aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Use AUTH_RULE_IDENTITY_LOOSE in NetworkManager backendTobias Brunner2012-09-181-1/+3
|
* android: Use AUTH_RULE_IDENTITY_LOOSETobias Brunner2012-09-181-0/+1
|
* Add AUTH_RULE_IDENTITY_LOOSE which allows to use IDr loosely as initiatorTobias Brunner2012-09-183-1/+28
| | | | | | If it is set on an auth config IDr will not be sent, and later the configured identity will not only be checked against the returned IDr, but also against other identities contained in the responder's certificate.
* New Android release after fixing Unicode conversion bugTobias Brunner2012-09-171-2/+2
|
* android: Fix conversion of actual Unicode strings (i.e. bytes!=chars)Tobias Brunner2012-09-171-5/+6
|
* Removed the unneeded socket-raw pluginTobias Brunner2012-09-1410-895/+0
|
* Change traffic selectors during Quick Mode in case of a NAT in transport modeTobias Brunner2012-09-141-9/+19
| | | | | | | | | Windows 7 sends its internal address as TSi. While we don't support the NAT-T drafts as used by Windows XP it is interesting to note that the client there omits the TSi payload which then would automatically get set to the public IP address of the client. Fixes #220.
* Merge branch 'custom-crypto'Tobias Brunner2012-09-1322-86/+574
|\ | | | | | | | | | | | | | | This provides plugins with an interface to register keywords for proposals (e.g. when parsing the esp and ike options from ipsec.conf) and the possibility to register identifiers for kernel algorithms. It is based on patches contributed by Nanoteq Pty Ltd.
| * Added algorithm lookup via kernel_interface_t to the various kernel interfacesTobias Brunner2012-09-135-19/+72
| |
| * Added possibility to register custom kernel algorithms to kernel interfaceTobias Brunner2012-09-132-1/+172
| |
| * Added possibility to register custom proposal keywordsTobias Brunner2012-09-139-20/+186
| | | | | | | | Keyword lookup and registration are handled via the new lib->proposal object.
| * Removed len argument from proposal_get_token()Tobias Brunner2012-09-136-32/+30
| | | | | | | | Also use enumerators instead of lexparser.h to parse proposal strings.
| * Make arguments for enumerator_create_token|directory constTobias Brunner2012-09-132-7/+10
| |
| * Moved proposal_keywords to proposal_keywords_staticFrancois ten Krooden2012-09-137-34/+131
|/ | | | Added new proposal keywords with function to reference the static keywords.
* Option added to enforce a configured destination address for DHCP packetsTobias Brunner2012-09-132-1/+17
|
* version bump to 5.0.1rc1Andreas Steffen2012-09-121-1/+1
|
* Allow calls to set_address() for any host-sized TS, not only dynamic onesTobias Brunner2012-09-121-1/+1
| | | | | This fixes CHILD_SA updates (e.g. due to MOBIKE), which were broken since 4cb0783.
* Ensure traffic selectors are dynamic before calling set_address() when ↵Tobias Brunner2012-09-121-2/+2
| | | | deriving them
* Consistently log XFRM mark masks with 0 prefix in kernel-netlink pluginTobias Brunner2012-09-121-13/+13
|
* starter: Added --nolog option to suppress logging in starter itselfTobias Brunner2012-09-121-2/+6
| | | | Fixes #224.
* Updates to strongswan.conf(5) man page (added several missing options)Tobias Brunner2012-09-121-39/+82
|
* Some updates to ipsec.conf(5) man pageTobias Brunner2012-09-121-49/+70
|
* starter: Allow %any also for protocol in left|rightprotoportTobias Brunner2012-09-121-9/+15
|
* Don't allow NULL encryption with PEAPMartin Willi2012-09-121-1/+3
|
* Use memmove on overlapping regions, and operate with correct sizeof()Martin Willi2012-09-121-2/+2
|
* Whitespace cleanups in tls_eapMartin Willi2012-09-121-6/+6
|
* Use uintptr_t in mem pool to avoid compiler warning if sizeof(void*) != ↵Martin Willi2012-09-121-3/+2
| | | | sizeof(int)
* ikev1 hybrid authentication does not need client certificatesAndreas Steffen2012-09-124-6/+0
|
* corrected topology in ikev2/rw-radius-accounting scenarioAndreas Steffen2012-09-121-3/+2
|
* added ikev2/rw-eap-dynamic scenarioAndreas Steffen2012-09-1216-3/+172
|
* Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is emptyMartin Willi2012-09-111-29/+14
|
* Don't use host address for dynamic TS in IKEv1 if a virtual IP was expectedMartin Willi2012-09-111-40/+57
|
* Don't use host address for dynamic TS in IKEv2 if a virtual IP was expectedMartin Willi2012-09-111-1/+33
|
* Don't return a subset for a dynamic TS unless set_address has been calledMartin Willi2012-09-111-1/+5
|
* Send FAILED_CP_REQUIRED if a configuration payload was expected, but not ↵Martin Willi2012-09-111-0/+9
| | | | received
* Check for an existing lease in all stroke pools before creating a new oneMartin Willi2012-09-113-83/+180
|
* Pass full pool list to release_addressMartin Willi2012-09-119-47/+95
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-1110-73/+109
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add a linked list constructor initializing from an enumeratorMartin Willi2012-09-112-0/+27
|
* Add a responder narrow() hook to change TS in the kernel, but not on the wireMartin Willi2012-09-113-3/+48
|
* Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radiusMartin Willi2012-09-111-2/+10
|
* Fix leak while enumerating RADIUS Framed-IPs from IKE_SAMartin Willi2012-09-111-0/+1
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-106-14/+28
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Add random plugin options to strongswan.conf.5Martin Willi2012-09-102-0/+8
|
* Add strongswan.conf runtime options for /dev/[u]random filesMartin Willi2012-09-101-2/+7
| | | | Fixes #221.
* this is the correct evaltestAndreas Steffen2012-09-101-4/+3
|
* recovered ikev2/ip-two-pools-mixed evaltestAndreas Steffen2012-09-101-4/+5
|
* adapted ip-pool evaltestsAndreas Steffen2012-09-105-15/+15
|
* Use the proper types for comma separated attributes read from strongswan.confTobias Brunner2012-09-101-27/+25
| | | | | | Attributes of different address families previously were mapped to the same attribute type (the one derived from the address family of the first address).
* Print the name of mem pools instead of the confusing <base>/<size>Tobias Brunner2012-09-101-2/+4
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-09 18:26:32 +0000