Tobias Brunner
1b67166921
Unify format of HSR copyright statements
2018-05-23 16:32:53 +02:00
Tobias Brunner
0ae19f0ced
configure: Fix gperf length parameter determination
...
gperf is not actually a build dependency as the generated files are
shipped in the tarball. So the type depends on the gperf version on
the host that ran gperf and created the tarball, which might not be
the same as that on the actual build host, and gperf might not even
be installed there, leaving the type undetermined.
Fixes: e0e4322973
("configure: Detect type of length parameter for gperf generated function")
2017-10-02 17:21:42 +02:00
Tobias Brunner
4270c8fcb0
stroke: Make 96-bit truncation for SHA-256 configurable
2017-05-26 11:22:28 +02:00
Martin Willi
d5367d2262
starter: Add a replay_window connection option
2014-06-17 16:41:31 +02:00
Martin Willi
25f74be8f9
starter: Remove obsolete 'auth' option
2013-10-11 10:15:21 +02:00
Martin Willi
a07b97e804
starter: Add an 'ah' keyword for Authentication Header Security Associations
2013-10-11 10:15:20 +02:00
Tobias Brunner
87692be215
Load any type (RSA/ECDSA) of public key via left|rightsigkey
2013-05-07 17:08:31 +02:00
Martin Willi
7fbe516f88
Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packets
2013-02-06 15:36:36 +01:00
Tobias Brunner
97973f8609
Use a connection specific option to en-/disable IKEv1 fragmentation
2012-12-24 13:00:01 +01:00
Martin Willi
da646ab94a
Remove unused ipsec.conf left/rightnatip keyword
2012-08-21 09:38:01 +02:00
Martin Willi
17319aa28d
Add a left/rightdns keyword to configure connection specific DNS attributes
2012-08-21 09:38:00 +02:00
Martin Willi
46df61dff7
Add an ipsec.conf leftgroups2 parameter for the second authentication round
2012-07-26 11:51:58 +02:00
Tobias Brunner
c236f19e50
ldaphost and ldapbase ca section keywords are deprecated
2012-06-25 10:52:16 +02:00
Andreas Steffen
e49f18f74d
thanks to narrowing treat right|leftsubnetwithin as synonyms for right|leftsubnet
2012-06-14 07:55:12 +02:00
Tobias Brunner
25fb9d3f4a
starter: Print additional help texts for selected deprecated keywords.
2012-06-12 16:15:03 +02:00
Tobias Brunner
9707d9db79
starter: Improved how deprecated keywords are handled.
...
We only throw a warning now instead of rejecting the config.
2012-06-12 16:15:03 +02:00
Tobias Brunner
3e2ff81e5d
starter: Removed all unsupported keywords.
2012-06-11 17:33:32 +02:00
Tobias Brunner
0ac29be793
starter: Remove left|rightsubnetwithin option (charon narrows left|rightsubnet down accordingly).
2012-06-11 17:33:31 +02:00
Tobias Brunner
efc69e9f38
starter: Removed pfs and pfsgroup options (handled via esp option).
2012-06-11 17:33:31 +02:00
Tobias Brunner
57323f6259
starter: Remove left|rightnexthop option.
...
Charon does this lookup dynamically.
2012-06-11 17:33:30 +02:00
Martin Willi
c8d46f2959
Dropped support of deprecated authby=eap and eap= options
2012-03-20 17:31:38 +01:00
Martin Willi
e129168ba6
Added a "aggressive" ipsec.conf connection option
2012-03-20 17:31:34 +01:00
Martin Willi
f34ebc845b
Add a closeaction ipsec.conf keyword to configure close action
2011-06-07 12:07:21 +02:00
Martin Willi
6367de28ad
Added a left/rightcertpolicy keyword to specify certificatePolicy requirements
2011-01-07 15:51:35 +01:00
Martin Willi
6c302616f1
Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality
2010-12-20 09:45:39 +01:00
Martin Willi
64d7b0733f
Added support for the ipsec.conf aaa_identity keyword
2010-08-31 17:52:52 +02:00
Andreas Steffen
26c4d0102a
configuration of different marks for inbound and outbound direction
2010-07-09 09:06:07 +02:00
Andreas Steffen
ee26c537d7
support of xfrm marks for IKEv2
2010-07-02 23:46:09 +02:00
Andreas Steffen
8143f10914
introduced xauth_identity keyword
2010-05-15 10:18:29 +02:00
Reto Buerki
2b26a9c30d
Add reqid keyword to config connection section.
2010-05-04 14:38:34 +02:00
Martin Willi
667b73721a
Added left-/rightikeport ipsec.conf options to use custom IKE ports
2010-02-26 11:44:33 +01:00
Martin Willi
8015c91cb9
Added a ipsec.conf "inactivity" option to configure inactivity timeout for CHILD_SAs
2010-01-27 16:05:11 +01:00
Tobias Brunner
686aba2589
Added lifetime/margintime keywords as alias for keylife/rekeymargin.
2009-09-01 12:54:33 +02:00
Tobias Brunner
ca41aa0602
Added keywords for the new lifetime limits to starter.
2009-09-01 12:53:44 +02:00
Tobias Brunner
8c5d72cd0b
removing svn keyword $Id$ from all files
2009-04-30 13:19:35 +00:00
Martin Willi
a44bb9345f
merged multi-auth branch back into trunk
2009-04-14 10:34:24 +00:00
Andreas Steffen
d487b4b727
preliminary support of Mobile IPv6
2008-11-11 06:37:37 +00:00
Martin Willi
822901061b
ported parts of two-sim branch
...
eap_identity parameter to exchange in eap_identity
some auth_info/peer_cfg refactorings
fixed some bugs, introduced new ones
2008-08-22 10:44:51 +00:00
Andreas Steffen
9a6d9f10e2
support of plutostderrlog keyword
2008-05-11 07:59:00 +00:00
Tobias Brunner
6439267a8c
support for hash and URL encoded certificate payloads in charon
2008-04-18 11:24:45 +00:00
Andreas Steffen
7a9d3ae471
support of force_keepalive parameter
2008-04-02 18:35:23 +00:00
Tobias Brunner
e74bc8e51d
changed external interface to the mediation extension.
2008-03-27 12:31:35 +00:00
Tobias Brunner
dc04b7c743
mediation extension adapted to the naming convention of the current version of the draft. note: the external interface (config, autotools) has not yet been changed
2008-03-26 18:40:19 +00:00
Martin Willi
552cc11b1f
merged the modularization branch (credentials) back to trunk
2008-03-13 14:14:44 +00:00
Andreas Steffen
496e76cbdf
added RCSID
2007-10-08 19:57:54 +00:00
Tobias Brunner
d5cc175833
experimental P2P-NAT-T for IKEv2 merged back from branch
2007-10-03 15:10:41 +00:00
Martin Willi
f9b8417a7c
renamed force_encap to forceencaps (as it is named in openswan)
2007-10-02 06:57:58 +00:00
Martin Willi
9dae1bed00
implemented IKEv2 force_encap connection parameter
...
enforces UDP encapsulation by faking NAT detection payloads
to hurdle restrictive firewalls
2007-10-01 12:19:39 +00:00
Martin Willi
9164e49ac0
added mobike=yes|no connection option
...
yes: include mobike support notifies as initiator
no: only enable mobike as responder when initiator supports it
default: yes
2007-08-29 12:11:25 +00:00
Andreas Steffen
e0e6137dd3
support of PKCS#11 init arguments required by NSS softoken, patch contributed by Robert Varga
2007-07-03 09:26:44 +00:00