eb0cc33886
The XFRM_STATE_AF_UNSPEC flag added to xfrm.h allows IPv4-over-IPv6 and IPv6-over-IPv6 tunnels with the 2.6.26 and later Linux kernels
2008-07-15 15:28:00 +00:00
c66a1b757f
ike/kernel protocol identifier conversion functions
2008-06-26 08:59:39 +00:00
be33d1a51b
merging the ESP sequence numbers of an SA in update_sa (fixing #52 )
2008-06-24 15:35:09 +00:00
285152b33d
do not use self-installed route for IKE if routing table is 0
2008-06-17 08:04:12 +00:00
a8ed846be7
added strongswan.conf option "routing_table" and "routing_table_prio"
2008-06-10 07:51:21 +00:00
5dcda9e25b
added strongswan.conf option to disable route installation
2008-06-10 06:58:39 +00:00
3f730ec1cd
Added support for AES-CCM and AES-GCM (authenticated encryption algorithms) in charon.
2008-05-16 13:27:21 +00:00
d4aad55434
IPComp for IKEv2
2008-05-08 16:19:11 +00:00
1da06b295f
made some stuff static
2008-04-28 14:19:25 +00:00
3c7e72f5b0
added equals() method to peer_cfg, ike_cfg, proposals, auth_info
...
allows easier merging of ipsec.conf connections
replaced some iterators through enumerators
made proposals algorithm_t private using enumerator
2008-03-26 10:06:45 +00:00
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
39a8e5a580
fixed some typos
2007-10-05 09:52:23 +00:00
1169ab4ec7
removed recursive mutex and __USE_UNIX98, should fix uClibc build
2007-10-05 09:47:55 +00:00
983d7cd292
made add_ip()/del_ip() calls synchron (waiting until kernel event received)
...
this should fix MOBIKE route migration with virtual IPs
2007-09-27 12:48:00 +00:00
d9d69536b0
improved MOBIKE roaming between interfaces
2007-09-24 12:15:25 +00:00
5474dc6500
implemented routeability checks for mobike (experimental)
2007-09-03 12:37:25 +00:00
0308865282
fixed compiler warning
2007-07-16 07:10:14 +00:00
db61efdbbb
include default route also in src address evaluation
2007-07-13 09:00:39 +00:00
018219ae3a
include default route with missing dst field into route evaluation
2007-07-13 06:13:14 +00:00
e5e868e430
doing route lookup in userspace to ignore routes installed by us
2007-07-11 12:37:24 +00:00
9ba1d73890
using own routing table for installed routes (table 100, prio 100)
2007-07-11 06:55:11 +00:00
1b8da84913
using correct nexthop for inserted route
2007-07-04 09:10:13 +00:00
3bc62fe70e
improved MOBIKE:
...
prefer address family already used
do not change address implicit when mobike supported
handle multiple simultaneous roaming requests more properly
proper enabling/disabling of UDP encapsulation
2007-07-03 12:32:38 +00:00
561f88e306
fixed typo
2007-07-02 20:10:26 +00:00
face844a87
proper update of IPsec SA when roaming a host-to-host tunnel
...
roaming of IPsec SAs using virtual IPs
2007-07-02 09:49:22 +00:00
fc2d1c420f
further mobike improvements, regarding to NAT-T
2007-06-27 13:10:55 +00:00
2b3100b5d0
simple roaming of the client works (not MOBIKE conform yet!)
2007-06-26 13:04:13 +00:00
4cb9d7a758
further fixed for mobike roaming
2007-06-25 13:26:02 +00:00
17d92e9732
further MOBIKE stuff:
...
kernel properly reports network reconfiguration and informs all IKE_SAs
MOBIKE in IKE_AUTH: MOBIKE_SUPPORTED notify and address exchange
reestablishment of IKE_SAs on network reconfiguration kinda works
not stable yet!
2007-06-21 15:25:28 +00:00
6835280041
fixed virtua IP: adding virtual IP to interface address list cache directly
...
corrected debug targets
2007-06-19 06:20:33 +00:00
7068410b6f
source address lookup in kernel interface
...
use it for NAT detection if no source address known from config
support for %any...%any connections
2007-06-18 07:25:58 +00:00
ca68a75eaf
increased receive buffer to handle more interfaces
2007-06-18 05:56:18 +00:00
08a8f4496f
implemented more flexible iterator hook API
...
kernel interface handles interface changes and updates address list
2007-06-15 13:23:18 +00:00
02b3ec0a10
implemented address change notification (for MOBIKE)
...
implemented up to date address list cache to list interfaces
2007-06-14 15:16:15 +00:00
9fe1a1ca76
introduced callback_job:
...
simple asynchronous method invocation
use daemons thread pool for all threads
proper cancellation and cleanups
cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere
2007-06-11 10:57:19 +00:00
0f6b068259
fixed crash when using 0.0.0.0/0 subnets
2007-05-23 06:33:22 +00:00
905438735a
using local address as gateway in installed routes
2007-05-22 07:47:16 +00:00
a6a039aa10
simplified capability dropping
2007-05-09 13:12:06 +00:00
6874bf698c
changing UID/GID after startup of pluto/charon
...
added --with-uid/--with-gid configure option
2007-05-07 12:38:46 +00:00
66560f4267
reducing capabilities of the threads to a minimum
...
proper flush of pending packets on daemon shutdown
adding local address as gateway address in dynamic route
2007-05-03 14:21:22 +00:00
c80e8ba11a
added support for AES-XCBC in kernel using e.g. esp=aes128-aesxcbc (>=linux-2.6.20)
2007-04-23 13:00:20 +00:00
db97fd8298
not using %m printf handler, as late errno interpration over bus may be problematic
2007-04-12 08:52:36 +00:00
e0fe765152
restructured file layout
...
new configuration structure:
peer_cfg: configuration related to a peer (authenitcation, ...=
ike_cfg: config to use for IKE setup (proposals)
child_Cfg: config for CHILD_SA (proposals, traffic selectors)
a peer_cfg has one ike_cfg and multiple child_cfg's
stroke now uses fixed count of threads
2007-04-10 06:01:03 +00:00
Andreas Steffen