abe6d07463
swanctl: Load pubkeys with load-creds
2016-01-09 07:23:30 +01:00
4c38c79452
vici: list-cert sends subject, not-before and not-after attributes for pubkeys
2016-01-09 07:23:30 +01:00
87371460f6
vici: Support of raw public keys
2016-01-09 07:23:29 +01:00
e333d4c0f1
swanctl.conf: IKEv2 fragmentation supported
2016-01-09 00:06:12 +01:00
3f2c305226
swanctl: Slightly change usage summary for --list-certs
2015-12-16 12:20:35 +01:00
b0f00b2a3c
swanctl: Never print more than MAX_LINES of usage summary
...
Print a warning if a registered command exceeds that limit.
2015-12-16 12:09:20 +01:00
47e5640378
swanctl --stats lists loaded plugins
2015-12-13 17:07:28 +01:00
02d431022c
Refactored certificate management for the vici and stroke interfaces
2015-12-12 00:19:24 +01:00
44d3b02b57
Removed VICI protocol versioning
2015-12-11 18:26:55 +01:00
b6dba6db74
Use of certificate_printer by swanctl --list-certs command
2015-12-11 18:26:55 +01:00
334119b843
Share vici_cert_info.c with vici_cred.c
2015-12-11 18:26:55 +01:00
fad851e2d3
Use VICI 2.0 protocol version for certificate queries
2015-12-11 18:26:54 +01:00
9709418871
swanctl: Explicitly link against -lpthread and -ldl if required
...
We already do this for charon, as some toolchains require an explicit
link even if libstrongswan already depends on it.
2015-12-04 08:02:03 +01:00
731cf55579
swanctl: Add --list-algs command to query loaded algorithms
2015-11-30 10:55:55 +01:00
c2967484a0
swanctl: Add option to query leases with --get-pools
2015-11-10 10:43:25 +01:00
304a9a97e8
swanctl: List virtual IPs in --list-sas
2015-11-10 10:43:24 +01:00
0709280175
swanctl: Correctly build man page in out-of-tree builds from the repository
2015-08-27 12:46:53 +02:00
9322e5b398
vici: Add option to disable policy installation for CHILD_SAs
2015-08-17 12:01:36 +02:00
2096d54198
Improved legibility of swanctl CRL listings
2015-07-22 17:46:15 +02:00
63d370387d
vici: Certification Authority support added.
...
CDP and OCSP URIs for a one or multiple certification authorities
can be added via the VICI interface. swanctl allows to read
definitions from a new authorities section.
2015-07-21 13:02:30 +02:00
54d0d20bda
swanctl: Fix --uri option
...
As we now pass the vici connection to the command dispatcher callback, we can't
parse the --uri option to create the connection from the same callback. Instead
pre-process the common command options in a separate loop, and ignore the same
options while processing the actual command.
2015-05-05 10:46:48 +02:00
acbdf8c806
swanctl: Implement monitoring of IKE_SA and CHILD_SA changes
...
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2015-05-04 13:39:08 +02:00
ea79cd6ade
swanctl: Add missing unit in install-time log
2015-05-04 13:25:30 +02:00
d143e7b04b
swanctl: Append /ESN to proposal for a CHILD_SA using Extended Sequence Numbers
...
We previously printed just the value for the "esn" keyword, which is "1", and
not helpful as such.
Fixes #904 .
2015-03-23 10:15:07 +01:00
94bb26fae3
vici: Return authentication rounds with unique names
...
To simplify handling of authentication rounds in dictionaries/hashtables on the
client side, we assign unique names to each authentication round when listing
connection.
2015-03-18 13:59:14 +01:00
1e366429fd
swanctl: Cache entered PKCS#12 decryption secret
...
It is usually used more than once, but most likely the same for decryption and
MAC verification.
