Tobias Brunner
4dc9edfa55
swanctl: Don't print status message if nothing was loaded to stderr
...
This is not an error (as reflected by the returned status code) so we
should not print to stderr as output there might still be considered an
error (or at least an audit-worthy event) by some scripts.
2021-02-04 16:50:36 +01:00
Tobias Brunner
30d47ea4cb
swanctl: Support any key type for decrypted keys
...
The previous code required explicit support for a particular key type,
of which Ed25519 and Ed448 were missing. While a fallback to `any` would
have been possible (this is already the case for unencrypted keys in the
`private` and `pkcs8` directories, which are not parsed by swanctl), it's
not necessary (as long as swanctl and the daemon are from the same release)
and does not require the daemon to detect the key type again.
Fixes #3586 .
2020-10-27 11:17:44 +01:00
Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
73ee7b6664
swanctl: Add missing header guards for load commands
2020-01-28 15:29:40 +01:00
Martin Willi
026024bc02
swanctl: Include ca_id property in list-conns command
2019-12-06 10:07:46 +01:00
Tobias Brunner
b9949e98c2
Some whitespace fixes
...
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
2019-08-22 15:18:06 +02:00
Tobias Brunner
c863960eb1
vici: Support initiation of IKE_SAs
...
The configuration must allow the initiation of a childless IKE_SA (which
is already the case with the default of 'accept').
2019-04-25 15:23:19 +02:00
Tobias Brunner
19b6d9a622
swanctl: Report interface IDs in --list-sas
2019-04-04 09:31:38 +02:00
Tobias Brunner
501bd53a6c
swanctl: Make credential directories relative to swanctl.conf
...
All directories are now considered relative to the loaded swanctl.conf
file, in particular, when loading it from a custom location via --file
argument. The base directory, which is used if no custom location for
swanctl.conf is specified, is now also configurable at runtime via
SWANCTL_DIR environment variable.
Closes strongswan/strongswan#120 .
2018-12-14 09:11:14 +01:00
Matt Selsky
b98db90763
swanctl: Fix typos in usage for swanctl rekey/terminate commands
...
Closes strongswan/strongswan#113 .
2018-10-02 09:30:03 +02:00
Tobias Brunner
784d96e031
Fixed some typos, courtesy of codespell
2018-09-17 18:51:44 +02:00
Tobias Brunner
0b8d00adaf
counters: Fix exit status in error case
2018-09-17 18:51:42 +02:00
Tobias Brunner
80e8845d36
swanctl: Allow passing a custom config file for each --load* command
...
Mainly for debugging, but could also be used to e.g. use a separate file
for connections and secrets.
2018-09-11 18:14:45 +02:00
Tobias Brunner
755985867e
swanctl: Report the use of a PPK in --list-sas
...
If we later decide the PPK_ID would be helpful, printing this on a
separate line would probably make sense.
2018-09-10 18:03:30 +02:00
Tobias Brunner
1fb46f7119
swanctl: Report PPK configuration in --list-conns
2018-09-10 18:03:02 +02:00
Tobias Brunner
3703dff2aa
swanctl: Add support for PPKs
2018-09-10 18:03:01 +02:00
Tobias Brunner
8505c28289
swanctl: Add --reauth option to --rekey command
2018-08-31 12:39:46 +02:00
Andreas Steffen
ef4a63524f
vici: list cert_policy parameter
2018-06-22 10:39:40 +02:00
Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
c057cd26fa
swanctl: Add option to force IKE_SA termination
2018-05-22 10:06:07 +02:00
Andreas Steffen
4eaf08c35b
vici: list-conn reports DPD settings and swanctl displays them
2018-02-15 16:28:06 +01:00
Tobias Brunner
6d98bb926e
swanctl: Allow dots in authority/shared secret/pool names
...
Use argument evaluation provided by settings_t instead of using strings
to enumerate key/values.
If section names contain dots the latter causes the names to get split
and interpreted as non-existing sections and subsections.
This currently doesn't work for connections and their subsections due to
the recursion.
2017-12-22 10:11:21 +01:00
Tobias Brunner
f0c7cbd1d7
swanctl: Properly register --counters commmand
...
Use C instead of c, which is already used for --load-conns.
2017-11-13 09:45:14 +01:00
Tobias Brunner
052bccfac4
swanctl: Add --counters command
2017-11-08 16:28:28 +01:00
Tobias Brunner
cbbd34f507
swanctl: Use returned key ID to track loaded private keys
...
