| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | conf: Extend description of charon.plugins.kernel-netlink.xfrm_acq_expires | Tobias Brunner | 2016-08-29 | 1 | -5/+9 |
| | | |||||
| * | libtpmtss: Implemented TSS2 quote() method | Andreas Steffen | 2016-06-26 | 1 | -0/+3 |
| | | |||||
| * | libimcv: migrate pts to tpm_tss | Andreas Steffen | 2016-06-22 | 1 | -0/+3 |
| | | |||||
| * | p-cscf: Make sending requests configurable and disable it by default | Tobias Brunner | 2016-03-10 | 1 | -0/+11 |
| | | |||||
| * | eap-radius: Add ability to configure RADIUS retransmission behavior | Thom Troy | 2015-11-17 | 1 | -1/+12 |
| | | | | | Closes strongswan/strongswan#19. | ||||
| * | conf: Add documentation for new osx-attr option | Tobias Brunner | 2015-08-28 | 1 | -0/+3 |
| | | |||||
| * | conf: Fix declaration of default values for imc-hcd options | Tobias Brunner | 2015-08-27 | 1 | -5/+5 |
| | | |||||
| * | stroke: Add an option to disable side-swapping of configuration options | Tobias Brunner | 2015-08-21 | 1 | -0/+5 |
| | | | | | | In some scenarios it might be preferred to ensure left is always local and no unintended swaps occur. | ||||
| * | Added imc-hcd attributes to strongswan.conf | Andreas Steffen | 2015-08-18 | 1 | -0/+71 |
| | | |||||
| * | conf: Clarify resolution for two time settings | Tobias Brunner | 2015-08-10 | 1 | -2/+2 |
| | | | | | Fixes #1061. | ||||
| * | eap-radius: Change trigger for Accounting Start messages for IKEv1 | Tobias Brunner | 2015-08-06 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | Some clients won't do Mode Config or XAuth during reauthentication. Because Start messages previously were triggered by TRANSACTION exchanges none were sent for new SAs of such clients, while Stop messages were still sent for the old SAs when they were destroyed. This resulted in an incorrect state on the RADIUS server. Since 31be582399 the assign_vips() event is also triggered during reauthentication if the client does not do a Mode Config exchange. So instead of waiting for a TRANSACTION exchange we trigger the Start message when a virtual IP is assigned to a client. With this the charon.plugins.eap-radius.accounting_requires_vip option would not have any effect for IKEv1 anymore. However, it previously also only worked if the client did an XAuth exchange, which is probably rarely used without virtual IPs, so this might not be much of a regression. Fixes #937. | ||||
| * | kernel-netlink: Use PAGE_SIZE as default size for the netlink receive buffer | Tobias Brunner | 2015-08-04 | 1 | -1/+1 |
| | | | | | | | | | The kernel uses NLMSG_GOODSIZE as default buffer size, which defaults to the PAGE_SIZE if it is lower than 8192 or to that value otherwise. In some cases (e.g. for dump messages) the kernel might use up to 16k for messages, which might require increasing this value. | ||||
| * | kernel-netlink: Make buffer size for received Netlink messages configurable | Tobias Brunner | 2015-05-21 | 1 | -0/+3 |
| | | |||||
| * | Added PB-TNC test options to strongswan.conf man page | Andreas Steffen | 2015-03-27 | 1 | -0/+6 |
| | | |||||
| * | Fixed strongswan.conf man page entry of imc-attestation | Andreas Steffen | 2015-03-27 | 2 | -18/+18 |
| | | |||||
| * | Optionally announce PB-TNC mutual protocol capability | Andreas Steffen | 2015-03-23 | 1 | -0/+3 |
| | | |||||
| * | kernel-pfkey: Add option to set receive buffer size of event socket | Tobias Brunner | 2015-03-06 | 1 | -0/+7 |
| | | | | | | | | | If many requests are sent to the kernel the events generated by these requests may fill the receive buffer before the daemon is able to read these messages. Fixes #783. | ||||
| * | Implemented improved BLISS-B signature algorithm | Andreas Steffen | 2015-02-25 | 1 | -0/+2 |
| | | |||||
| * | forecast: Document strongswan.conf options | Martin Willi | 2015-02-20 | 1 | -0/+29 |
| | | |||||
| * | kernel-netlink: Add missing documentation for two options | Tobias Brunner | 2014-12-19 | 1 | -0/+6 |
