Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
42fe703a95
vici: Fix formatting of return values for load-conn and load-authority commands
2019-04-26 09:35:10 +02:00
Tobias Brunner
c863960eb1
vici: Support initiation of IKE_SAs
...
The configuration must allow the initiation of a childless IKE_SA (which
is already the case with the default of 'accept').
2019-04-25 15:23:19 +02:00
Tobias Brunner
0396969a36
vici: Add support for interface ID configurable on IKE_SA
2019-04-04 09:36:38 +02:00
Tobias Brunner
aa841dbbfc
vici: Report interface IDs
2019-04-04 09:31:38 +02:00
Tobias Brunner
a20527438a
vici: Add option to reauthenticae instead of rekey an IKEv2 SA
2018-08-31 12:39:46 +02:00
Tom Schlenkhoff
46f482ca54
README: Fix typos
...
Closes strongswan/strongswan#110 .
2018-08-06 16:57:04 +02:00
Tobias Brunner
0bcfed1aa2
vici: Optionally terminate IKE_SA immediately
2018-05-22 10:06:07 +02:00
Tobias Brunner
a7f613ca2e
vici: Document NTLM secrets in README.md
...
Fixes #2481 .
2017-12-22 10:09:26 +01:00
Tobias Brunner
fdf33b0f1c
vici: Add 'get|reset-counters' commands
2017-11-08 16:28:28 +01:00
Tobias Brunner
605a98c7ce
vici: Return key ID from load-key command
...
We already do this for load-token and this should simplify client
implementations.
2017-05-23 16:41:02 +02:00
Tobias Brunner
1003cf2330
Fixed some typos, courtesy of codespell
2017-03-23 18:29:18 +01:00
Martin Willi
46d4d2a71e
vici: Document how we pronounce the vici protocol and plugin
2017-03-20 10:39:10 +01:00
Tobias Brunner
808472c9f9
vici: Add command to initiate SA rekeying
2017-02-16 19:24:08 +01:00
Tobias Brunner
04c0219e55
vici: Use unique names for CHILD_SAs in the list-sas command
...
The original name is returned in the new "name" attribute.
This fixes an issue with bindings that map VICI messages to
dictionaries. For instance, in roadwarrior scenarios where every
CHILD_SA has the same name only the information of the last CHILD_SA
would end up in the dictionary for that name.
2017-02-16 19:24:08 +01:00
Tobias Brunner
2ceeb96db5
vici: Add command to load a private key from a token
...
PINs are stored in a "hidden" credential set, so that its shared
secrets are not exposed via VICI. Since they are not explicitly loaded as
shared secrets via VICI a client might consider them as removed secrets and
remove them.
2017-02-16 19:24:07 +01:00
Tobias Brunner
b657740e16
vici: List namespace/peer-cfg name with policies and allow filtering
...
The two names are also transmitted in separate keys.
2017-02-16 19:24:07 +01:00
Tobias Brunner
7627f5f9c7
vici: Explicitly use peer name when uninstalling trap and shunt policies
...
Also adds an `ike` parameter to the `uninstall` command.
2017-02-16 19:24:07 +01:00
Tobias Brunner
cf57d9a98f
vici: Add possibility to remove shared keys by a unique identifier
...
This identifier can be set when adding/replacing a secret. The unique
identifiers of all secrets may be enumerated.
2017-02-16 19:21:13 +01:00
Tobias Brunner
2a56acf501
vici: Add commands to enumerate and remove private keys
...
They are identified by their SHA-1 key identifier.
2017-02-16 19:21:12 +01:00
Tobias Brunner
71fa1224ec
vici: Add option to query a specific pool
2017-02-16 19:21:12 +01:00
Martin Willi
0b4e539cb3
vici: Include the Netfilter marks in listed CHILD_SAs
2017-02-13 15:11:20 +01:00
Andreas Steffen
2c7cfe7630
vici: flush-certs command flushes certificate cache
...
When fresh CRLs are released with a high update frequency (e.g.
every 24 hours) or OCSP is used then the certificate cache gets
quickly filled with stale CRLs or OCSP responses. The new VICI
flush-certs command allows to flush e.g. cached CRLs or OCSP
responses only. Without the type argument all kind of certificates
(e.g. also received end entity and intermediate CA certificates)
are purged.
2016-09-13 17:02:59 +02:00
Andreas Steffen
b1df631212
vici list-conns sends reauthentication and rekeying time information
2016-05-04 18:13:52 +02:00
Cameron McCord
be41d5cba2
vici: Fix documentation of some dictionary keys of two request messages
...
Closes strongswan/strongswan#40 .
2016-03-31 11:26:44 +02:00
Tobias Brunner
27074f3155
vici: Match subnets and ranges against peer IP in redirect command
2016-03-04 16:03:00 +01:00
Tobias Brunner
bef4518de7
vici: Match identity with wildcards against remote ID in redirect command
2016-03-04 16:02:59 +01:00
Tobias Brunner
43b46b26ea
vici: Add redirect command
...