2015-03-18 13:34:22 +01:00
54cdf847cc
swanctl: Support loading PKCS#12 containers from a pkcs12 swanctl directory
2015-03-18 13:34:22 +01:00
a1fb5251e0
swanctl: Generalize private key decryption to support other credential types
2015-03-18 13:34:22 +01:00
f6511e36b5
vici: If a IKE reauth_time is configured, disable the default rekey_time
2015-03-03 13:49:14 +01:00
cc1682bef9
ipsec-types: Support the %unique mark value
2015-02-20 16:34:53 +01:00
e4a131b1ce
swanctl: List CHILD_SA unique ID as the primary identifier, but print reqid, too
2015-02-20 13:34:50 +01:00
108e388580
swanctl: Fail loading a connection if loading a cacert constraint fails
2014-12-12 10:23:59 +01:00
5e92534313
vici: Add support for address range definitions of pools
2014-10-30 12:32:45 +01:00
9da2b19189
swanctl: Document identity type prefixes
2014-10-30 11:07:10 +01:00
f8dc376c77
swanctl: Fix man page build on FreeBSD
...
BSD make seems to only evaluate $< for certain rules (like the suffix rule
used to generate the config template).
2014-10-14 16:49:40 +02:00
67f9f09dd3
swanctl: Fix exit codes based on errno
...
As fprintf() most likely sets errno, we should save it before printing the
error message.
2014-10-10 11:42:18 +02:00
0efea2fd86
Don't fail to install if sysconfdir isn't writable
2014-09-26 10:52:37 +02:00
d9a2f1330a
swanctl: Complete --load-creds command summary
2014-09-22 13:55:11 +02:00
71d85b33d9
swanctl: Fix description of load-pools command summary
2014-09-22 13:55:11 +02:00
67402e67af
swanctl: Add a --load-all command, performing --load-{creds,pools,conns}
2014-09-22 13:55:11 +02:00
214a859cd6
swanctl: Add a --reload-settings command
2014-09-22 13:55:11 +02:00
bc9acd7b9e
swanctl: Document --stats command
2014-09-19 11:30:08 +02:00
8a59fa6467
swanctl: Document how connections.*.unique affects initiators
2014-09-09 10:56:15 +02:00
d236db8701
swanctl: Fix documentation of options for send_cert setting
2014-07-28 10:38:34 +02:00
88a33f8aa7
swanctl: Fix the swanctl.conf cacerts option name in the manpage and template
2014-07-14 09:18:47 +02:00
1bd175a9ef
swanctl: Fix Doxygen group assignment
2014-06-30 13:16:16 +02:00
ed01c1afff
Fixed some typos
2014-06-30 13:16:16 +02:00
df93458685
swanctl: Add a --stats command to print daemon infos and statistics
2014-06-17 17:55:45 +02:00
19ea055092
swanctl: Support private key decryption passhprases in swanctl.conf
...
While there is no real security benefit of storing private keys encrypted if
the passphrase is stored along with it, there still seems to be demand for this
functionality. We add it for compatibility with ipsec.secrets, even if it is
not really recommended.
2014-06-17 17:52:14 +02:00
5b7725f3b0
swanctl: Document replay_window option
2014-06-17 16:49:02 +02:00
dacb75f5c0
Split swanctl --raw mode into single-line and --pretty mode
2014-06-14 15:40:22 +02:00
6d092615e3
Added missing units (s = seconds)
2014-06-10 16:18:23 +02:00
f59e2b7bb3
swanctl: Stop logging with Ctrl+C on Windows as well
2014-06-04 15:53:12 +02:00
b67069b00c
swanctl: Concatenate relative certificate paths correctly on Windows
2014-06-04 15:53:09 +02:00
b2b54bd71d
Make sure getpass() is available
...
It's not on Android for example.
2014-05-29 12:28:53 +02:00
064fe9c963
enum: Return boolean result for enum_from_name() lookup
...
Handling the result for enum_from_name() is difficult, as checking for
negative return values requires a cast if the enum type is unsigned. The new
signature clearly differentiates lookup result from lookup value.
Further, this actually allows to convert real -1 enum values, which could not
be distinguished from "not-found" and the -1 return value.
This also fixes several clang warnings where enums are unsigned.
2014-05-16 15:42:07 +02:00
78db68cecf
swanctl: Properly initialize return value of --install command
2014-05-16 15:42:07 +02:00
e20e0a0586
swanctl: Increase default debug level to 1
...
We initially intended to silence debugging only during thread initialization,
not for swanctl in general.
2014-05-14 16:28:01 +02:00
b1076bc8fd
swanctl: By default print local swanctl version with --version
...
But add a --daemon option to query the IKE daemon for its version.
