aboutsummaryrefslogtreecommitdiffstats
path: root/conf/options
Commit message (Collapse)AuthorAgeFilesLines
* file-logger: Add option to print milliseconds within the current second ↵Tobias Brunner2015-11-091-0/+4
| | | | | | | | after timestamp For this to look right time_format should end with %S or %T. Closes strongswan/strongswan#18.
* libtnccs: Optionally use RTLD_NOW to load IMC/IMVs with dlopen()Tobias Brunner2015-11-091-2/+2
|
* plugin-loader: Optionally use RTLD_NOW with dlopen()Tobias Brunner2015-11-091-0/+4
| | | | | | | | | This can be useful when writing custom plugins as typos or missing linker flags that result in unresolved symbols in the shared object could otherwise cause late crashes. In particular, if such a symbol is used in a code path that is rarely executed. During development and testing using RTLD_NOW instead of RTLD_LAZY will prevent the plugin from getting loaded and makes the error visible immediately.
* ikev1: Make maximum number of IKEv1 phase 2 exchanges we keep state about ↵Tobias Brunner2015-10-301-0/+4
| | | | | | configurable Fixes #1128.
* starter: Remove documentation for starter.load optionTobias Brunner2015-08-271-3/+0
|
* Added imc-hcd attributes to strongswan.confAndreas Steffen2015-08-181-0/+3
|
* conf: Clarify resolution for two time settingsTobias Brunner2015-08-101-2/+2
| | | | Fixes #1061.
* imv_policy_manager: Added capability to execute an allow or block shell ↵Andreas Steffen2015-04-261-0/+13
| | | | command string
* trap-manager: Add option to ignore traffic selectors from acquire eventsTobias Brunner2015-03-231-0/+11
| | | | | | | | The specific traffic selectors from the acquire events, which are derived from the triggering packet, are usually prepended to those from the config. Some implementations might not be able to handle these properly. References #860.
* ikev2: Add an option to disable constraints against signature schemesTobias Brunner2015-03-041-0/+8
| | | | | | | | | | If this is disabled the schemes configured in `rightauth` are only checked against signature schemes used in the certificate chain and signature schemes used during IKEv2 are ignored. Disabling this could be helpful if existing connections with peers that don't support RFC 7427 use signature schemes in `rightauth` to verify certificate chains.
* ikev2: Add a global option to disable RFC 7427 signature authenticationTobias Brunner2015-03-041-0/+3
| | | | This is mostly for testing.
* mem-pool: Pass the remote IKE address, to re-acquire() an address during reauthMartin Willi2015-02-201-4/+0
| | | | | | | | | | | With make-before-break IKEv2 re-authentication, virtual IP addresses must be assigned overlapping to the same peer. With the remote IKE address, the backend can detect re-authentication attempts by comparing the remote host address and port. This allows proper reassignment of the virtual IP if it is re-requested. This change removes the mem-pool.reassign_online option, as it is obsolete now. IPs get automatically reassigned if a peer re-requests the same address, and additionally connects from the same address and port.
* ikev2: Trigger make-before-break reauthentication instead of reauth taskMartin Willi2015-02-201-0/+10
|
* mem-pool: Document reassign_online optionTobias Brunner2015-02-121-0/+4
|
* ike: Add IKEv2 in description of fragment_size option in strongswan.confTobias Brunner2014-10-141-3/+4
|
* ikev1: Move fragment generation to message_tTobias Brunner2014-10-101-3/+4
|
* starter: Allow specifying the ipsec.conf location in strongswan.confShea Levy2014-10-021-0/+3
|
* systemd: Add a native systemd journal loggerMartin Willi2014-09-221-0/+13
|
* conf: Document charon.*-scripts optionsTobias Brunner2014-06-301-0/+8
|
* conf: Document swanctl optionsTobias Brunner2014-06-301-0/+2
|
* conf: Document aikgen optionsTobias Brunner2014-06-301-0/+2
|
* autoconf: Replace --disable-tools option with --disable-scepclientTobias Brunner2014-06-301-0/+0
| | | | | Since using a separate option for pki this was the only tool that was still enabled by that option.
* kernel-netlink: Follow RFC 6724 when selecting IPv6 source addressesTobias Brunner2014-06-191-0/+4
| | | | | | | | Instead of using the first address we find on an interface we should consider properties like an address' scope or whether it is temporary or public. Fixes #543.
* configure: Separate pki from --disable-toolsMartin Willi2014-06-042-3/+2
| | | | While pki builds and runs just fine on Windows, this is not true for scepclient.
* ikev1: Add an option to accept unencrypted ID/HASH payloadsMartin Willi2014-04-171-0/+15
| | | | | | | | | Even in Main Mode, some Sonicwall boxes seem to send ID/HASH payloads in unencrypted form, probably to allow PSK lookup based on the ID payloads. We by default reject that, but accept it if the charon.accept_unencrypted_mainmode_messages option is set in strongswan.conf. Initial patch courtesy of Paul Stewart.
* openac: Remove obsolete openac utilityMartin Willi2014-03-311-3/+0
| | | | The same functionality is now provided by the pki --acert subcommand.
* conf: Install config files world-readable but warn about permissions for ↵Tobias Brunner2014-02-126-6/+13
| | | | certain options
* conf: Document options of other programsTobias Brunner2014-02-125-0/+62
|
* conf: Document options of plugins in libptsTobias Brunner2014-02-121-0/+5
|
* conf: Document libimcv optionsTobias Brunner2014-02-122-0/+32
|
* conf: Document libtnccs optionsTobias Brunner2014-02-121-0/+2
|
* conf: Add logger example configTobias Brunner2014-02-122-7/+57
|
* conf: Converted charon optionsTobias Brunner2014-02-121-1/+290
|
* conf: Generate and install config sippets for option descriptionsTobias Brunner2014-02-121-0/+2
The strongswan.d directory is also created relative to the configured location of strongswan.conf.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-17 21:33:30 +0000