Martin Willi
fe04e93a8b
implemented IKE_SA rekeying
...
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
2006-07-27 12:18:40 +00:00
Martin Willi
45f76a7ddd
added possibility to route CHILD_SAs, without to set them up
...
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
2006-07-21 13:31:53 +00:00
Martin Willi
c0593835f4
reuse an existing IKE_SA to set up additional CHILD_SAs
2006-07-20 14:57:49 +00:00
Martin Willi
8dfbe71b34
introduced refcounting on policy and connections
...
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors
2006-07-20 10:09:32 +00:00
Martin Willi
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
Andreas Steffen
623d3dcf78
X.509 certificate trust path verification
2006-07-14 13:21:19 +00:00
Andreas Steffen
a9ae2c01ed
added
2006-07-14 12:58:47 +00:00
Martin Willi
e6cfe0eecc
fixed UDP decapsulation by adding inbound bypass policy for send socket
2006-07-14 12:53:06 +00:00
Martin Willi
106e9fc6f8
updated mixed tests to new charon output
2006-07-14 12:29:26 +00:00
Andreas Steffen
bf4df11f44
corrected DPD entry
2006-07-14 11:51:45 +00:00
Martin Willi
ead36455a9
reenabled module tests for charon
2006-07-14 11:16:49 +00:00
Martin Willi
b34be51cef
fixed bug which erroneously detected KE payload when rekeying
2006-07-14 08:18:48 +00:00
Martin Willi
e3109c02ac
added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT
2006-07-14 08:08:55 +00:00
Martin Willi
325e497798
improved logging on verify errors for some payloads
...
enforcing IKE_SA shutdown, even when transactions are outstanding
proper reject of CREATE_CHILD_SA message with KE payload
2006-07-13 12:49:35 +00:00
Martin Willi
7af345e11e
added test cases from NAT team
...
updated all IKEv2 tests to work with new status output
2006-07-13 12:45:18 +00:00
Martin Willi
1279eda042
added tcpdumpcount function from NATT guys
...
added possibility to mount the strongswan tree into all UMLs
added script for installing from shared tree in all UMLs
added script to shut down all UMLs properly
2006-07-13 12:43:52 +00:00
Martin Willi
be247b817b
removed in favour of tests from NAT team
2006-07-13 12:00:36 +00:00
Martin Willi
4c04f30a51
fixed CREATE_CHILD_SA transaction dispatching
2006-07-13 08:51:24 +00:00
Martin Willi
bcb95ced3d
added CHILD_SA states, which allows us to detect further simultaneous transactions
...
reimplemented the buggy message id handling
2006-07-13 08:26:54 +00:00
Martin Willi
cb5c41cde9
updated some inline docs
2006-07-12 14:08:52 +00:00
Martin Willi
0d379627de
fixed crypter/signer in/out to conform with standard
2006-07-12 14:08:13 +00:00
Martin Willi
b68afb7bd8
fixed payload order
2006-07-12 14:07:30 +00:00
Martin Willi
a846ffdb48
added message id logging
2006-07-12 14:06:25 +00:00
Martin Willi
e7356568b2
added all currently known notify payload types
2006-07-12 14:05:57 +00:00
Martin Willi
aeeb4f4f97
added policy cache to kernel interface
...
allows refcounting of multiple installed policies
finally brings us stable simultaneous rekeying
2006-07-12 11:42:36 +00:00
Martin Willi
269f7f448b
leak detective blanks memory on free & alloc, allows further membug detection
2006-07-12 11:15:31 +00:00
Martin Willi
4c19900ce8
code cleanups
2006-07-12 11:13:48 +00:00
Andreas Steffen
c361cc8c51
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:12:45 +00:00
Andreas Steffen
40f29769fa
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:11:59 +00:00
Martin Willi
abba7ecb9d
further work done for simultaneous rekeying/delete
...
still some cases which cause trouble
2006-07-10 14:24:04 +00:00
Martin Willi
c5d2d7c023
fixed compiler warnings in parser when using -O2
2006-07-07 12:48:27 +00:00
Martin Willi
af2faa1f1d
reenabled check_expiry
2006-07-07 12:25:25 +00:00
Martin Willi
c71d53ba4e
updated copyright information
2006-07-07 08:49:06 +00:00
Martin Willi
698d774918
reimplemented CHILD_SA rekeying & delete
...
no simultanous transaction with CHILD_SAs yet!
2006-07-07 07:04:07 +00:00
Andreas Steffen
54da7eb962
removed NAT_TRAVERSAL and VIRTUAL_IP compile options
2006-07-07 05:51:54 +00:00
Andreas Steffen
34ee2a46f4
removed NAT_TRAVERSAL compile option
2006-07-07 05:51:20 +00:00
Andreas Steffen
dc33fee770
removed NAT_TRAVERSAL and VIRTUAL_IP compile options
2006-07-07 05:50:02 +00:00
Andreas Steffen
ad3dab0520
added
2006-07-07 05:44:45 +00:00
Martin Willi
efa40c11e4
updated NEWS
2006-07-05 14:13:45 +00:00
Martin Willi
d109b48968
added support for leftprotoport and rightprotoport
2006-07-05 13:13:07 +00:00
Martin Willi
5f0eb96fc4
improved CHILD_SA output for "ipsec statusall"
2006-07-05 13:11:55 +00:00
Martin Willi
b190424716
updated whitelist (getprotobynumber)
2006-07-05 13:10:47 +00:00
Martin Willi
3dd3c5f39e
redesigned IKE_SA using a transaction mechanism:
...
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
2006-07-05 10:53:20 +00:00
Martin Willi
b12af2ead6
fixed compiler warnings
2006-07-05 10:09:42 +00:00
Martin Willi
57d02978cf
made thread ids unsigned again, to avoid negative thread ids on some systems
2006-07-04 13:30:49 +00:00
Martin Willi
1135f79898
fixed memleak when initiating a connection already up
2006-07-04 13:29:16 +00:00
Martin Willi
318dc7b6c4
updated leak detective whitelist
2006-07-04 13:26:20 +00:00
Martin Willi
f141214e64
applied latest NATT patch with some fixes and cleanups
2006-07-04 13:25:00 +00:00
Andreas Steffen
343ae15214
test currently without firewall
2006-07-04 06:54:53 +00:00
Andreas Steffen
ef9e55def4
added
2006-07-04 06:51:58 +00:00