ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
944 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

33 Commits

Author SHA1 Message Date
Martin Willi fe04e93a8b implemented IKE_SA rekeying 
uses ikelifetime, rekeymargin and rekeyfuzz config settings
	no handling of simultaneus exchanges yet!
 2006-07-27 12:18:40 +00:00
Martin Willi 45f76a7ddd added possibility to route CHILD_SAs, without to set them up 
support for auto=route parameter
	support for ipsec route and ipsec unroute
	initiating of CHILD and/or IKE_SAs based on kernel acquires
 2006-07-21 13:31:53 +00:00
Martin Willi c0593835f4 reuse an existing IKE_SA to set up additional CHILD_SAs 2006-07-20 14:57:49 +00:00
Martin Willi 8dfbe71b34 introduced refcounting on policy and connections 
aren't stored in the IKE_SA anymore, they are queried on the fly
	are immutable now, allows it to share them
policy selection based on traffic selectors, leads to valid lookup results
	rekeying queries the policy based on its traffic selectors
 2006-07-20 10:09:32 +00:00
Martin Willi 92ee45a0ee cleanups in kernel interface code 
added proper traffic selector to string conversion
some cleanups here & there
 2006-07-18 12:53:54 +00:00
Martin Willi d109b48968 added support for leftprotoport and rightprotoport 2006-07-05 13:13:07 +00:00
Martin Willi 3dd3c5f39e redesigned IKE_SA using a transaction mechanism: 
removed old state machine
  reimplemented IKE_SA setup and delete
  implemented dead peer detection
  implemented keep-alives
  a lot of fixes
  no rekeying yet
 2006-07-05 10:53:20 +00:00
Martin Willi 1135f79898 fixed memleak when initiating a connection already up 2006-07-04 13:29:16 +00:00
Andreas Steffen 971218c3ae support of cert payloads 2006-07-03 06:27:45 +00:00
Andreas Steffen 6f74bfd6ac added X.509 trust chain verification 2006-06-27 08:48:28 +00:00
Martin Willi 1396815afb first merge of NATT code 2006-06-22 06:36:28 +00:00
Martin Willi aed58dcc93 readded local_credential_store 
added sendcert policy to connection
some other cleanups
 2006-06-20 08:43:57 +00:00
Andreas Steffen 21b433c641 implemented rereadcrls rereadcacerts 2006-06-20 06:05:01 +00:00
Andreas Steffen d92cca4a72 added listcrls 2006-06-16 05:55:02 +00:00
Martin Willi c095388f7f added support for "ike" and "esp" keywords 
fixed bugs in proposal code
algorithm selection for charon works now with ipsec.conf
a lot of other fixes
 2006-06-15 11:09:11 +00:00
Andreas Steffen 5347233204 support for stroke listcerts|listcacerts|listall and left|rightca= 2006-06-12 08:43:46 +00:00
Martin Willi a2a3fb3e25 workaround for peers rekeying at the same time 
loading lifetime policies from ipsec.conf
 2006-06-12 07:33:20 +00:00
Martin Willi 5c131a016b specifying keysize in bits, as it is required in IKEv2 
added generic kernel SA algorithm handling, which brings us:
        aes-128, aes-256, blowfish, des, 3des and null encryption for CHILD_SAs
 2006-06-09 07:31:30 +00:00
Andreas Steffen b7f9ca5837 added support for leftsendcert= and left|rightca= parameters 2006-06-09 05:50:41 +00:00
Martin Willi 5238c9afef fixed compile warnings when using -Wall 
further CHILD_SA rekeying work done:
	creation of a new CHILD_SA on a expire from a kernel works
	delete of old CHILD_SA still missing
	some issues when both initiate rekeing
 2006-06-08 14:20:05 +00:00
Martin Willi 8d77eddec2 further work for rekeying: 
get liftimes from policy
  added new state
  initiation of rekeying done
proposal redone:
  removed support for AH+ESP proposals
 2006-06-07 13:26:23 +00:00
Andreas Steffen 6848dac603 minimized prefixed on stroke logger output 2006-05-31 05:50:04 +00:00
Andreas Steffen e1c00b96a6 list ca certificates 2006-05-30 07:48:29 +00:00
Martin Willi 139ce7871f - fixed memleak when deleting a connection 2006-05-29 11:29:23 +00:00
Martin Willi 9fe14f4b8a - policies contain a connections name now 
- used for initiate and delete
- connections won't get initiated twice anymore
- deleting of connections is now possible, which allows us to use
  ipsec update and ipsec reload
 2006-05-29 11:09:45 +00:00
Andreas Steffen ecadab2ba7 stroke now uses constant size string buffer 2006-05-29 07:14:57 +00:00
Martin Willi 3a13a78084 - handle IKE_SA setup without a piggy-packed CHILD_SA 
more IKEv2 conform
 2006-05-24 09:05:21 +00:00
Martin Willi 8b5be79d83 - show connection templates in status & statusall 
- don't complain on termination of IKEv1 connections
 2006-05-23 13:25:57 +00:00
Martin Willi 7ba69503aa - changed config load strategy: 
starter loads both connections in charon & pluto,
  charon ignores anything with keyexchange!=ikev2.
  pluto needs the same behavior.
 2006-05-23 10:07:02 +00:00
Andreas Steffen 96b82ed821 load_end_certificate() now loads certificates 2006-05-23 08:16:15 +00:00
Martin Willi 86a7937b45 - applied patch from andreas, which allows certificate listing via stroke 2006-05-19 06:44:08 +00:00
Martin Willi b5e1560659 - applied andreas's patch 
- logger output improvements
  - testin gupdates
  - and a lot more
 2006-05-18 06:02:28 +00:00
Martin Willi b8577029d1 2006-05-10 08:02:49 +00:00