edad908792
Fixed compiler warnings regarding enum comparison.
...
Warnings like
comparison of unsigned expression < 0 is always false
are reported with -Wextra when enum types that are compiled to an
unsigned type (which is up to the compiler) are checked for negativity.
2011-11-25 09:40:30 +01:00
f3da58aaa9
Fix DNS error handling for keyexchange=ike.
...
starter fails to load a connection when a peer's DNS name is temporarily
unresolvable and keyexchange=ike was specified, which defaults to IKEv2.
The connection loads just fine in case of keyexchange=ikev2.
2011-10-25 09:44:17 +02:00
6f4eaa41a7
starter: Use automake LEX/YACC automatisms.
2011-10-10 19:31:04 +02:00
40921edc38
Support resolution of "allow_any" DNS names in charon (%hostname)
2011-09-02 13:42:45 +02:00
e59a50009c
starter passes unresolved DNS names to charon
...
Based on an initial patch by Mirko Parthey.
2011-08-29 09:58:18 +02:00
45048eae23
Verify that executables are available and set (pluto|charon)start accordingly.
...
Some distributions enable both daemons but then distribute the
executables in two separate packages. If only one package is installed
but both daemons are enabled in ipsec.conf, starter will try to start
the non existing daemon over and over again, and will each time readd
the configs to the other daemon.
2011-08-11 13:38:05 +02:00
f87991704e
implemented PASS and DROP shunt policies
2011-06-28 19:42:54 +02:00
6c302616f1
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
2010-12-20 09:45:39 +01:00
a0d13f42e6
starter: Some whitespace cleanup.
2010-09-02 19:04:25 +02:00
f13a03add0
Moved EAP type/code definitions to a seprate header file in libstrongswan
2010-08-31 15:35:29 +02:00
87799b0c00
moved eap_from_string() fomr libcharon to libstrongswan to make it available in starter
2010-08-13 15:07:53 +02:00
4412ee86c5
recognize eap-ttls method
2010-08-12 23:58:54 +02:00
2107953804
Added EAP-TLS plugin stub
2010-08-03 15:39:24 +02:00
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
fc753c1d3e
remove subnet from sourceip
2010-05-02 17:58:36 +02:00
61e48488d9
final fix for cloning and deleting sourceip strings
2010-05-02 15:55:46 +02:00
a48484322e
fixed end->sourceip memory leak in ipsec starter
2010-05-02 14:56:35 +02:00
667b73721a
Added left-/rightikeport ipsec.conf options to use custom IKE ports
2010-02-26 11:44:33 +01:00
8015c91cb9
Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
2010-01-27 16:05:11 +01:00
270bb348e3
pluto now supports SQL-based virtual IP pools
2009-10-14 14:30:14 +02:00
075448fbc8
Complain about missing %defaultroute support only if one is actually used
2009-09-16 13:27:49 +02:00
7daf5226b7
removed trailing spaces ([[:space:]]+$)
2009-09-04 13:46:09 +02:00
11e6d28533
pluto supports ECDSA authentication
2009-06-12 19:59:49 +02:00
723534283c
use bool instead of int
2009-05-07 17:42:25 +02:00
8c5d72cd0b
removing svn keyword $Id$ from all files
2009-04-30 13:19:35 +00:00
9d53cc5d43
already had the correct formatting
2009-04-19 19:22:31 +00:00
3d7a244b54
conversion from 8 spaces to 4 spaces per tab
2009-04-19 19:16:09 +00:00
67411e66c3
port the libstrongswan memory allocation methods to pluto
2009-04-17 07:11:29 +00:00
e4838d02b3
set the default of plutostart/charonstart according to ./configure options
2009-03-24 15:02:12 +00:00
4a6b84a934
reintegrated eap-radius branch into trunk
2009-03-24 10:24:58 +00:00
f98cdf7a47
adding plugin for EAP-MS-CHAPv2
2009-02-18 19:57:15 +00:00
d487b4b727
preliminary support of Mobile IPv6
2008-11-11 06:37:37 +00:00
1caa265c61
a (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM
2008-08-21 12:10:07 +00:00
1dec30625e
check if parsing of ipsec update was successful
2008-07-02 05:51:49 +00:00
ea0823dffd
ECDSA with OpenSSL
2008-06-10 09:08:27 +00:00
77b9c3a214
end->srcip string must be removed if it contains %config
2008-04-27 11:28:58 +00:00
937eb2db00
fixed memory corruption problem in starter
2008-04-27 10:49:31 +00:00
3444390241
supporting multiple comma seperated subnets in left/rightsubnet definition
...
e.g. leftsubnet=10.2.0.0/16,10.4.0.0/16
2008-04-25 12:41:37 +00:00
f45411c045
set long-forgotten DPD defaults
2008-04-15 11:27:45 +00:00
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
aa1a730bfb
set nexthop default value to 0::0 in IPv6 connections
2007-12-19 00:49:32 +00:00
0f806802ae
implemented Expanded EAP types to support vendor specific methods
2007-12-13 17:31:21 +00:00
4b403e7672
merged EAP-MD5 into trunk
2007-12-12 14:29:10 +00:00
496e76cbdf
added RCSID
2007-10-08 19:57:54 +00:00
f9b8417a7c
renamed force_encap to forceencaps (as it is named in openswan)
2007-10-02 06:57:58 +00:00
9dae1bed00
implemented IKEv2 force_encap connection parameter
...
enforces UDP encapsulation by faking NAT detection payloads
to hurdle restrictive firewalls
2007-10-01 12:19:39 +00:00
9164e49ac0
added mobike=yes|no connection option
...
yes: include mobike support notifies as initiator
no: only enable mobike as responder when initiator supports it
default: yes
2007-08-29 12:11:25 +00:00
ec11518d1b
handle dns lookup failures
2007-08-02 18:38:28 +00:00
ae4388dca0
cosmetics
2007-07-04 05:42:09 +00:00
Tobias Brunner