Andreas Steffen
d8e62ae9b4
version bump to 5.0.2dr2
2012-10-20 10:49:27 +02:00
Andreas Steffen
c2a5e7bcf9
updated NEWS
2012-10-19 08:52:35 +02:00
Andreas Steffen
a9c9414d58
implemented IETF Numeric Version attribute
2012-10-18 22:33:26 +02:00
Andreas Steffen
ef315c5a1c
implemented IETF Remediation Instructions attribute
2012-10-18 18:24:26 +02:00
Tobias Brunner
d2c8bc4df0
Handle type of first EAP-RADIUS response more sophisticated
2012-10-18 14:48:11 +02:00
Tobias Brunner
a5436657e9
Starter ignores non-fatal errors when reloading config
2012-10-18 14:42:11 +02:00
Tobias Brunner
9e730ef9df
Starter unroutes removed or changed connections before loading and routing new ones
2012-10-18 14:42:11 +02:00
Tobias Brunner
21037942e8
Update routed connections in trap manager
...
Before this change, modified configs that have been updated with ipsec reload,
could properly be started manually, but the old config would get used if
triggered via trap policies.
2012-10-18 14:42:10 +02:00
Tobias Brunner
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
Tobias Brunner
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
Tobias Brunner
18a8893e8e
Store loggers in conftest separately, not on charon
2012-10-18 14:42:10 +02:00
Tobias Brunner
3c4d383443
Added an option to reload certificates from PKCS#11 tokens on SIGHUP
2012-10-18 14:42:09 +02:00
Tobias Brunner
ca1c2ee281
Copy the name of pkcs11_library_t objects
...
Strings returned by settings_t.create_section_enumerator will be freed
when the config is reloaded.
2012-10-18 14:42:09 +02:00
Tobias Brunner
c30573467b
New Android release after adding MOBIKE support
2012-10-18 14:03:38 +02:00
Tobias Brunner
8bd00205f4
Merge branch 'android-mobility'
...
This brings support for MOBIKE to the Android app. The app also tries
to keep the connection up as long as possible.
DNS queries are now handled by a new class that uses independent threads to
resolve them, this allows to cancel them e.g. if no network connectivity is
available (otherwise the app would block until the DNS query returns).
2012-10-18 12:28:14 +02:00
Tobias Brunner
25a413cb96
Use a shortcut to resolve numeric IP addresses (no need for separate threads)
2012-10-18 12:27:32 +02:00
Tobias Brunner
d377556863
Use native threads in host resolver so that it works even if processor has no threads
2012-10-18 12:26:49 +02:00
Tobias Brunner
b4f6c39e55
Terminate unused resolver threads after a timeout
2012-10-18 12:26:00 +02:00
Tobias Brunner
49e2d109a3
Only create more threads if needed in host_resolver_t
2012-10-18 12:26:00 +02:00
Tobias Brunner
eecd41e349
Use a helper function to add milliseconds to timeval structs
2012-10-18 12:25:59 +02:00
Tobias Brunner
2b6088c718
android: Ignore if peer is unreachable when reestablishing an SA
2012-10-18 12:25:59 +02:00
Tobias Brunner
901f6ac403
android: Use a shorter timeout for retransmits
2012-10-18 10:57:55 +02:00
Tobias Brunner
8658e87b35
android: Use keyingtries=%forever and dpd|closeaction=restart
...
We also ignore the CHILD_SA_DOWN event.
This should allow us to keep the connection up as long as the user does
not manually disconnect.
2012-10-18 10:57:55 +02:00
Tobias Brunner
292d8f41c3
Resolve hosts by DNS name in separate threads so we can cancel them
...
getaddrinfo(3) may block a long time so proper termination of the daemon may
block if DNS servers are not reachable.
getaddrinfo(3) is an optional cancellation point in posix threads so it
might still block a shutdown but at least on Android (with the signal based
pthread_cancel implementation) it works, on Linux starter will kill charon
anyway after a while.
2012-10-18 10:57:55 +02:00
Andreas Steffen
bbf90fcc79
no need to include pa_tnc_msg.h
2012-10-18 07:00:32 +02:00
Andreas Steffen
6a61b79583
refactored PA-TNC message handling by IMVs
2012-10-17 23:15:14 +02:00
Andreas Steffen
f8a70254a9
refactored PA-TNC message handling by IMCs
2012-10-17 10:02:53 +02:00
Andreas Steffen
154cae09e3
increased IMC/IMV debug level to 3
2012-10-17 10:02:53 +02:00
Andreas Steffen
c8b88ba733
removed unused variable
2012-10-17 10:02:52 +02:00
Tobias Brunner
272ce5b580
android: Handle unreachable peers via alert
2012-10-16 14:16:17 +02:00
Tobias Brunner
1d6dc62727
Added a new alert that is raised if peer does not respond to initial IKE message
2012-10-16 14:16:17 +02:00
Tobias Brunner
b00806cf85
android: Use 0.0.0.0/0 as local traffic selector
...
This is helpful if the responder also wants to tunnel e.g. multicast
packages.
2012-10-16 14:16:17 +02:00
Tobias Brunner
488b1cad13
Log IP addresses for discarded inbound IPsec packets
2012-10-16 14:16:17 +02:00
Tobias Brunner
45885ca613
android: Bypass/protect previously bypassed sockets if connectivity changes
2012-10-16 14:16:17 +02:00
Tobias Brunner
9167ca8b2b
android: Support for IPsec SA update added
2012-10-16 14:16:17 +02:00
Tobias Brunner
51823c1f31
Use pointers for lookups in IPsec SA manager
2012-10-16 14:16:17 +02:00
Tobias Brunner
4785fbbc9c
IPsec SA manager implements update_sa()
2012-10-16 14:16:17 +02:00
Tobias Brunner
7622c5e97e
Setter for src and destination address of ipsec_sa_t added
2012-10-16 14:16:17 +02:00
Tobias Brunner
5b88d80f22
android: Trigger roam events in case connectivity changes
2012-10-16 14:16:17 +02:00
Tobias Brunner
ef3d1a1ba9
android: Register NetworkManager as BroadcastReceiver and relay events via JNI
2012-10-16 14:16:17 +02:00
Tobias Brunner
38bbca587f
android: Determine source address dynamically
2012-10-16 14:16:17 +02:00
Tobias Brunner
8f092a2221
android: Added NetworkManager class which allows to retrieve a local IP address
2012-10-16 14:16:17 +02:00
Tobias Brunner
b0e0932538
android: Increase compile warnings
2012-10-16 14:16:16 +02:00
Tobias Brunner
c3bce1aa3d
android: Fixed "Configure" button in Android VPN dialog
2012-10-16 14:16:16 +02:00
Tobias Brunner
e3d98f2c4c
android: Don't use the default ESP proposal as it includes unsupported algorithms
2012-10-16 14:16:16 +02:00
Martin Willi
a70851c941
Remove unused this parameter to load_issuer_cert/key(), as it is uninitialized
2012-10-16 14:11:14 +02:00
Martin Willi
c1024a6bd6
Generate a load-tester certificate only for DN or subjectAltName identities
2012-10-16 13:43:54 +02:00
Martin Willi
db97d67825
Add a load-tester initiator_match option to match custom initiator_id
2012-10-16 13:43:54 +02:00
Martin Willi
5359c7a437
Encode non-DN load-tester identities as subjectAltNames
2012-10-16 13:43:54 +02:00
Martin Willi
562b89ccee
Add a load-tester digest option for issuing peer certificates
2012-10-16 13:43:54 +02:00