aboutsummaryrefslogtreecommitdiffstats
path: root/man
Commit message (Collapse)AuthorAgeFilesLines
* conf: Generate strongswan.conf(5) man page in different directoryTobias Brunner2014-02-122-1783/+1
|
* plugin-loader: Optionally use load option in each plugin section to load pluginsTobias Brunner2014-02-121-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This now works because all plugins use the same config namespace. If <ns>.load_modular is true, the list of plugins to load is determined via the value of the <ns>.plugins.<name>.load options. Using includes the following is possible: charon { load_modular = yes plugins { include strongswan.d/charon/*.conf } } charon-cmd { load_modular = yes plugins { include strongswan.d/charon-cmd/*.conf } } Where each .conf file would contain something like: <name> { load = yes <option> = <value> } To increase the priority of individual plugins load = <priority> can be used (the default is 1). For instance, to use openssl instead of the built-in crypto plugins set in strongswan.d/charon/openssl.conf: openssl { load = 10 } If two plugins have the same priority their order in the default plugin list is preserved. Plugins not found in that list are ordered alphabetically before other plugins with the same priority.
* libtls: Move settings to <ns>.tls with fallback to libtlsTobias Brunner2014-02-121-13/+12
|
* lib: All settings use configured namespaceTobias Brunner2014-02-121-142/+142
|
* ike: Restart inactivity counter after doing a CHILD_SA rekeyMartin Willi2014-01-231-1/+3
| | | | | | | | | | | | When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity job is queued for a time unrelated to the rekey time, so it might happen that the inactivity job gets executed just after rekeying. If this happens, inactivity is detected even if we had traffic on the rekeyed CHILD_SA just before rekeying. This change implies that inactivity checks can't handle inactivity timeouts for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter than the rekey time to have any effect.
* man: Document xauth-pam session optionMartin Willi2014-01-231-0/+3
|
* stroke: Add an option to prevent log level changes via stroke socketTobias Brunner2014-01-231-0/+3
|
* man: Add documentation of the dhcp interface optionThomas Egerer2014-01-201-0/+5
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* Fixed formatting in strongswan.confAndreas Steffen2013-12-031-3/+7
|
* Added DRBG automatic reseeding testsAndreas Steffen2013-11-271-0/+4
|
* Any of the four NTRU parameter sets can be selectedAndreas Steffen2013-11-271-2/+2
|
* Make the NTRU parameter set configurableAndreas Steffen2013-11-271-0/+5
|
* Implemented libstrongswan.plugins.random.strong_equals_true optionAndreas Steffen2013-11-161-0/+4
|
* man: strongswan.conf(5) updatedTobias Brunner2013-10-291-5/+35
|
* ipsec.conf.5: Note about ICMP[v6] message type/code addedTobias Brunner2013-10-171-0/+8
|
* unbound: Add support for DLV (DNSSEC Lookaside Validation)Tobias Brunner2013-10-111-1/+9
| | | | Fixes #392.
* kernel-libipsec: Add an option to allow remote TS to match the IKE peerTobias Brunner2013-10-111-0/+7
| | | | | | | | Setting the fwmark options for the kernel-netlink and socket-default plugins allow this kind of setup. It is probably required to set net.ipv4.conf.all.rp_filter to 2 to make it work.
* socket-default: Allow setting firewall mark on outbound packetsTobias Brunner2013-10-111-0/+3
|
* kernel-netlink: Allow setting firewall marks on routing ruleTobias Brunner2013-10-111-0/+5
|
* ipsec.conf: Add a description for the new 'ah' keyword.Martin Willi2013-10-111-0/+41
|
* xauth-pam: Make trimming of email addresses optional5.1.1dr4Tobias Brunner2013-10-041-0/+4
| | | | Fixes #430.
* kernel-netlink: Allow to override xfrm_acq_expires valueAnsis Atteka2013-09-231-0/+5
| | | | | | | | | | | | | | | | When using auto=route, current xfrm_acq_expires default value implies that tunnel can be down for up to 165 seconds, if other peer rejected first IKE request with an AUTH_FAILED or NO_PROPOSAL_CHOSEN error message. These error messages are completely normal in setups where another application pushes configuration to both strongSwans without waiting for acknowledgment that they have updated their configurations. This patch allows strongswan to override xfrm_acq_expires default value by setting charon.plugins.kernel-netlink.xfrm_acq_expires in strongswan.conf. Signed-off-by: Ansis Atteka <aatteka@nicira.com>
* strongswan.conf: Use configured piddir for UNIX socketsTobias Brunner2013-09-131-6/+6
|
* Build generated man pages via configure scriptTobias Brunner2013-09-135-23/+14
|
* Make SWID directory where tags are stored configurableAndreas Steffen2013-09-051-0/+3
|
* man: add support for multiple addresses/ranges/subnets in ipsec.conf left=Martin Willi2013-09-041-3/+10
|
* man: update ipsec.conf modeconfig keywordMartin Willi2013-09-041-2/+1
|
* Selectively enable PT-TLS and/or RADIUS sockets in tnc-pdp pluginAndreas Steffen2013-08-261-0/+6
|
* moved tnc_imv plugin to libtnccs thanks to recommendation callback functionAndreas Steffen2013-08-151-8/+8
|
* Documented plugin move from libcharon to libtnccs in strongswan.confAndreas Steffen2013-08-151-15/+17
|
* Add PT-TLS interface to strongSwan PDPAndreas Steffen2013-08-151-3/+6
|
* strongswan.conf: Add note about reserved threadsTobias Brunner2013-08-071-1/+5
|
* strongswan.conf: Moved some stuff aroundTobias Brunner2013-07-231-23/+24
|
* strongswan.conf: Add missing optionsTobias Brunner2013-07-221-10/+47
|
* Fix various API doc issues and typosTobias Brunner2013-07-181-1/+1
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* ipsec.conf.5: closeaction is now supported for IKEv1Tobias Brunner2013-07-171-2/+1
|
* kernel-pfroute: Make time that is waited for VIPs to appear configurableTobias Brunner2013-07-171-0/+3
| | | | | One second might be too short for IPs to appear/disappear, especially on virtualized hosts.
* socket-default: Add options to disable address familiesTobias Brunner2013-07-051-0/+6
|
* stroke: Changed how proto/port are specified in left|rightsubnetTobias Brunner2013-06-281-6/+7
| | | | Using a colon as separator conflicts with IPv6 addresses.
* capabilities: Make the user and group charon(-nm) changes to configurableTobias Brunner2013-06-251-0/+6
|
* Removed obsoleted strongswan.conf optionsAndreas Steffen2013-06-211-15/+0
|
* charon-cmd: Link strongswan.conf(5) and charon-cmd(8) man pagesTobias Brunner2013-06-211-2/+9
|
* man: update ipsec.conf.5, describing new proto/port definition within leftsubnetMartin Willi2013-06-191-24/+34
|
* stroke: Load credentials from PKCS#12 files (P12 token)Tobias Brunner2013-05-081-4/+17
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-071-4/+6
|
* left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-071-3/+9
| | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
* Use the GEN silent rule when generating files with sedMartin Willi2013-05-061-1/+1
|
* kernel-netlink: Add an option to disable roam eventsTobias Brunner2013-05-031-0/+3
|
* added libstrongswan.plugins.openssl.fips_mode to man pageAndreas Steffen2013-04-161-0/+3
|
* Added charon.initiator_only option which causes charon to ignore IKE ↵Andreas Steffen2013-04-141-0/+3
| | | | initiation requests by peers
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-12 10:46:06 +0000