This allows redirecting IKE_SAs by multiple different selectors, if none
are given all SAs are redirected.
2016-03-04 16:02:59 +01:00
Tobias Brunner
35d0b8b152
vici: Provide ports of local and remote IKE endpoints
2016-03-03 17:13:35 +01:00
Tobias Brunner
fedb16236c
vici: Correctly document 'up' key for updown events
...
Instead of sending 'no' it is omitted when an SA goes down.
2016-03-01 11:05:34 +01:00
Andreas Steffen
4c38c79452
vici: list-cert sends subject, not-before and not-after attributes for pubkeys
2016-01-09 07:23:30 +01:00
Andreas Steffen
02d431022c
Refactored certificate management for the vici and stroke interfaces
2015-12-12 00:19:24 +01:00
Martin Willi
1a8a420c1c
vici: Fix documentation about the initiate/terminate timeout
2015-12-07 10:28:45 +01:00
Martin Willi
eaca77d03e
vici: Honor an optionally passed IKE configuration name in initiate/install
...
If two IKE configurations have CHILD configurations with the same name,
we have no control about the CHILD_SA that actually gets controlled. The
new "ike" parameter specifies the peer config name to find the "child" config
under.
2015-12-07 10:28:45 +01:00
Martin Willi
5e79ae2d65
vici: Support completely asynchronous initiating and termination
...
In some situations the vici client is not interested in waiting for a
timeout at all, so don't register a logging callback if the timeout argument
is negative.
2015-12-07 10:28:45 +01:00
Andreas Steffen
a17b6d469c
Built the CPAN file structure for the Vici::Session perl module
2015-12-01 14:52:43 +01:00
Tobias Brunner
de34defcd0
vici: Add get-algorithms command to query loaded algorithms and implementations
2015-11-30 10:55:55 +01:00
Tobias Brunner
f4641f9e45
vici: Add option to query leases of pools
...
We could later perhaps add filter parameters similar to those of the
`ipsec leases` command (pool name/virtual IP).
2015-11-10 10:43:25 +01:00
Tobias Brunner
bdb8b76515
vici: Return local and remote virtual IPs when listing SAs
2015-11-10 10:43:24 +01:00
Tobias Brunner
04f22cdabc
vici: Add NAT information when listing IKE_SAs
...
The `nat-local` and `nat-remote` keys contain information on the NAT
status of the local and remote IKE endpoints, respectively. If a
responder did not detect a NAT but is configured to fake a NAT situation
this is indicated by `nat-fake` (if an initiator fakes a NAT situation
`nat-local` is set). If any NAT is detected or faked `nat-any` is set.
Closes strongswan/strongswan#16 .
2015-11-09 11:55:51 +01:00
Tobias Brunner
256e666d22
vici: Optionally check limits when initiating connections
...
If the init-limits parameter is set (disabled by default) init limits
will be checked and might prevent new SAs from getting initiated.
2015-08-21 18:21:13 +02:00
Tobias Brunner
65ac0851c0
vici: Add ike/child-rekey events
2015-08-17 11:12:17 +02:00
Tobias Brunner
7f21363ee5
vici: Document the ike/child-updown events
2015-08-17 11:12:17 +02:00
Andreas Steffen
63d370387d
vici: Certification Authority support added.
...
CDP and OCSP URIs for a one or multiple certification authorities
can be added via the VICI interface. swanctl allows to read
definitions from a new authorities section.
2015-07-21 13:02:30 +02:00
Martin Willi
90c5b48c96
vici: Catch Python GeneratorExit to properly cancel streamed event iteration
2015-03-18 13:59:14 +01:00
Martin Willi
a47e431ba9
vici: Return a Python generator instead of a list for streamed responses
...
In addition that it may reduce memory usage and improve performance for large
responses, it returns immediate results. This is important for longer lasting
commands, such as initiate/terminate, where immediate log feedback is preferable
when interactively calling such commands.
2015-03-18 13:59:14 +01:00
Martin Willi
871cffa141
vici: Add initial Python egg documentation to README
2015-03-18 13:59:14 +01:00
Martin Willi
fb8b119cfa
vici: Use default Unix vici socket if none passed to ruby constructor
...
While we currently have a static path instead of one generated with Autotools,
this at least is congruent to what we have in the Python library.
2015-03-18 13:59:14 +01:00
Martin Willi
adc1885bf7
vici: Include the CHILD_SA unique ID in list-sa event
2015-02-20 13:34:50 +01:00
Martin Willi
96df0a0ebd
vici: Fix README example encoding element type values, off by one
...
While we fixed the wrong values in the description with d39e04b5
, the example
values are still off by one.
Fixes #828 .
2015-01-21 09:31:24 +01:00