d8e62ae9b4
version bump to 5.0.2dr2
2012-10-20 10:49:27 +02:00
c2a5e7bcf9
updated NEWS
2012-10-19 08:52:35 +02:00
a9c9414d58
implemented IETF Numeric Version attribute
2012-10-18 22:33:26 +02:00
ef315c5a1c
implemented IETF Remediation Instructions attribute
2012-10-18 18:24:26 +02:00
d2c8bc4df0
Handle type of first EAP-RADIUS response more sophisticated
2012-10-18 14:48:11 +02:00
a5436657e9
Starter ignores non-fatal errors when reloading config
2012-10-18 14:42:11 +02:00
9e730ef9df
Starter unroutes removed or changed connections before loading and routing new ones
2012-10-18 14:42:11 +02:00
21037942e8
Update routed connections in trap manager
...
Before this change, modified configs that have been updated with ipsec reload,
could properly be started manually, but the old config would get used if
triggered via trap policies.
2012-10-18 14:42:10 +02:00
3555bacac7
Reload logger configuration on SIGHUP
...
Besides changing the configuration this allows to easily rotate log files.
Also moved logger initialization back to daemon_t.
2012-10-18 14:42:10 +02:00
d35d669180
Make syslog and file loggers configurable at runtime
2012-10-18 14:42:10 +02:00
18a8893e8e
Store loggers in conftest separately, not on charon
2012-10-18 14:42:10 +02:00
3c4d383443
Added an option to reload certificates from PKCS#11 tokens on SIGHUP
2012-10-18 14:42:09 +02:00
ca1c2ee281
Copy the name of pkcs11_library_t objects
...
Strings returned by settings_t.create_section_enumerator will be freed
when the config is reloaded.
2012-10-18 14:42:09 +02:00
c30573467b
New Android release after adding MOBIKE support
2012-10-18 14:03:38 +02:00
8bd00205f4
Merge branch 'android-mobility'
...
This brings support for MOBIKE to the Android app. The app also tries
to keep the connection up as long as possible.
DNS queries are now handled by a new class that uses independent threads to
resolve them, this allows to cancel them e.g. if no network connectivity is
available (otherwise the app would block until the DNS query returns).
2012-10-18 12:28:14 +02:00
25a413cb96
Use a shortcut to resolve numeric IP addresses (no need for separate threads)
2012-10-18 12:27:32 +02:00
d377556863
Use native threads in host resolver so that it works even if processor has no threads
2012-10-18 12:26:49 +02:00
b4f6c39e55
Terminate unused resolver threads after a timeout
2012-10-18 12:26:00 +02:00
49e2d109a3
Only create more threads if needed in host_resolver_t
2012-10-18 12:26:00 +02:00
eecd41e349
Use a helper function to add milliseconds to timeval structs
2012-10-18 12:25:59 +02:00
2b6088c718
android: Ignore if peer is unreachable when reestablishing an SA
2012-10-18 12:25:59 +02:00
901f6ac403
android: Use a shorter timeout for retransmits
2012-10-18 10:57:55 +02:00
8658e87b35
android: Use keyingtries=%forever and dpd|closeaction=restart
...
We also ignore the CHILD_SA_DOWN event.
This should allow us to keep the connection up as long as the user does
not manually disconnect.
2012-10-18 10:57:55 +02:00
292d8f41c3
Resolve hosts by DNS name in separate threads so we can cancel them
...
getaddrinfo(3) may block a long time so proper termination of the daemon may
block if DNS servers are not reachable.
getaddrinfo(3) is an optional cancellation point in posix threads so it
might still block a shutdown but at least on Android (with the signal based
pthread_cancel implementation) it works, on Linux starter will kill charon
anyway after a while.
2012-10-18 10:57:55 +02:00
bbf90fcc79
no need to include pa_tnc_msg.h
2012-10-18 07:00:32 +02:00
6a61b79583
refactored PA-TNC message handling by IMVs
2012-10-17 23:15:14 +02:00
f8a70254a9
refactored PA-TNC message handling by IMCs
2012-10-17 10:02:53 +02:00
154cae09e3
increased IMC/IMV debug level to 3
2012-10-17 10:02:53 +02:00
c8b88ba733
removed unused variable
2012-10-17 10:02:52 +02:00
272ce5b580
android: Handle unreachable peers via alert
2012-10-16 14:16:17 +02:00
1d6dc62727
Added a new alert that is raised if peer does not respond to initial IKE message
2012-10-16 14:16:17 +02:00
b00806cf85
android: Use 0.0.0.0/0 as local traffic selector
...
This is helpful if the responder also wants to tunnel e.g. multicast
packages.
2012-10-16 14:16:17 +02:00
488b1cad13
Log IP addresses for discarded inbound IPsec packets
2012-10-16 14:16:17 +02:00
45885ca613
android: Bypass/protect previously bypassed sockets if connectivity changes
2012-10-16 14:16:17 +02:00
9167ca8b2b
android: Support for IPsec SA update added
2012-10-16 14:16:17 +02:00
51823c1f31
Use pointers for lookups in IPsec SA manager
2012-10-16 14:16:17 +02:00
4785fbbc9c
IPsec SA manager implements update_sa()
2012-10-16 14:16:17 +02:00
7622c5e97e
Setter for src and destination address of ipsec_sa_t added
2012-10-16 14:16:17 +02:00
5b88d80f22
android: Trigger roam events in case connectivity changes
2012-10-16 14:16:17 +02:00
ef3d1a1ba9
android: Register NetworkManager as BroadcastReceiver and relay events via JNI
2012-10-16 14:16:17 +02:00
38bbca587f
android: Determine source address dynamically
2012-10-16 14:16:17 +02:00
8f092a2221
android: Added NetworkManager class which allows to retrieve a local IP address
2012-10-16 14:16:17 +02:00
b0e0932538
android: Increase compile warnings
2012-10-16 14:16:16 +02:00
c3bce1aa3d
android: Fixed "Configure" button in Android VPN dialog
2012-10-16 14:16:16 +02:00
e3d98f2c4c
android: Don't use the default ESP proposal as it includes unsupported algorithms
2012-10-16 14:16:16 +02:00
a70851c941
Remove unused this parameter to load_issuer_cert/key(), as it is uninitialized
2012-10-16 14:11:14 +02:00
c1024a6bd6
Generate a load-tester certificate only for DN or subjectAltName identities
2012-10-16 13:43:54 +02:00
db97d67825
Add a load-tester initiator_match option to match custom initiator_id
2012-10-16 13:43:54 +02:00
5359c7a437
Encode non-DN load-tester identities as subjectAltNames
2012-10-16 13:43:54 +02:00
562b89ccee
Add a load-tester digest option for issuing peer certificates
2012-10-16 13:43:54 +02:00
Andreas Steffen