01 +02:00
Tobias Brunner 8505c28289 swanctl: Add --reauth option to --rekey command 2018-08-31 12:39:46 +02:00
Andreas Steffen ef4a63524f vici: list cert_policy parameter 2018-06-22 10:39:40 +02:00
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Tobias Brunner c057cd26fa swanctl: Add option to force IKE_SA termination 2018-05-22 10:06:07 +02:00
Andreas Steffen 4eaf08c35b vici: list-conn reports DPD settings and swanctl displays them 2018-02-15 16:28:06 +01:00
Tobias Brunner 6d98bb926e swanctl: Allow dots in authority/shared secret/pool names 
Use argument evaluation provided by settings_t instead of using strings
to enumerate key/values.

If section names contain dots the latter causes the names to get split
and interpreted as non-existing sections and subsections.

This currently doesn't work for connections and their subsections due to
the recursion.
 2017-12-22 10:11:21 +01:00
Tobias Brunner f0c7cbd1d7 swanctl: Properly register --counters commmand 
Use C instead of c, which is already used for --load-conns.
 2017-11-13 09:45:14 +01:00
Tobias Brunner 052bccfac4 swanctl: Add --counters command 2017-11-08 16:28:28 +01:00
Tobias Brunner cbbd34f507 swanctl: Use returned key ID to track loaded private keys 
There was a direct call to load_key() for unencrypted keys that didn't
remove the key ID from the hashtable, which caused keys to get unloaded
when --load-creds was called multiple times.
 2017-05-23 16:41:02 +02:00
Tobias Brunner e2d9971215 swanctl: Add --rekey command 2017-02-16 19:24:09 +01:00
Tobias Brunner 04c0219e55 vici: Use unique names for CHILD_SAs in the list-sas command 
The original name is returned in the new "name" attribute.

This fixes an issue with bindings that map VICI messages to
dictionaries.  For instance, in roadwarrior scenarios where every
CHILD_SA has the same name only the information of the last CHILD_SA
would end up in the dictionary for that name.
 2017-02-16 19:24:08 +01:00
Tobias Brunner 75665375b7 swanctl: Allow specifying pubkeys directly via 0x/0s prefix 2017-02-16 19:24:08 +01:00
Tobias Brunner bd6ef6be7e vici: Add support to load CA certificates from tokens and paths in authority sections 2017-02-16 19:24:08 +01:00
Tobias Brunner d2e3ff8e0c swanctl: Add `token` secrets for keys on tokens/smartcards 2017-02-16 19:24:07 +01:00
Tobias Brunner ebb517581f swanctl: Pass optional connection name to --initiate/install/uninstall 2017-02-16 19:24:07 +01:00
Tobias Brunner ed105f45af vici: Add support for NT Hash secrets 
Fixes #1002.
 2017-02-16 19:23:51 +01:00
Tobias Brunner e00bc9f6b2 vici: Add support for certificate policies 2017-02-16 19:23:50 +01:00
Tobias Brunner d460ab2bff swanctl: Automatically unload removed shared keys 2017-02-16 19:21:13 +01:00
Tobias Brunner 04180409ad swanctl: Automatically unload removed private keys 2017-02-16 19:21:12 +01:00
Tobias Brunner 257f6cb8e7 swanctl: Add possibility to query a specific pool by name 2017-02-16 19:21:12 +01:00
Martin Willi 72547830fb swanctl: List CHILD_SA marks, if set 2017-02-13 15:11:20 +01:00
Tobias Brunner 7caba2eb55 swanctl: Add 'private' directory/section to load any type of private key 2016-10-05 11:33:36 +02:00
Andreas Steffen 2c7cfe7630 vici: flush-certs command flushes certificate cache 
When fresh CRLs are released with a high update frequency (e.g.
every 24 hours) or OCSP is used then the certificate cache gets
quickly filled with stale CRLs or OCSP responses. The new VICI
flush-certs command allows to flush e.g. cached CRLs or OCSP
responses only. Without the type argument all kind of certificates
(e.g. also received end entity and intermediate CA certificates)
are purged.
 2016-09-13 17:02:59 +02:00
Andreas Steffen 7f65a8c271 vici: Increased various string buffers to BUF_LEN (512 bytes) 2016-07-29 12:34:40 +02:00
Andreas Steffen 6a6876390d swanctl: indicate initiator and responder in --list-sas 2016-05-07 17:54:56 +02:00
Andreas Steffen b9522f9d64 swanctl: Do not display rekey times for shunts 2016-05-05 14:53:22 +02:00
Andreas Steffen b1df631212 vici list-conns sends reauthentication and rekeying time information 2016-05-04 18:13:52 +02:00
Andreas Steffen e88f21cf65 swanctl: --list-conns shows eap_id, xauth_id and aaa_id 2016-05-04 18:13:52 +02:00
Andreas Steffen afcd466192 swanctl: list EAP type in --list-conns 2016-04-26 17:15:37 +02:00
Andreas Steffen 4e3234afb4 swanctl: log errors to stderr 2016-04-24 23:33:23 +02:00
Andreas Steffen e9704e90cf Include manual policy priorities and restriction to interfaces in vici list-conn command 2016-04-09 16:51:02 +02:00
Andreas Steffen 99b794a4cf Display IKE ports with swanctl --list-sas 2016-03-05 18:19:00 +01:00
Tobias Brunner 27074f3155 vici: Match subnets and ranges against peer IP in redirect command 2016-03-04 16:03:00 +01:00
Tobias Brunner bef4518de7 vici: Match identity with wildcards against remote ID in redirect command 2016-03-04 16:02:59 +01:00