| | | |||||
| * | kernel-netlink: Alternatively support global port based IKE bypass policies | Martin Willi | 2014-11-21 | 1 | -0/+9 |
| | | | | | | | The socket based IKE bypass policies are usually superior, but not supported on all networking stacks. The port based variant uses global policies for the UDP ports we have IKE sockets for. | ||||
| * | conf: Document kernel-netlink retransmission and parallelization options | Martin Willi | 2014-11-21 | 1 | -0/+17 |
| | | |||||
| * | eap-radius: Add option to set interval for interim accounting updates | Tobias Brunner | 2014-10-10 | 1 | -1/+5 |
| | | | | | | | Any interval returned by the RADIUS server in the Access-Accept message overrides the configured interval. But it might be useful if RADIUS is only used for accounting. | ||||
| * | ext-auth: Add an ext-auth plugin invoking an external authorization script | Martin Willi | 2014-10-06 | 1 | -0/+15 |
| | | | | | Original patch courtesy of Vyronas Tsingaras. | ||||
| * | stroke: Allow specifying the ipsec.secrets location in strongswan.conf | Shea Levy | 2014-10-02 | 1 | -0/+3 |
| | | |||||
| * | kernel-netlink: Optionally install protocol and ports on transport mode SAs | Tobias Brunner | 2014-09-12 | 1 | -0/+9 |
| | | |||||
| * | kernel-netlink: Add global option to configure MSS-clamping on installed routes | Tobias Brunner | 2014-09-12 | 1 | -0/+3 |
| | | |||||
| * | kernel-netlink: Add global option to set MTU on installed routes | Tobias Brunner | 2014-09-12 | 1 | -0/+3 |
| | | |||||
| * | conf: Document load-tester.crl option | Tobias Brunner | 2014-06-30 | 1 | -0/+4 |
| | | |||||
| * | Remove kernel-klips plugin | Tobias Brunner | 2014-06-19 | 1 | -5/+0 |
| | | |||||
| * | Fixed typo in strongswan.conf | Andreas Steffen | 2014-06-05 | 1 | -1/+1 |
| | | |||||
| * | Updated IMC/IMV entries in strongswan.conf man page | Andreas Steffen | 2014-05-31 | 10 | -35/+40 |
| | | |||||
| * | Implemented PT-EAP protocol (RFC 7171) | Andreas Steffen | 2014-05-12 | 2 | -1/+4 |
| | | |||||
| * | Changed default value to libimcv.imc-attestation.pcr_info = no | Andreas Steffen | 2014-05-10 | 1 | -1/+1 |
| | | |||||
| * | vici: Document strongswan.conf options | Martin Willi | 2014-05-07 | 1 | -0/+2 |
| | | |||||
| * | Use python-based swidGenerator to generated SWID tags | Andreas Steffen | 2014-04-15 | 1 | -0/+9 |
| | | |||||
| * | Renamed the AIK public key parameter to imc-attestation.aik_pubkey | Andreas Steffen | 2014-04-15 | 1 | -1/+1 |
| | | |||||
| * | Implemented configurable Device ID in OS IMC | Andreas Steffen | 2014-04-15 | 1 | -0/+12 |
| | | |||||
| * | eap-radius: Add option to not close IKE_SAs on timeouts during interim ↵ | Tobias Brunner | 2014-03-31 | 1 | -0/+4 |
| | | | | | | | accouting updates Fixes #528. | ||||
| * | Disable mandatory ECP support for attestion | Andreas Steffen | 2014-03-07 | 2 | -1/+7 |
| | | |||||
| * | conf: Install config files world-readable but warn about permissions for ↵ | Tobias Brunner | 2014-02-12 | 5 | -6/+12 |
| | | | | | certain options | ||||
| * | conf: Document options of plugins in libpts | Tobias Brunner | 2014-02-12 | 3 | -0/+48 |
| | | |||||
| * | conf: Document libimcv options | Tobias Brunner | 2014-02-12 | 6 | -0/+24 |
| | | |||||
| * | conf: Document libtnccs options | Tobias Brunner | 2014-02-12 | 4 | -0/+17 |
| | | |||||
| * | conf: Move load-tester options to plugin specific file | Tobias Brunner | 2014-02-12 | 1 | -1/+125 |
| | | |||||
| * | conf: Options of all plugins documented | Tobias Brunner | 2014-02-12 | 48 | -30/+527 |
| | | | | | Some options are still missing descriptions though. | ||||
| * | conf: Generate and install config sippets for option descriptions | Tobias Brunner | 2014-02-12 | 1 | -0/+30 |
| The strongswan.d directory is also created relative to the configured location of strongswan.conf. | |||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |