aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* stroke: Default to %dynamic if no valid TS are specified in left|rightsubnetTobias Brunner2017-01-251-57/+44
| | | | | | | Otherwise, we'd end up with an empty TS list, which is not valid. Because end->tohost is set to !end->subnets in starter the removed branch was never used.
* init: Let systemd restart daemons if they get terminated unexpectedlyTobias Brunner2017-01-252-0/+2
| | | | Fixes #2205.
* init: Depend on network-online.target instead of network.target in systemd unitsTobias Brunner2017-01-252-2/+2
| | | | | | | This makes sure the network is "up" before connections are loaded/initiated. Fixes #2205.
* Merge branch 'charon-systemd-reload-loggers'Tobias Brunner2017-01-2514-48/+101
|\ | | | | | | | | | | | | | | | | | | Allows reloading strongswan.conf, the loggers, and the plugins in charon-systemd by sending a SIGHUP (as already supported by charon). Loggers are now also reloaded by VICI's `reload-settings` command (works with both daemons). Fixes #2222.
| * vici: Reload loggers after reloading strongswan.conf via reload-setting commandTobias Brunner2017-01-251-0/+1
| |
| * daemon: Use separate method to set default loggersTobias Brunner2017-01-2513-49/+85
| | | | | | | | | | This way it is not necessary to pass the same values to reload the loggers.
| * charon-systemd: Handle SIGHUP the same way charon doesTobias Brunner2017-01-251-0/+16
|/ | | | That is, reload strongswan.conf, the loggers and the plugins.
* ha: Fix assignment of IP addresses if multiple pools are definedTobias Brunner2017-01-251-2/+6
| | | | Fixes #2146.
* ha: Delete passive IKE_SA on other node after half-open timeoutTobias Brunner2017-01-251-0/+15
| | | | Fixes #1192.
* kernel-netlink: Return const pointer from lookup_algorithm()Thomas Egerer2017-01-231-3/+4
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* Merge branch 'android-import'Tobias Brunner2017-01-2018-51/+1298
|\ | | | | | | Adds a VPN profile import feature.
| * android: New release after adding profile import functionalityTobias Brunner2017-01-201-2/+2
| |
| * android: Handle profile file names with dots in themTobias Brunner2017-01-201-0/+3
| |
| * android: Handle errors when fetching profile in more detailTobias Brunner2017-01-206-16/+77
| |
| * android: Add activity to import VPN profiles from JSON-encoded filesTobias Brunner2017-01-2012-0/+1053
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The file format is documented on the wiki. URLs to .sswan files may be intercepted and downloaded files with a media type of application/vnd.strongswan.profile may also be opened (the file extension doesn't matter in that case). Whether downloaded files for which the media type is not correct but the extension is .sswan can be opened depends on the app that issues the Intent. For instance, from the default Downloads app it won't work due to the content:// URLs that do not contain the file name but when opening the downloaded file from within Chrome's Downloads view it works as these Intents use file:// URLs, which contain the complete file name (the latter requires a new permission).
| * android: Use a local broadcast to notify about profile changesTobias Brunner2017-01-203-47/+107
| | | | | | | | | | This allows other components to modify the profiles and notify about changes.
| * android: Add a UUID property to the VPN profilesTobias Brunner2017-01-203-2/+72
|/ | | | | | All new or edited profiles get a random UUID. We currently don't enforce one, though. Later we might change that and use the UUID as primary key.
* Merge branch 'ipsec-commands'Tobias Brunner2017-01-191-12/+20
|\ | | | | | | | | | | | | Fixes an issue with the ipsec script when used with sudo. I'd usually rebase this but the commit ID was already referenced elsewhere.
| * ipsec: Only allow specific commands to be executed via ipsec scriptTobias Brunner2017-01-181-12/+20
|/ | | | | The previous fallback allowed running any executable as root if executing ipsec via sudo was allowed, by using e.g. `sudo ipsec ../../../bin/sh`.
* bliss: Increase timeout for sampler unit testTobias Brunner2017-01-161-2/+2
| | | | Fixes #2204.
