aboutsummaryrefslogtreecommitdiffstats
path: root/man
Commit message (Collapse)AuthorAgeFilesLines
* xauth-pam: Make trimming of email addresses optional5.1.1dr4Tobias Brunner2013-10-041-0/+4
| | | | Fixes #430.
* kernel-netlink: Allow to override xfrm_acq_expires valueAnsis Atteka2013-09-231-0/+5
| | | | | | | | | | | | | | | | When using auto=route, current xfrm_acq_expires default value implies that tunnel can be down for up to 165 seconds, if other peer rejected first IKE request with an AUTH_FAILED or NO_PROPOSAL_CHOSEN error message. These error messages are completely normal in setups where another application pushes configuration to both strongSwans without waiting for acknowledgment that they have updated their configurations. This patch allows strongswan to override xfrm_acq_expires default value by setting charon.plugins.kernel-netlink.xfrm_acq_expires in strongswan.conf. Signed-off-by: Ansis Atteka <aatteka@nicira.com>
* strongswan.conf: Use configured piddir for UNIX socketsTobias Brunner2013-09-131-6/+6
|
* Build generated man pages via configure scriptTobias Brunner2013-09-135-23/+14
|
* Make SWID directory where tags are stored configurableAndreas Steffen2013-09-051-0/+3
|
* man: add support for multiple addresses/ranges/subnets in ipsec.conf left=Martin Willi2013-09-041-3/+10
|
* man: update ipsec.conf modeconfig keywordMartin Willi2013-09-041-2/+1
|
* Selectively enable PT-TLS and/or RADIUS sockets in tnc-pdp pluginAndreas Steffen2013-08-261-0/+6
|
* moved tnc_imv plugin to libtnccs thanks to recommendation callback functionAndreas Steffen2013-08-151-8/+8
|
* Documented plugin move from libcharon to libtnccs in strongswan.confAndreas Steffen2013-08-151-15/+17
|
* Add PT-TLS interface to strongSwan PDPAndreas Steffen2013-08-151-3/+6
|
* strongswan.conf: Add note about reserved threadsTobias Brunner2013-08-071-1/+5
|
* strongswan.conf: Moved some stuff aroundTobias Brunner2013-07-231-23/+24
|
* strongswan.conf: Add missing optionsTobias Brunner2013-07-221-10/+47
|
* Fix various API doc issues and typosTobias Brunner2013-07-181-1/+1
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* ipsec.conf.5: closeaction is now supported for IKEv1Tobias Brunner2013-07-171-2/+1
|
* kernel-pfroute: Make time that is waited for VIPs to appear configurableTobias Brunner2013-07-171-0/+3
| | | | | One second might be too short for IPs to appear/disappear, especially on virtualized hosts.
* socket-default: Add options to disable address familiesTobias Brunner2013-07-051-0/+6
|
* stroke: Changed how proto/port are specified in left|rightsubnetTobias Brunner2013-06-281-6/+7
| | | | Using a colon as separator conflicts with IPv6 addresses.
* capabilities: Make the user and group charon(-nm) changes to configurableTobias Brunner2013-06-251-0/+6
|
* Removed obsoleted strongswan.conf optionsAndreas Steffen2013-06-211-15/+0
|
* charon-cmd: Link strongswan.conf(5) and charon-cmd(8) man pagesTobias Brunner2013-06-211-2/+9
|
* man: update ipsec.conf.5, describing new proto/port definition within leftsubnetMartin Willi2013-06-191-24/+34
|
* stroke: Load credentials from PKCS#12 files (P12 token)Tobias Brunner2013-05-081-4/+17
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-071-4/+6
|
* left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-071-3/+9
| | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
* Use the GEN silent rule when generating files with sedMartin Willi2013-05-061-1/+1
|
* kernel-netlink: Add an option to disable roam eventsTobias Brunner2013-05-031-0/+3
|
* added libstrongswan.plugins.openssl.fips_mode to man pageAndreas Steffen2013-04-161-0/+3
|
* Added charon.initiator_only option which causes charon to ignore IKE ↵Andreas Steffen2013-04-141-0/+3
| | | | initiation requests by peers
* implemented periodic IF-MAP RenewSession requestAndreas Steffen2013-04-031-1/+4
|
* Updated strongswan.conf(5) man pageTobias Brunner2013-04-011-10/+42
|
* updated strongswan.conf man page for tn_ifmap pluginAndreas Steffen2013-03-311-12/+12
|
* Merge branch 'multi-cert'Martin Willi2013-03-011-0/+4
|\ | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * Add ipsec.conf.5 updates regarding multiple certificates in leftcertMartin Willi2013-01-181-0/+4
| |
* | Merge branch 'opaque-ports'Martin Willi2013-03-011-0/+8
|\ \ | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | Document ipsec.conf leftprotoport extensions in manpageMartin Willi2013-02-211-0/+8
| | |
* | | Moved configuration from resolver manager to unbound pluginAndreas Steffen2013-02-191-0/+6
| | | | | | | | | | | | Also streamlined log messages in unbound plugin.
* | | ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.confReto Guadagnini2013-02-191-0/+3
| | |
* | | Merge branch 'ike-dscp'Martin Willi2013-02-141-0/+5
|\ \ \
| * | | Add ikedscp documentation to ipsec.conf.5Martin Willi2013-02-061-0/+5
| |/ /
* / / Typo in strongswan.conf(5) man page fixedTobias Brunner2013-01-311-1/+1
|/ /
* / Documented new options in strongswan.conf(5) man pageTobias Brunner2013-01-251-3/+60
|/
* Added an option to configure the maximum size of a fragmentTobias Brunner2013-01-121-0/+4
|
* Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-121-4/+9
|
* Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-242-5/+10
|
* Add an option to en-/disable IKE fragmentationTobias Brunner2012-12-241-0/+5
| | | | | Fragments are always accepted but will not be sent if disabled. The vendor ID is only sent if the option is enabled.
* add dlcose strongswan.conf option to tnc-imc/tnc-imv pluginsAndreas Steffen2012-12-091-0/+6
|
* updated strongswan.conf man pageAndreas Steffen2012-11-121-2/+14
|
* scanner imc/imv pair uses IETF VPN PA-TNC message subtypeAndreas Steffen2012-10-311-0/+6
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 01:57:47 +0000