f34ebc845b
Add a closeaction ipsec.conf keyword to configure close action
2011-06-07 12:07:21 +02:00
bac28c73ed
starter_conn_t.id is an unsigned long.
2011-04-14 18:10:27 +02:00
6367de28ad
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements
2011-01-07 15:51:35 +01:00
6c302616f1
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
2010-12-20 09:45:39 +01:00
0bc5547d0c
*** HISTORICAL MOMENT: IKEv2 becomes the default! ***
2010-10-09 20:46:55 +02:00
08c0d340b8
Moved ipsec_transform_t to kernel_ipsec.h in libhydra.
...
Because of this libfreeswan, pluto, starter etc. now depend on that
file (and libhydra). This resolved some duplicate declarations.
2010-09-02 19:01:25 +02:00
64d7b0733f
Added support for the ipsec.conf aaa_identity keyword
2010-08-31 17:52:52 +02:00
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
1f83541d7b
Include reqid in stroke add connection message.
2010-05-04 14:38:34 +02:00
667b73721a
Added left-/rightikeport ipsec.conf options to use custom IKE ports
2010-02-26 11:44:33 +01:00
8015c91cb9
Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
2010-01-27 16:05:11 +01:00
270bb348e3
pluto now supports SQL-based virtual IP pools
2009-10-14 14:30:14 +02:00
7daf5226b7
removed trailing spaces ([[:space:]]+$)
2009-09-04 13:46:09 +02:00
abff49a7ff
Handling of new lifetime limits added to stroke.
2009-09-01 12:53:44 +02:00
5672eae131
make boolean expression less enigmatic
2009-08-25 21:09:54 +02:00
eb641993d4
set stroke connection flags to a clear TRUE/FALSE
2009-08-25 19:57:36 +02:00
11e6d28533
pluto supports ECDSA authentication
2009-06-12 19:59:49 +02:00
8c5d72cd0b
removing svn keyword $Id$ from all files
2009-04-30 13:19:35 +00:00
d24a74c5b4
merging changes from portability branch back to trunk
...
important change for developers: %Y replaces %D to print identities!
2009-04-30 11:37:54 +00:00
2e65569534
already had the correct formatting
2009-04-19 19:32:51 +00:00
3d7a244b54
conversion from 8 spaces to 4 spaces per tab
2009-04-19 19:16:09 +00:00
a44bb9345f
merged multi-auth branch back into trunk
2009-04-14 10:34:24 +00:00
c59825fbfc
support of dynamic/128 and %any6
2009-02-05 22:13:48 +00:00
c117f24e61
renamed proxy to proxy_mode in stroke_msg.h
2008-11-11 07:28:52 +00:00
d487b4b727
preliminary support of Mobile IPv6
2008-11-11 06:37:37 +00:00
61670ba284
support of %any address string
2008-11-05 04:53:45 +00:00
822901061b
ported parts of two-sim branch
...
eap_identity parameter to exchange in eap_identity
some auth_info/peer_cfg refactorings
fixed some bugs, introduced new ones
2008-08-22 10:44:51 +00:00
a02bc1dbea
updated location of auth_class_t
2008-06-24 13:36:10 +00:00
7d4bb52073
make config_auth_method_t backward compatible to existing sql templates
2008-06-10 20:31:53 +00:00
ea0823dffd
ECDSA with OpenSSL
2008-06-10 09:08:27 +00:00
f85d02a419
fixed typos
2008-05-11 20:36:14 +00:00
d4aad55434
IPComp for IKEv2
2008-05-08 16:19:11 +00:00
3444390241
supporting multiple comma seperated subnets in left/rightsubnet definition
...
e.g. leftsubnet=10.2.0.0/16,10.4.0.0/16
2008-04-25 12:41:37 +00:00
6439267a8c
support for hash and URL encoded certificate payloads in charon
2008-04-18 11:24:45 +00:00
b360e3933d
respecting ipsec.conf cachecrls= option
2008-04-17 15:01:57 +00:00
0644ebd3de
implemented IKE_SA uniqueness using ipsec.conf uniqueids paramater
...
additionally supports a "keep" value to keep the old IKE_SA
2008-04-14 13:23:24 +00:00
cdcfe777f4
implementation of an CFG attribute framework, currently supporting virtual IPs
...
updated ipsec.conf sourceip parameter to support
CIDR notatation to serve from a pool
%poolname to query a separate (database?) pool
2008-04-09 12:54:47 +00:00
dc04b7c743
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
2008-03-26 18:40:19 +00:00
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
0f806802ae
implemented Expanded EAP types to support vendor specific methods
2007-12-13 17:31:21 +00:00
496e76cbdf
added RCSID
2007-10-08 19:57:54 +00:00
d5cc175833
experimental P2P-NAT-T for IKEv2 merged back from branch
2007-10-03 15:10:41 +00:00
f53b74c96f
moved force_encap to ike_config, enables responder to enforce udp encapsulation
...
fixed bugs in force_encap code
2007-10-01 16:41:34 +00:00
9164e49ac0
added mobike=yes|no connection option
...
yes: include mobike support notifies as initiator
no: only enable mobike as responder when initiator supports it
default: yes
2007-08-29 12:11:25 +00:00
16878f6823
support for virtual IP definition on client side:
...
if leftsourceip is defined, it is requested.
server may define rightsourceip=%config to accept any,
or it may overwrite it using rightsourceip.
if server does not return an IP, client enforces its configured leftsourceip.
2007-05-22 13:49:31 +00:00
3eb9630071
support of left|rightgroups parameter
2007-05-20 15:38:36 +00:00
0c8aba6771
added support for 0.0.0.0/0 traffic selectors
...
fixed routing to make correct 0.0.0.0/0 routes
2007-03-01 11:42:08 +00:00
c60c7694d2
merged tasking branch into trunk
2007-02-28 14:04:36 +00:00
113be7f186
support of ca info records
2007-02-23 15:13:21 +00:00
Martin Willi