* android: Include ref10 subdirectory for curve25519 pluginTobias Brunner2017-01-161-0/+1
| | | | Fixes #2201.
* Version bump to 5.5.2dr45.5.2dr4Andreas Steffen2017-01-022-3/+3
|
* Merge branch 'disable_ocsp'Andreas Steffen2017-01-0280-139/+701
|\
| * testing: Added swanctl/ocsp-disabled scenarioAndreas Steffen2017-01-0211-0/+264
| |
| * testing: Added swanctl/ocsp-signer-cert scenarioAndreas Steffen2017-01-0211-0/+257
| |
| * revocation: OCSP and/or CRL fetching can be disabledAndreas Steffen2016-12-303-38/+79
| |
| * testing: Convert swanctl scenarios to curve-25519Andreas Steffen2016-12-3055-101/+101
|/
* Version bump to 5.5.2dr3 and Linux kernel 4.95.5.2dr3Andreas Steffen2016-12-174-3/+2509
|
* testing: strongTNC does not come with django.db any moreAndreas Steffen2016-12-174-3/+18
|
* testing: Added ikev2/net2net-ed25519 scenarioAndreas Steffen2016-12-1717-0/+173
|
* stroke: Load general PKCS#8 private keysAndreas Steffen2016-12-172-3/+9
|
* Merge branch 'Ed25519'Andreas Steffen2016-12-1673-109/+7058
|\
| * Moved Ed25519 tests to libstrongswanAndreas Steffen2016-12-1410-142/+27
| |
| * unit-tests: Completed coverage of hasher, crypter and libnttfftAndreas Steffen2016-12-143-34/+57
| |
| * Added swanctl/net2net-ed2559 scenario and needed Ed25519 certificatesAndreas Steffen2016-12-1428-1/+300
| |
| * Implemented EdDSA for IKEv2 using a pro forma Identity hash functionAndreas Steffen2016-12-146-17/+140
| |
| * Added Ed25519 ref10 implementation from libsodiumAndreas Steffen2016-12-1414-16/+5790
| |
| * Added support of EdDSA signaturesAndreas Steffen2016-12-1431-55/+900
| |
* | vici: Check for closed connection in Python bindingsWeilu Jia2016-12-141-1/+4
|/ | | | | | | The Python VICI library does not check if the socket is closed. If the daemon closes the connection, _recvall() spins forever. Closes strongswan/strongswan#56.
* kernel-netlink: Add support for AES-CMAC-96 (RFC 4494)Tobias Brunner2016-12-121-0/+1
| | | | The kernel apparently supports this since 3.10.
* android: New release after re-adding support for ECC Brainpool curvesTobias Brunner2016-12-101-2/+2
|
* openssl: BoringSSL doesn't provide curve data for ECC Brainpool curvesTobias Brunner2016-12-101-1/+4
|
* android: New release after fixing libtpmtss issueTobias Brunner2016-12-091-2/+2
|
* android: Make sure libtpmtss is loaded on older systemsTobias Brunner2016-12-093-1/+3
| | | | | On newer Android systems this seems to happen automatically (or does at least not cause crashes if the library is not loaded).
* android: New release after adding notificationTobias Brunner2016-12-081-2/+2
|
* Merge branch 'android-updates'Tobias Brunner2016-12-0816-44/+175
|\ | | | | | | | | | | | | | | Adds a permanent notification while connected (or connecting), which allows running as a foreground service, which in turn should prevent Android from terminating the service when low on memory. Also adds support for ChaCha20/Poly1305 AEAD and Curve25519 DH.
| * android: Ensure that the certificates are loaded when accessing them via JNITobias Brunner2016-12-081-1/+1
| |
| * android: Add a public notificationTobias Brunner2016-12-081-6/+10
| |
| * android: Display a permanent notification while connectedTobias Brunner2016-12-089-27/+120
| | | | | | | | | | This forces the service to run in the foreground, meaning the system won't kill it when low on memory.
| * android: Log any installed DNS serversTobias Brunner2016-12-081-1/+1
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 16:44:00 +0000