There was a direct call to load_key() for unencrypted keys that didn't
remove the key ID from the hashtable, which caused keys to get unloaded
when --load-creds was called multiple times.
2017-05-23 16:41:02 +02:00
Tobias Brunner
e2d9971215
swanctl: Add --rekey command
2017-02-16 19:24:09 +01:00
Tobias Brunner
04c0219e55
vici: Use unique names for CHILD_SAs in the list-sas command
...
The original name is returned in the new "name" attribute.
This fixes an issue with bindings that map VICI messages to
dictionaries. For instance, in roadwarrior scenarios where every
CHILD_SA has the same name only the information of the last CHILD_SA
would end up in the dictionary for that name.
2017-02-16 19:24:08 +01:00
Tobias Brunner
75665375b7
swanctl: Allow specifying pubkeys directly via 0x/0s prefix
2017-02-16 19:24:08 +01:00
Tobias Brunner
bd6ef6be7e
vici: Add support to load CA certificates from tokens and paths in authority sections
2017-02-16 19:24:08 +01:00
Tobias Brunner
d2e3ff8e0c
swanctl: Add `token` secrets for keys on tokens/smartcards
2017-02-16 19:24:07 +01:00
Tobias Brunner
ebb517581f
swanctl: Pass optional connection name to --initiate/install/uninstall
2017-02-16 19:24:07 +01:00
Tobias Brunner
ed105f45af
vici: Add support for NT Hash secrets
...
Fixes #1002 .
2017-02-16 19:23:51 +01:00
Tobias Brunner
e00bc9f6b2
vici: Add support for certificate policies
2017-02-16 19:23:50 +01:00
Tobias Brunner
d460ab2bff
swanctl: Automatically unload removed shared keys
2017-02-16 19:21:13 +01:00
Tobias Brunner
04180409ad
swanctl: Automatically unload removed private keys
2017-02-16 19:21:12 +01:00
Tobias Brunner
257f6cb8e7
swanctl: Add possibility to query a specific pool by name
2017-02-16 19:21:12 +01:00
Martin Willi
72547830fb
swanctl: List CHILD_SA marks, if set
2017-02-13 15:11:20 +01:00
Tobias Brunner
7caba2eb55
swanctl: Add 'private' directory/section to load any type of private key
2016-10-05 11:33:36 +02:00
Andreas Steffen
2c7cfe7630
vici: flush-certs command flushes certificate cache
...
When fresh CRLs are released with a high update frequency (e.g.
every 24 hours) or OCSP is used then the certificate cache gets
quickly filled with stale CRLs or OCSP responses. The new VICI
flush-certs command allows to flush e.g. cached CRLs or OCSP
responses only. Without the type argument all kind of certificates
(e.g. also received end entity and intermediate CA certificates)
are purged.
2016-09-13 17:02:59 +02:00
Andreas Steffen
7f65a8c271
vici: Increased various string buffers to BUF_LEN (512 bytes)
2016-07-29 12:34:40 +02:00
Andreas Steffen
6a6876390d
swanctl: indicate initiator and responder in --list-sas
2016-05-07 17:54:56 +02:00
Andreas Steffen
b9522f9d64
swanctl: Do not display rekey times for shunts
2016-05-05 14:53:22 +02:00
Andreas Steffen
b1df631212
vici list-conns sends reauthentication and rekeying time information
2016-05-04 18:13:52 +02:00
Andreas Steffen
e88f21cf65
swanctl: --list-conns shows eap_id, xauth_id and aaa_id
2016-05-04 18:13:52 +02:00
Andreas Steffen
afcd466192
swanctl: list EAP type in --list-conns
2016-04-26 17:15:37 +02:00
Andreas Steffen
4e3234afb4
swanctl: log errors to stderr
2016-04-24 23:33:23 +02:00
Andreas Steffen
e9704e90cf
Include manual policy priorities and restriction to interfaces in vici list-conn command
2016-04-09 16:51:02 +02:00
Andreas Steffen
99b794a4cf
Display IKE ports with swanctl --list-sas
2016-03-05 18:19:00 +01:00
Tobias Brunner
27074f3155
vici: Match subnets and ranges against peer IP in redirect command
2016-03-04 16:03:00 +01:00
Tobias Brunner
bef4518de7
vici: Match identity with wildcards against remote ID in redirect command
2016-03-04 16:02:59 +01:00