2014-05-07 15:48:17 +02:00
92884b4683
swanctl: Install empty credential folders with appropriate permissions
2014-05-07 15:48:17 +02:00
2230f18358
swanctl: Document most swanctl.conf options in manpage
2014-05-07 15:48:17 +02:00
d909e51918
swanctl: Keep swanctl.conf man/template section order as defined
2014-05-07 15:48:17 +02:00
85d26e0c87
swanctl: Add a swanctl command overview manpage
2014-05-07 15:48:17 +02:00
b18191ba0f
swanctl: Generate swanctl.conf(5) man page
2014-05-07 15:48:16 +02:00
6a461f0852
swanctl: Generate man page snippet with config options
2014-05-07 15:48:16 +02:00
5fdba04312
swanctl: Convert swanctl.conf to an options file and generate config
2014-05-07 15:48:16 +02:00
49d8a5f554
swanctl: Install swanctl.conf if it does not exist yet
2014-05-07 15:48:16 +02:00
1312eab036
swanctl: Change syntax of secrets to accept identities with special chars
...
Having identity strings in the settings key is problematic, as the parser can't
handle arbitrary characters in it. Further, the space separation makes it
impossible to define identities with spaces.
The new format uses key prefixes, similar to those used in local/remote auth
sections of connections. The secrets section takes subsections with type
prefixes, and each subsection uses "id" prefixes to define an arbitrary
number of identities.
2014-05-07 15:48:16 +02:00
a2875525ae
swanctl: List local and remote addresses in list-conns
2014-05-07 15:48:16 +02:00
43306afe8e
swanctl: Add a list-pools command to summarize pool status
2014-05-07 15:48:15 +02:00
a77acc183a
swanctl: Add a load-pools command to (re-)load pool configurations from file
2014-05-07 15:48:15 +02:00
4ee33b44df
swanctl: Encode connection "pools" as list items
2014-05-07 15:48:15 +02:00
250c6e3d90
swanctl: Fix enumeration of registered commands if MAX_COMMANDS is hit
2014-05-07 15:48:15 +02:00
7b35c02db4
swanctl: Implement a --log command to trace debugging log
2014-05-07 15:48:15 +02:00
3b22e8e995
swanctl: Add a swanctl.conf template file
2014-05-07 15:48:15 +02:00
2d5c3a0f0f
swanctl: Implement a --list-certs command to print or export daemon certificates
2014-05-07 15:48:15 +02:00
ebe78940aa
swanctl: Be more verbose while loading connections and credentials
2014-05-07 15:48:15 +02:00
51bdc1f3f1
swanctl: Add a list-conns command to query loaded connections
2014-05-07 15:48:14 +02:00
da866234bb
swanctl: Register --version as last command
2014-05-07 15:48:14 +02:00
c1e413db49
swanctl: Support groups, certs and cacerts keywords
2014-05-07 15:48:14 +02:00
818acc8638
swanctl: Load shared secrets from the swanctl.conf secrets section
2014-05-07 15:48:14 +02:00
d622e6da0f
swanctl: Load different private keys with load-creds
2014-05-07 15:48:14 +02:00
2c1511dbf8
swanctl: Add a command to (re-)load credentials
2014-05-07 15:48:14 +02:00
7c8a907895
swanctl: Use a ./configure-able swanctl base directory
2014-05-07 15:48:14 +02:00
991c9b5e77
swanctl: After loading connections, unload those that are not in config anymore
2014-05-07 15:48:14 +02:00
ee599d14ad
swanctl: Implement a load-conn command to load connections from a file
2014-05-07 15:48:13 +02:00
283b0b9e92
swanctl: Implement a list-pols command to query trap/shunt policies
2014-05-07 15:48:13 +02:00
90ae636ccb
swanctl: Implement install/uninstall commands to manage shunt/trap policies
2014-05-07 15:48:13 +02:00
073be3cad4
swanctl: Add a version command to query daemon and OS info
2014-05-07 15:48:13 +02:00
3dc377b37f
swanctl: Add a terminate command
2014-05-07 15:48:13 +02:00
cb1c409b84
swanctl: Add a subcommand to initiate connections by name
2014-05-07 15:48:13 +02:00
86910faeca
swanctl: Add a list-sas command to query active IKE_SAs
2014-05-07 15:48:13 +02:00
e381e69f9b
swanctl: Add a stub for a vici based configuration and control utility
2014-05-07 15:48:10 +02:00
Andreas Steffen