e91157a4b6
Fix SIGSEGV if kernel install fails during Quick Mode as responder.
2012-06-22 11:34:38 +02:00
fc16296391
adapted description to IKEv2
2012-06-22 09:53:37 +02:00
aa8898bc45
Fixed compile error because of charon->name in certexpire plugin.
2012-06-21 13:59:18 +02:00
bf577b6714
fixed typo
2012-06-20 11:15:09 +02:00
0802b8359e
added ipv6/rw-ip6-in-ip4-ikev1 scenario
2012-06-20 11:13:20 +02:00
36988a0a37
added ipv6/rw-ip6-in-ip4-ikev2 scenario
2012-06-20 11:03:51 +02:00
e2dd114f37
Select requested virtual IP family based on remote TS, if no local TS available
2012-06-20 10:02:01 +02:00
f2fc138e8e
upgraded UML options to 5.0.0
2012-06-19 19:34:26 +02:00
5d227c79a9
Doxygen fix in PKCS#7 wrapper
2012-06-19 13:32:59 +02:00
87f8ff168b
sleep one second more
2012-06-19 06:18:05 +02:00
e4012ae386
use socket-default in scenario
2012-06-19 06:17:37 +02:00
bc60bb8bf4
added ikev1/xauth-id-rsa-hybrid scenario
2012-06-18 22:51:50 +02:00
771a66c6a0
added ikev1/xauth-id-rsa-aggressive scenario
2012-06-18 22:30:26 +02:00
2045a9d36d
added secret as valid authby argument
2012-06-18 22:11:18 +02:00
8b8f5c6141
rsasig is not recognized as authentication method
2012-06-18 22:03:36 +02:00
49d18a8e06
enable potentially unsafe aggressive mode
2012-06-18 21:34:48 +02:00
7a892288fb
change ikev1/xauth scenarios to modern notation
2012-06-18 21:22:01 +02:00
6d3702ed61
testing: List IPv6 routing table in IPv6 test cases.
2012-06-15 16:46:27 +02:00
5c1332bf7c
NLM_F_DUMP includes NLM_F_ROOT.
2012-06-15 16:46:27 +02:00
8ec51f83e5
Don't create roam jobs based on cached/cloned routes.
2012-06-15 16:44:18 +02:00
9896b6bd58
Don't compare ports when comparing cached routes.
...
At least src_ip has a port set sometimes.
2012-06-15 16:44:07 +02:00
31bcaf604a
starter: Fixed parsing of %defaultroute.
2012-06-15 10:46:56 +02:00
af518b450e
Adopt children as XAuth initiator (which is IKE responder)
2012-06-14 14:49:19 +02:00
794cdbc53f
Added 5.0 NEWS about IKEv1 in charon
2012-06-14 10:57:29 +02:00
e36497700c
Print the kind of *Swan during starter startup
2012-06-14 10:25:48 +02:00
137035cc78
Show what kind of *Swan we run in "ipsec status"
2012-06-14 10:25:48 +02:00
b31a56f128
Require a scary option to respond to Aggressive Mode PSK requests
...
While Aggressive Mode PSK is widely used, it is known to be subject
to dictionary attacks by passive attackers. We don't complain as
initiator to be compatible with existing (insecure) setups, but
require a scary strongswan.conf option if someone wants to use it
as responder.
2012-06-14 10:25:48 +02:00
e49f18f74d
thanks to narrowing treat right|leftsubnetwithin as synonyms for right|leftsubnet
2012-06-14 07:55:12 +02:00
daa857029f
removed plutostart parameter
2012-06-13 21:19:05 +02:00
dd38e9fc83
scepclient: Fixed Makefile after removing enable-smartcard configure option.
2012-06-13 15:08:14 +02:00
f7cbc0fafe
Use proper defines for IPV6_PKTINFO on Mac OS X Lion and newer.
2012-06-13 15:02:10 +02:00
2015c46985
Some updates to the INSTALL document.
2012-06-13 12:24:23 +02:00
6d599fb964
Removed remaining pluto related configure options.
2012-06-13 11:33:32 +02:00
25fb9d3f4a
starter: Print additional help texts for selected deprecated keywords.
2012-06-12 16:15:03 +02:00
9707d9db79
starter: Improved how deprecated keywords are handled.
...
We only throw a warning now instead of rejecting the config.
2012-06-12 16:15:03 +02:00
5c7a219804
Revert "starter: Don't treat unsupported keywords as fatal errors just report them."
...
This reverts commit e55876a657
2012-06-12 16:15:03 +02:00
5a6e5e0d2d
NEWS about specifying trustchain HASH algorithm requirements
2012-06-12 15:01:39 +02:00
7c4214bd38
Add documentation for signature hash algorithm enforcing to man ipsec.conf
2012-06-12 15:01:39 +02:00
e35bbb9740
Added signature scheme options left/rightauth
2012-06-12 15:01:39 +02:00
918e92c4c9
Support multiple different public key strength types in constraints
2012-06-12 14:24:49 +02:00
fd4ff11858
Add signature schemes to auth_cfg during trustchain validation
2012-06-12 14:24:49 +02:00
a37f2d2006
certificate_t->issued_by takes an argument to receive signature scheme
2012-06-12 14:24:49 +02:00
439d0742e9
Define auth_cfg rules for signature schemes
2012-06-12 14:24:49 +02:00
e7c01bed49
starter: Fixed parsing of left|right=%any.
2012-06-12 10:16:51 +02:00
4745fce666
deleted IKEv1 charon-pluto interoperability scenarios
2012-06-12 10:00:21 +02:00
4d21846912
starter: Fix comparison of connections.
2012-06-11 17:33:32 +02:00
3e2ff81e5d
starter: Removed all unsupported keywords.
2012-06-11 17:33:32 +02:00
e55876a657
starter: Don't treat unsupported keywords as fatal errors just report them.
2012-06-11 17:33:32 +02:00
fff4b74db2
Bye bye Pluto!
...
Charon will take over IKEv1 duties from here. This also removes
libfreeswan and whack.
2012-06-11 17:33:32 +02:00
4a54860986
_copyright: Replicate copyright text here instead of calling libfreeswan.
2012-06-11 17:33:32 +02:00
Tobias Brunner