ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,353 Commits 7 Branches 233 Tags 88 MiB
Commit Graph

50 Commits

Author SHA1 Message Date
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner 18bee9306a nm: Replace deprecated g_type_class_add_private() 
Fixes #2765, #3197.
 2020-02-05 10:54:37 +01:00
Tobias Brunner 9486a2e5b0 ike-cfg: Pass arguments as struct 2019-04-25 14:31:33 +02:00
Tobias Brunner 05b7f1cbfe charon-nm: Add IPv6 support 2019-03-14 13:42:08 +01:00
Tobias Brunner 0af3a4f103 charon-nm: Handle IPv6 DNS server attributes 2019-03-14 13:42:08 +01:00
Tobias Brunner 0b117dc960 charon-nm: Set local address to %any so IPv6 may be used as outer address 2019-03-14 13:42:08 +01:00
Tobias Brunner 5538e29071 charon-nm: Request virtual IPv6 address and appropriate TS 2019-03-14 13:42:08 +01:00
SC Lee 3a41febb1c charon-nm: Parse any type of private key in need_secrets 
Previously, when the user supplied an ECDSA key for public key authentication,
the user was always asked to provide a password, even if the key was not
encrypted.

Related: 954f73ea6e ("charon-nm: Parse any type of private key not only RSA")
Closes strongswan/strongswan#108.
 2018-07-09 12:21:43 +02:00
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Tobias Brunner 7b72909774 controller: Add option to force destruction of an IKE_SA 
It's optionally possible to wait for a timeout to destroy the SA.
 2018-05-22 10:06:07 +02:00
Tobias Brunner 954f73ea6e charon-nm: Parse any type of private key not only RSA 2018-03-07 15:23:03 +01:00
Tobias Brunner ee8c25516a charon-nm: Fix building list of DNS/MDNS servers with libnm 
g_variant_builder_add() creates a new GVariant using g_variant_new() and
then adds it to the builder.  Passing a GVariant probably adds the
pointer to the array, not the value.  I think an alternative fix would
be to use "@u" as type string for the g_variant_builder_add() call, then
the already allocated GVariant is adopted.

Fixes: 9a71b7219c ("charon-nm: Port to libnm")
 2018-02-22 09:05:48 +01:00
Tobias Brunner 268a1bfa34 charon-nm: Remove unused variable 2018-02-05 15:11:03 +01:00
Lubomir Rintel 9a71b7219c charon-nm: Port to libnm 
libnm-glib is deprecated for several years and reaching the end of its
life. Let's switch to the more up-to-date library.

Closes strongswan/strongswan#85.
 2017-12-22 10:05:10 +01:00
Tobias Brunner 749ac175fa child-cfg: Use flags for boolean options 
Makes it potentially easier to add new flags.
 2017-05-23 16:51:15 +02:00
Defunct 4ac68f02f2 charon-nm: IKE/ESP proposal customization support 
Closes strongswan/strongswan#69.
 2017-05-08 14:33:58 +02:00
Tobias Brunner 07bbd2f642 nm: Enable IKE fragmentation 2016-10-20 08:03:26 +02:00
Tobias Brunner 97c74b565b nm: Make global CA directory configurable 2016-10-04 10:27:35 +02:00
Tobias Brunner a28c6269a4 nm: Remove dummy TUN device 
Recent NM releases don't insist on getting a device back from VPN
plugins.
 2016-10-04 09:57:14 +02:00
Tobias Brunner f201d86deb nm: Pass external gateway to NM 
This seems to be required by newer versions.
 2016-09-05 15:41:16 +02:00
Tobias Brunner 9e74a0952e nm: Enforce min. length for PSKs in backend 2016-09-05 15:41:15 +02:00
Tobias Brunner 2ba5dadb12 peer-cfg: Use struct to pass data to constructor 2016-04-09 16:51:01 +02:00
Tobias Brunner 8a00a8452d child-cfg: Use struct to pass data to constructor 2016-04-09 16:51:01 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Martin Willi 8d74ec9e80 ike: Add an additional but separate AEAD proposal to CHILD config 
This currently has no effect: We don't include AEAD algorithms in the default
ESP proposal, as we don't know if it is supported by the backend. But as we
hopefully get an algorithm query mechanism on kernel interfaces some day, we
add the appropriate functionality nonetheless.
 2014-05-16 16:51:19 +02:00
Martin Willi 879e3d12ca ike: Add an additional but separate AEAD proposal to IKE config, if supported 2014-05-16 16:51:19 +02:00
Tobias Brunner f738753abc nm: Fix NULL-pointer dereference when handling TUN device failure 2014-04-09 16:35:46 +02:00
Tobias Brunner c489c5881a charon-nm: No additional secrets are required once a password has been entered 
Recent versions of NM will call need_secrets() as long as it returns TRUE,
but then fail as the number of calls is limited by an assert.

