Martin Willi
e0fe765152
restructured file layout
...
new configuration structure:
peer_cfg: configuration related to a peer (authenitcation, ...=
ike_cfg: config to use for IKE setup (proposals)
child_Cfg: config for CHILD_SA (proposals, traffic selectors)
a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
2007-04-10 06:01:03 +00:00
Andreas Steffen
1628cd6bda
adapt evaltest to changed debug output
2007-04-06 10:39:24 +00:00
Andreas Steffen
babdde4fa4
cosmetics in debug output
2007-04-06 10:35:13 +00:00
Andreas Steffen
f5fc277463
crl-ldap scenario added
2007-04-06 10:02:27 +00:00
Andreas Steffen
db88e37d2f
ldap-based crl fetching supported
2007-04-06 09:51:04 +00:00
Andreas Steffen
2c0e0f4f62
changed LDAP_VER compile option to LIBLDAP
2007-04-06 09:49:05 +00:00
Andreas Steffen
241d2ff3bc
support of ldap-based crl fetching
2007-04-06 09:44:06 +00:00
Andreas Steffen
4c56bd64e5
removed list_crls() and list_ocsp() methods
2007-04-06 09:43:20 +00:00
Andreas Steffen
3c5c3431b3
removed list_crls() and list_ocsp() methods
2007-04-06 09:42:45 +00:00
Andreas Steffen
915c7add1f
enabled crl fetching using crlcheckinterval != 0
2007-04-05 17:51:12 +00:00
Andreas Steffen
46b9ff68d0
cachecrls=yes supported by IKEv2
2007-04-05 17:44:50 +00:00
Andreas Steffen
389623374f
enabled crl fetching using crlcheckinterval != 0
2007-04-05 17:40:33 +00:00
Andreas Steffen
1d1e55b4c3
added crl-to-cache
2007-04-05 17:18:25 +00:00
Andreas Steffen
7771780b38
added crl-from-cache
2007-04-05 17:18:15 +00:00
Andreas Steffen
a224faf9ea
block crl fetching
2007-04-05 17:10:59 +00:00
Andreas Steffen
45c97f180f
block crl fetching
2007-04-05 17:09:54 +00:00
Andreas Steffen
69837d5baa
support multiple ocsp servers
2007-04-05 17:08:51 +00:00
Andreas Steffen
8883eef7b8
support cachecrls=yes
2007-04-05 17:07:14 +00:00
Andreas Steffen
e58afb1a0a
support of crlcheckinterval=0 to disable IKEv2 CRL fetching
2007-04-04 07:49:05 +00:00
Martin Willi
80b7162531
improved log output for checkout_by_message()
2007-04-04 07:11:12 +00:00
Andreas Steffen
e47a7a131d
reinsert SHAREDTREE
2007-04-04 05:29:20 +00:00
Andreas Steffen
c056d929b2
--enable-ldap without value 3
2007-04-04 05:26:21 +00:00
Andreas Steffen
d15d1cc4f3
recognize strongSwan 2.8.4 VID
2007-04-04 05:25:06 +00:00
Andreas Steffen
8f76dbe8b1
support of dynamical http-based CRL fetching
2007-04-03 22:05:04 +00:00
Andreas Steffen
ace5de18b2
iptables -L has now a link of its own
2007-04-03 22:03:25 +00:00
Andreas Steffen
3d62a7d225
fixed crl fetching bug
2007-04-03 22:02:17 +00:00
Andreas Steffen
7e4f8db2bf
added ip route list and iptables -L
2007-04-03 21:18:46 +00:00
Andreas Steffen
a0eaa59b50
implemented dynamic http-based CRL fetching
2007-04-03 21:11:23 +00:00
Andreas Steffen
5d6dc162f2
send VID_NATT_IETF_02_N for Windows 2003 server support
2007-04-03 21:10:08 +00:00
Andreas Steffen
a8f02ad5f5
implemented dynamic http-based CRL fetching
2007-04-03 21:09:11 +00:00
Andreas Steffen
f166af2c0a
implemented http get method
2007-04-03 19:46:50 +00:00
Andreas Steffen
3b4f7d922a
IKEv1 changes
2007-04-03 12:41:37 +00:00
Andreas Steffen
b0f9f02ca4
added --enable-nat-transport and --disable-vendor-id configuration options
2007-04-03 07:58:34 +00:00
Andreas Steffen
7b0c588a88
added --enable-nat-transport and --disable-vendor-id configuration options
2007-04-03 07:58:21 +00:00
Andreas Steffen
a0c15611a4
bug fix: check existence of encryption key before sending encrypted notification
2007-04-02 19:04:51 +00:00
Martin Willi
ed284399cd
updated NEWS, TODO
2007-03-30 12:49:19 +00:00
Martin Willi
73390cce24
removed unneded includes
2007-03-30 12:24:31 +00:00
Martin Willi
3374c8b1c8
using IFA_LOCAL for interface enumeration to support ppp links
2007-03-30 09:21:48 +00:00
Martin Willi
b9e363f86f
added IKE_SA_INIT retransmission detection
...
fixed thread exhaustion when IKE_SA is blocked for a longer time
2007-03-29 14:20:10 +00:00
Martin Willi
891e69944f
implemented DoS protection with cookies and IP filter
2007-03-29 11:26:55 +00:00
Martin Willi
361e6df8c1
fixed task manager message id bug for cookies
2007-03-29 11:08:30 +00:00
Martin Willi
a6bdc731b1
added retry limit for IKE_SA_INIT (give up after 5 cookie failures)
2007-03-29 11:07:49 +00:00
Martin Willi
25eaae17db
added chunk_from_thing() macro
2007-03-29 11:06:59 +00:00
Andreas Steffen
6819e4d754
implemented ipsec purgeocsp
2007-03-28 20:43:38 +00:00
Andreas Steffen
6af6c0bfc3
cosmetics
2007-03-28 20:43:25 +00:00
Andreas Steffen
2bfadf7f3b
implemented ipsec purgeocsp
2007-03-28 20:43:11 +00:00
Martin Willi
4deb89485c
removed send_queue, handled internally in sender_t know
...
do header parsing in receiver, ready for cookie integration
2007-03-28 13:34:02 +00:00
Martin Willi
077a6fff95
implemented a simple IP blocking filter in receiver thread
2007-03-28 09:23:03 +00:00
Martin Willi
9179ac9667
merged changes from eap-aka trunk
2007-03-28 07:32:54 +00:00
Andreas Steffen
9d9c72e317
is_trusted() adds cert_status to cert_to_be_trusted
2007-03-28 05:38:42 +00:00