fe04e93a8b
implemented IKE_SA rekeying
...
uses ikelifetime, rekeymargin and rekeyfuzz config settings
no handling of simultaneus exchanges yet!
2006-07-27 12:18:40 +00:00
45f76a7ddd
added possibility to route CHILD_SAs, without to set them up
...
support for auto=route parameter
support for ipsec route and ipsec unroute
initiating of CHILD and/or IKE_SAs based on kernel acquires
2006-07-21 13:31:53 +00:00
c0593835f4
reuse an existing IKE_SA to set up additional CHILD_SAs
2006-07-20 14:57:49 +00:00
8dfbe71b34
introduced refcounting on policy and connections
...
aren't stored in the IKE_SA anymore, they are queried on the fly
are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
rekeying queries the policy based on its traffic selectors
2006-07-20 10:09:32 +00:00
92ee45a0ee
cleanups in kernel interface code
...
added proper traffic selector to string conversion
some cleanups here & there
2006-07-18 12:53:54 +00:00
623d3dcf78
X.509 certificate trust path verification
2006-07-14 13:21:19 +00:00
a9ae2c01ed
added
2006-07-14 12:58:47 +00:00
e6cfe0eecc
fixed UDP decapsulation by adding inbound bypass policy for send socket
2006-07-14 12:53:06 +00:00
106e9fc6f8
updated mixed tests to new charon output
2006-07-14 12:29:26 +00:00
bf4df11f44
corrected DPD entry
2006-07-14 11:51:45 +00:00
ead36455a9
reenabled module tests for charon
2006-07-14 11:16:49 +00:00
b34be51cef
fixed bug which erroneously detected KE payload when rekeying
2006-07-14 08:18:48 +00:00
e3109c02ac
added IPsec bypass policy to receiving socket, allows incoming IKE traffic on host2host tunnels when using NAT
2006-07-14 08:08:55 +00:00
325e497798
improved logging on verify errors for some payloads
...
enforcing IKE_SA shutdown, even when transactions are outstanding
proper reject of CREATE_CHILD_SA message with KE payload
2006-07-13 12:49:35 +00:00
7af345e11e
added test cases from NAT team
...
updated all IKEv2 tests to work with new status output
2006-07-13 12:45:18 +00:00
1279eda042
added tcpdumpcount function from NATT guys
...
added possibility to mount the strongswan tree into all UMLs
added script for installing from shared tree in all UMLs
added script to shut down all UMLs properly
2006-07-13 12:43:52 +00:00
be247b817b
removed in favour of tests from NAT team
2006-07-13 12:00:36 +00:00
4c04f30a51
fixed CREATE_CHILD_SA transaction dispatching
2006-07-13 08:51:24 +00:00
bcb95ced3d
added CHILD_SA states, which allows us to detect further simultaneous transactions
...
reimplemented the buggy message id handling
2006-07-13 08:26:54 +00:00
cb5c41cde9
updated some inline docs
2006-07-12 14:08:52 +00:00
0d379627de
fixed crypter/signer in/out to conform with standard
2006-07-12 14:08:13 +00:00
b68afb7bd8
fixed payload order
2006-07-12 14:07:30 +00:00
a846ffdb48
added message id logging
2006-07-12 14:06:25 +00:00
e7356568b2
added all currently known notify payload types
2006-07-12 14:05:57 +00:00
aeeb4f4f97
added policy cache to kernel interface
...
allows refcounting of multiple installed policies
finally brings us stable simultaneous rekeying
2006-07-12 11:42:36 +00:00
269f7f448b
leak detective blanks memory on free & alloc, allows further membug detection
2006-07-12 11:15:31 +00:00
4c19900ce8
code cleanups
2006-07-12 11:13:48 +00:00
c361cc8c51
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:12:45 +00:00
40f29769fa
identification_t.matches() supports multiple wildcard counts
2006-07-11 06:11:59 +00:00
abba7ecb9d
further work done for simultaneous rekeying/delete
...
still some cases which cause trouble
2006-07-10 14:24:04 +00:00
c5d2d7c023
fixed compiler warnings in parser when using -O2
2006-07-07 12:48:27 +00:00
af2faa1f1d
reenabled check_expiry
2006-07-07 12:25:25 +00:00
c71d53ba4e
updated copyright information
2006-07-07 08:49:06 +00:00
698d774918
reimplemented CHILD_SA rekeying & delete
...
no simultanous transaction with CHILD_SAs yet!
2006-07-07 07:04:07 +00:00
54da7eb962
removed NAT_TRAVERSAL and VIRTUAL_IP compile options
2006-07-07 05:51:54 +00:00
34ee2a46f4
removed NAT_TRAVERSAL compile option
2006-07-07 05:51:20 +00:00
dc33fee770
removed NAT_TRAVERSAL and VIRTUAL_IP compile options
2006-07-07 05:50:02 +00:00
ad3dab0520
added
2006-07-07 05:44:45 +00:00
efa40c11e4
updated NEWS
2006-07-05 14:13:45 +00:00
d109b48968
added support for leftprotoport and rightprotoport
2006-07-05 13:13:07 +00:00
5f0eb96fc4
improved CHILD_SA output for "ipsec statusall"
2006-07-05 13:11:55 +00:00
b190424716
updated whitelist (getprotobynumber)
2006-07-05 13:10:47 +00:00
3dd3c5f39e
redesigned IKE_SA using a transaction mechanism:
...
removed old state machine
reimplemented IKE_SA setup and delete
implemented dead peer detection
implemented keep-alives
a lot of fixes
no rekeying yet
2006-07-05 10:53:20 +00:00
b12af2ead6
fixed compiler warnings
2006-07-05 10:09:42 +00:00
57d02978cf
made thread ids unsigned again, to avoid negative thread ids on some systems
2006-07-04 13:30:49 +00:00
1135f79898
fixed memleak when initiating a connection already up
2006-07-04 13:29:16 +00:00
318dc7b6c4
updated leak detective whitelist
2006-07-04 13:26:20 +00:00
f141214e64
applied latest NATT patch with some fixes and cleanups
2006-07-04 13:25:00 +00:00
343ae15214
test currently without firewall
2006-07-04 06:54:53 +00:00
ef9e55def4
added
2006-07-04 06:51:58 +00:00
Martin Willi