This XAuth backend does not do any authentication of client credentials
but simply sends a successful XAuth status to the client, thereby
concluding the XAuth exchange. This can be useful to fallback to basic
RSA authentication with clients that can not be configured without XAuth
authentication.
Add a systime-fix plugin allowing an embedded system to validate certificates
if the system time has not been synchronized after boot. Certificates of
established tunnels can be re-validated after the system time gets valid.
AC_TRY_COMPILE and AC_TRY_RUN are deprecated. The new construct with
AC_*_IFELSE and AC_LANG_PROGRAM requires double quoting the source code
of these test programs.
The --disable-defaults option disables all plugins that would be
enabled by default. This allows to selectively enable specific plugins
without issues when new default options get added in future releases.
This brings support for EAP-Nak payloads on the client (to select a
specific or supported method), and the server (via the eap-dynamic
plugin which selects a method supported/requested by the client).
This branch introduces a userland IPsec implementation (libipsec) and an
Android App which targets the VpnService API that is provided by Android 4+.
The implementation is based on the bachelor thesis 'Userland IPsec for
Android 4' by Giuliano Grassi and Ralf Sager.
This branch comes with some preliminary changes for the user-land IPsec
implementation and the Android App.
One important change is that the UDP ports used by the socket-default plugin
were made configurable (either via ./configure or strongswan.conf).
Also, the plugin does randomly allocate a port if it is configured to 0,
which is useful for client implementations. A consequence of these
changes is that the local UDP port used when creating ike_cfg_t objects has
to be fetched from the socket.