Fixes #547.
 2014-03-18 14:53:40 +01:00
Tobias Brunner 5ae822cfcd nm: Handle PSK option in NM backend 2013-11-27 18:36:58 +01:00
Martin Willi 3070697f9f ike: support multiple addresses, ranges and subnets in IKE address config 
Replace the allowany semantic by a more powerful subnet and IP range matching.
Multiple addresses, DNS names, subnets and ranges can be specified in a comma
separated list. Initiators ignore the ranges/subnets, responders match
configurations against all addresses, ranges and subnets.
 2013-09-04 10:38:37 +02:00
Martin Willi 9aeaa7396e peer-cfg: add a pull/push mode option to use with mode config 2013-09-04 10:33:37 +02:00
Tobias Brunner 3651c8dcd5 charon-nm: Prevent NM from changing the default route 
This is not required as we install our own (narrow) route(s) in our own
routing table. This should allow split tunneling if configured on the
gateway.
 2013-03-19 16:25:26 +01:00
Tobias Brunner 9cf09ecad7 charon-nm: Use VIP (if any) as local address 
NM will install this address on the provided device.
 2013-03-19 16:25:26 +01:00
Tobias Brunner c15eea7306 charon-nm: Pass a dummy TUN device to NetworkManager 
NetworkManager modifies the addresses etc. on this interface so using
"lo" is not optimal. With the dummy interface NM is free to do its
thing.
 2013-03-19 16:25:26 +01:00
Martin Willi 306a269e34 Add a DSCP configuration value to IKE configs 2013-02-06 15:20:32 +01:00
Tobias Brunner 365d9a6f67 Added an option that allows to force IKEv1 fragmentation 2013-01-12 11:54:32 +01:00
Tobias Brunner 97973f8609 Use a connection specific option to en-/disable IKEv1 fragmentation 2012-12-24 13:00:01 +01:00
Tobias Brunner 2e7cc07ecd Moved host_t and host_resolver_t to a new networking subfolder 2012-10-24 15:06:18 +02:00
Martin Willi 1fdd62ffce Remove version argument on peer_cfg constructor, use ike_cfg version instead 2012-10-24 10:19:33 +02:00
Martin Willi 9fc7cc6f9b Add IKE version information to ike_cfg_t 2012-10-24 10:18:35 +02:00
Tobias Brunner a2a28d90ac Make streq() and strcaseeq() static inline functions so they can be used as callbacks 2012-09-21 18:16:26 +02:00
Tobias Brunner e6fcc172f8 Use AUTH_RULE_IDENTITY_LOOSE in NetworkManager backend 2012-09-18 14:40:40 +02:00
Martin Willi 497ce2cf51 Support multiple address pools configured on a peer_cfg 2012-08-30 16:43:42 +02:00
Martin Willi 101d26babe Support multiple virtual IPs on peer_cfg and ike_sa classes 2012-08-30 16:43:42 +02:00
Tobias Brunner b223d517c8 Replaced usages of CHARON_*_PORT with calls to get_port(). 2012-08-08 15:12:25 +02:00
Tobias Brunner e7ea057fd2 Make the UDP ports charon listens for packets on (and uses as source ports) configurable. 2012-08-08 15:07:43 +02:00
Martin Willi d12635c77d Pass "lo" as faked tundev to NM, as it now needs a valid interface since 0.9 2012-06-29 15:21:57 +02:00
Andreas Steffen 1d315bddd3 implemented the right|leftallowany feature 2012-06-08 21:24:41 +02:00
Andreas Steffen 80c5b17d1a make IKEv1 DPD timeout configurable in charon 2012-05-17 19:49:22 +02:00
Tobias Brunner b64f333612 Integrate nm plugin directly in charon-nm. 2012-05-03 13:57:03 +02:00