Tobias Brunner
e91157a4b6
Fix SIGSEGV if kernel install fails during Quick Mode as responder.
2012-06-22 11:34:38 +02:00
Andreas Steffen
fc16296391
adapted description to IKEv2
2012-06-22 09:53:37 +02:00
Tobias Brunner
aa8898bc45
Fixed compile error because of charon->name in certexpire plugin.
2012-06-21 13:59:18 +02:00
Andreas Steffen
bf577b6714
fixed typo
2012-06-20 11:15:09 +02:00
Andreas Steffen
0802b8359e
added ipv6/rw-ip6-in-ip4-ikev1 scenario
2012-06-20 11:13:20 +02:00
Andreas Steffen
36988a0a37
added ipv6/rw-ip6-in-ip4-ikev2 scenario
2012-06-20 11:03:51 +02:00
Martin Willi
e2dd114f37
Select requested virtual IP family based on remote TS, if no local TS available
2012-06-20 10:02:01 +02:00
Andreas Steffen
f2fc138e8e
upgraded UML options to 5.0.0
2012-06-19 19:34:26 +02:00
Tobias Brunner
5d227c79a9
Doxygen fix in PKCS#7 wrapper
2012-06-19 13:32:59 +02:00
Andreas Steffen
87f8ff168b
sleep one second more
2012-06-19 06:18:05 +02:00
Andreas Steffen
e4012ae386
use socket-default in scenario
2012-06-19 06:17:37 +02:00
Andreas Steffen
bc60bb8bf4
added ikev1/xauth-id-rsa-hybrid scenario
2012-06-18 22:51:50 +02:00
Andreas Steffen
771a66c6a0
added ikev1/xauth-id-rsa-aggressive scenario
2012-06-18 22:30:26 +02:00
Andreas Steffen
2045a9d36d
added secret as valid authby argument
2012-06-18 22:11:18 +02:00
Andreas Steffen
8b8f5c6141
rsasig is not recognized as authentication method
2012-06-18 22:03:36 +02:00
Andreas Steffen
49d18a8e06
enable potentially unsafe aggressive mode
2012-06-18 21:34:48 +02:00
Andreas Steffen
7a892288fb
change ikev1/xauth scenarios to modern notation
2012-06-18 21:22:01 +02:00
Tobias Brunner
6d3702ed61
testing: List IPv6 routing table in IPv6 test cases.
2012-06-15 16:46:27 +02:00
Tobias Brunner
5c1332bf7c
NLM_F_DUMP includes NLM_F_ROOT.
2012-06-15 16:46:27 +02:00
Tobias Brunner
8ec51f83e5
Don't create roam jobs based on cached/cloned routes.
2012-06-15 16:44:18 +02:00
Tobias Brunner
9896b6bd58
Don't compare ports when comparing cached routes.
...
At least src_ip has a port set sometimes.
2012-06-15 16:44:07 +02:00
Tobias Brunner
31bcaf604a
starter: Fixed parsing of %defaultroute.
2012-06-15 10:46:56 +02:00
Martin Willi
af518b450e
Adopt children as XAuth initiator (which is IKE responder)
2012-06-14 14:49:19 +02:00
Martin Willi
794cdbc53f
Added 5.0 NEWS about IKEv1 in charon
2012-06-14 10:57:29 +02:00
Martin Willi
e36497700c
Print the kind of *Swan during starter startup
2012-06-14 10:25:48 +02:00
Martin Willi
137035cc78
Show what kind of *Swan we run in "ipsec status"
2012-06-14 10:25:48 +02:00
Martin Willi
b31a56f128
Require a scary option to respond to Aggressive Mode PSK requests
...
While Aggressive Mode PSK is widely used, it is known to be subject
to dictionary attacks by passive attackers. We don't complain as
initiator to be compatible with existing (insecure) setups, but
require a scary strongswan.conf option if someone wants to use it
as responder.
2012-06-14 10:25:48 +02:00
Andreas Steffen
e49f18f74d
thanks to narrowing treat right|leftsubnetwithin as synonyms for right|leftsubnet
2012-06-14 07:55:12 +02:00
Andreas Steffen
daa857029f
removed plutostart parameter
2012-06-13 21:19:05 +02:00
Tobias Brunner
dd38e9fc83
scepclient: Fixed Makefile after removing enable-smartcard configure option.
2012-06-13 15:08:14 +02:00
Tobias Brunner
f7cbc0fafe
Use proper defines for IPV6_PKTINFO on Mac OS X Lion and newer.
2012-06-13 15:02:10 +02:00
Tobias Brunner
2015c46985
Some updates to the INSTALL document.
2012-06-13 12:24:23 +02:00
Tobias Brunner
6d599fb964
Removed remaining pluto related configure options.
2012-06-13 11:33:32 +02:00
Tobias Brunner
25fb9d3f4a
starter: Print additional help texts for selected deprecated keywords.
2012-06-12 16:15:03 +02:00
Tobias Brunner
9707d9db79
starter: Improved how deprecated keywords are handled.
...
We only throw a warning now instead of rejecting the config.
2012-06-12 16:15:03 +02:00
Tobias Brunner
5c7a219804
Revert "starter: Don't treat unsupported keywords as fatal errors just report them."
...
This reverts commit e55876a657
.
2012-06-12 16:15:03 +02:00
Martin Willi
5a6e5e0d2d
NEWS about specifying trustchain HASH algorithm requirements
2012-06-12 15:01:39 +02:00
Martin Willi
7c4214bd38
Add documentation for signature hash algorithm enforcing to man ipsec.conf
2012-06-12 15:01:39 +02:00
Martin Willi
e35bbb9740
Added signature scheme options left/rightauth
2012-06-12 15:01:39 +02:00
Martin Willi
918e92c4c9
Support multiple different public key strength types in constraints
2012-06-12 14:24:49 +02:00
Martin Willi
fd4ff11858
Add signature schemes to auth_cfg during trustchain validation
2012-06-12 14:24:49 +02:00
Martin Willi
a37f2d2006
certificate_t->issued_by takes an argument to receive signature scheme
2012-06-12 14:24:49 +02:00
Martin Willi
439d0742e9
Define auth_cfg rules for signature schemes
2012-06-12 14:24:49 +02:00
Tobias Brunner
e7c01bed49
starter: Fixed parsing of left|right=%any.
2012-06-12 10:16:51 +02:00
Andreas Steffen
4745fce666
deleted IKEv1 charon-pluto interoperability scenarios
2012-06-12 10:00:21 +02:00
Tobias Brunner
4d21846912
starter: Fix comparison of connections.
2012-06-11 17:33:32 +02:00
Tobias Brunner
3e2ff81e5d
starter: Removed all unsupported keywords.
2012-06-11 17:33:32 +02:00
Tobias Brunner
e55876a657
starter: Don't treat unsupported keywords as fatal errors just report them.
2012-06-11 17:33:32 +02:00
Tobias Brunner
fff4b74db2
Bye bye Pluto!
...
Charon will take over IKEv1 duties from here. This also removes
libfreeswan and whack.
2012-06-11 17:33:32 +02:00
Tobias Brunner
4a54860986
_copyright: Replicate copyright text here instead of calling libfreeswan.
2012-06-11 17:33:32 +02:00