ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
12,372 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

64 Commits

Author SHA1 Message Date
Martin Willi d048a319df ike: Restart inactivity counter after doing a CHILD_SA rekey 
When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity
job is queued for a time unrelated to the rekey time, so it might happen
that the inactivity job gets executed just after rekeying. If this happens,
inactivity is detected even if we had traffic on the rekeyed CHILD_SA just
before rekeying.

This change implies that inactivity checks can't handle inactivity timeouts
for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter
than the rekey time to have any effect.
 2014-01-23 16:19:22 +01:00
Tobias Brunner 6956061197 ipsec.conf.5: Note about ICMP[v6] message type/code added 2013-10-17 16:57:39 +02:00
Martin Willi 5fdbb3c6ad ipsec.conf: Add a description for the new 'ah' keyword. 2013-10-11 10:15:22 +02:00
Tobias Brunner 8250fc10e8 Build generated man pages via configure script 2013-09-13 14:32:51 +02:00
Martin Willi 6301ec0ac5 man: add support for multiple addresses/ranges/subnets in ipsec.conf left= 2013-09-04 10:38:37 +02:00
Martin Willi 16149401e9 man: update ipsec.conf modeconfig keyword 2013-09-04 10:33:38 +02:00
Tobias Brunner 0ceb288815 Fix various API doc issues and typos 
Partially based on an old patch by Adrian-Ken Rueegsegger.
 2013-07-18 18:30:36 +02:00
Tobias Brunner b2dfa0624d ipsec.conf.5: closeaction is now supported for IKEv1 2013-07-17 18:18:57 +02:00
Tobias Brunner b7b5432ff8 stroke: Changed how proto/port are specified in left|rightsubnet 
Using a colon as separator conflicts with IPv6 addresses.
 2013-06-28 15:10:09 +02:00
Martin Willi 24df067810 man: update ipsec.conf.5, describing new proto/port definition within leftsubnet 2013-06-19 16:36:01 +02:00
Tobias Brunner 87692be215 Load any type (RSA/ECDSA) of public key via left|rightsigkey 2013-05-07 17:08:31 +02:00
Tobias Brunner fa1d3d39dc left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly 
The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.
 2013-05-07 15:38:28 +02:00
Martin Willi e82deaf6ce Merge branch 'multi-cert' 
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
 2013-03-01 11:35:32 +01:00
Martin Willi a36b49f3cb Merge branch 'opaque-ports' 
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
 2013-03-01 11:27:12 +01:00
Martin Willi 0abeac3a0b Document ipsec.conf leftprotoport extensions in manpage 2013-02-21 11:52:33 +01:00
Martin Willi 88f4cd3988 Add ikedscp documentation to ipsec.conf.5 2013-02-06 15:42:14 +01:00
Martin Willi 11a7abf554 Add ipsec.conf.5 updates regarding multiple certificates in leftcert 2013-01-18 09:33:15 +01:00
Tobias Brunner 365d9a6f67 Added an option that allows to force IKEv1 fragmentation 2013-01-12 11:54:32 +01:00
Tobias Brunner 97973f8609 Use a connection specific option to en-/disable IKEv1 fragmentation 2012-12-24 13:00:01 +01:00
Martin Willi f6d8fb3687 Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcards 2012-10-24 13:07:53 +02:00
Martin Willi 05e266ea9d Add leftcert ipsec.conf.5 documentation about smartcard certificates 2012-10-24 13:07:53 +02:00
Martin Willi 5b2e669ba2 Add ipsec.conf.5 documentation for explicit PRFs in IKE proposals 2012-10-24 11:49:37 +02:00
Martin Willi 55f126fd55 Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with Unity 2012-09-18 17:17:48 +02:00
Tobias Brunner b7a500e985 Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity> 2012-09-18 14:40:41 +02:00
Tobias Brunner 72970b458d Some updates to ipsec.conf(5) man page 2012-09-12 16:53:45 +02:00
Tobias Brunner f4cc7ea11b Add uniqueids=never to ignore INITIAL_CONTACT notifies 
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received.  With this new option
it also ignores these notifies.
 2012-09-10 17:37:18 +02:00
Martin Willi 1323dc1138 Merge branch 'multi-vip' 
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
 2012-08-31 12:55:56 +02:00
Tobias Brunner 5f6ef5d5ce Documentation for eap-dynamic added 2012-08-31 11:42:03 +02:00
Martin Willi 26bc695806 Updated ipsec.conf.5 with multiple left/rightsourceip support 2012-08-30 16:43:45 +02:00
Martin Willi c60f1da424 Add a description of the leftdns option to ipsec.conf.5 2012-08-21 09:38:01 +02:00
Tobias Brunner 56d07af3be Added ESP log group for libipsec log messages. 2012-08-08 15:12:25 +02:00
Martin Willi 46df61dff7 Add an ipsec.conf leftgroups2 parameter for the second authentication round 2012-07-26 11:51:58 +02:00
Tobias Brunner 66e12b926e Some updates in ipsec.conf(5) for 5.0.0 2012-06-26 12:39:53 +02:00
Andreas Steffen 2045a9d36d added secret as valid authby argument 2012-06-18 22:11:18 +02:00
Martin Willi 7c4214bd38 Add documentation for signature hash algorithm enforcing to man ipsec.conf 2012-06-12 15:01:39 +02:00
Tobias Brunner 95e41fb80a starter: Drop support for %defaultroute. 2012-06-11 17:33:29 +02:00
Tobias Brunner 18dac73f02 Updated ipsec.conf(5) to reflect changes to IPComp support. 2012-05-24 15:32:28 +02:00
Martin Willi b24be29646 Merge branch 'ikev1' 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/encoding/generator.c
	src/libcharon/encoding/payloads/notify_payload.c
	src/libcharon/encoding/payloads/notify_payload.h
	src/libcharon/encoding/payloads/payload.c
	src/libcharon/network/receiver.c
	src/libcharon/sa/authenticator.c
	src/libcharon/sa/authenticator.h
	src/libcharon/sa/ikev2/tasks/ike_init.c
	src/libcharon/sa/task_manager.c
	src/libstrongswan/credentials/auth_cfg.c
 2012-05-02 11:12:31 +02:00
Andreas Steffen 0293f09597 updated supported EAP methods 2012-03-30 11:15:10 +02:00
Martin Willi b1f2f05c92 Merge branch 'ikev1-clean' into ikev1-master 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/daemon.c
	src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
	src/libcharon/plugins/eap_radius/eap_radius_accounting.c
	src/libcharon/plugins/eap_radius/eap_radius_forward.c
	src/libcharon/plugins/farp/farp_listener.c
	src/libcharon/sa/ike_sa.c
	src/libcharon/sa/keymat.c
	src/libcharon/sa/task_manager.c
	src/libcharon/sa/trap_manager.c
	src/libstrongswan/plugins/x509/x509_cert.c
	src/libstrongswan/utils.h

Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
 2012-03-20 17:57:53 +01:00
Martin Willi 75e3d90d43 Updated ipsec.conf man page for the use of IKEv1 with pluto 2012-03-20 17:31:39 +01:00
Martin Willi c8d46f2959 Dropped support of deprecated authby=eap and eap= options 2012-03-20 17:31:38 +01:00
Tobias Brunner 54d096a712 Added ASN debug group to log low-level encoding/decoding (ASN.1, X.509). 
This will allow us to remove quite some clutter from the LIB debug group
for higher debug levels.
 2011-12-16 16:44:38 +01:00
Tobias Brunner 49b44c98c1 Charon also supports type=passthrough|drop. 2011-12-14 19:01:39 +01:00
Tobias Brunner b768d6a4a5 Documented xauth_identity in ipsec.conf(5) man page. 2011-12-14 18:04:39 +01:00
Tobias Brunner de13eab0e6 Documented the strict flag (!) for ike and esp options in ipsec.conf. 2011-09-26 17:51:53 +02:00
Tobias Brunner 7213abcbfb PTS log group documented in man pages. 2011-09-12 15:07:20 +02:00
Tobias Brunner 5b217e4994 Document charon's default log levels in ipsec.conf(5). 2011-09-12 15:07:20 +02:00
Tobias Brunner f3bb1bd039 Fixed common misspellings. 
Mostly found by 'codespell'.
 2011-07-20 16:14:10 +02:00
Martin Willi 4876f896a4 Added documentation and NEWS for closeaction 2011-06-07 12:07:22 +02:00