Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | add dlcose strongswan.conf option to tnc-imc/tnc-imv plugins | Andreas Steffen | 2012-12-09 | 1 | -0/+6 |
| | |||||
* | updated strongswan.conf man page | Andreas Steffen | 2012-11-12 | 1 | -2/+14 |
| | |||||
* | scanner imc/imv pair uses IETF VPN PA-TNC message subtype | Andreas Steffen | 2012-10-31 | 1 | -0/+6 |
| | |||||
* | FQDNs are actually not resolved when loading secrets | Tobias Brunner | 2012-10-29 | 1 | -7/+1 |
| | |||||
* | Added documentation for NTLM secrets | Tobias Brunner | 2012-10-25 | 1 | -0/+10 |
| | |||||
* | Remove obsolete pluto smartcard syntax in ipsec.secrets.5 | Martin Willi | 2012-10-24 | 1 | -8/+5 |
| | |||||
* | Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcards | Martin Willi | 2012-10-24 | 1 | -5/+7 |
| | |||||
* | Add leftcert ipsec.conf.5 documentation about smartcard certificates | Martin Willi | 2012-10-24 | 1 | -0/+12 |
| | |||||
* | Add ipsec.conf.5 documentation for explicit PRFs in IKE proposals | Martin Willi | 2012-10-24 | 1 | -7/+17 |
| | |||||
* | Added an option to reload certificates from PKCS#11 tokens on SIGHUP | Tobias Brunner | 2012-10-18 | 1 | -0/+3 |
| | |||||
* | Terminate unused resolver threads after a timeout | Tobias Brunner | 2012-10-18 | 1 | -0/+6 |
| | |||||
* | implemented os_info_t class | Andreas Steffen | 2012-10-10 | 1 | -6/+6 |
| | |||||
* | Added description for flush_auth_cfg and acct_port plus some minor editorial ↵ | Tobias Brunner | 2012-09-25 | 1 | -6/+16 |
| | | | | changes | ||||
* | Documentation about some time values clarified | Tobias Brunner | 2012-09-24 | 1 | -2/+2 |
| | |||||
* | Added an option to configure the interface on which virtual IP addresses are ↵ | Tobias Brunner | 2012-09-21 | 1 | -0/+4 |
| | | | | installed | ||||
* | Added options and a lookup function that will allow filtering of network ↵ | Tobias Brunner | 2012-09-21 | 1 | -1/+9 |
| | | | | interfaces | ||||
* | Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with Unity | Martin Willi | 2012-09-18 | 1 | -2/+3 |
| | |||||
* | Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity> | Tobias Brunner | 2012-09-18 | 1 | -0/+12 |
| | |||||
* | Option added to enforce a configured destination address for DHCP packets | Tobias Brunner | 2012-09-13 | 1 | -0/+8 |
| | |||||
* | Updates to strongswan.conf(5) man page (added several missing options) | Tobias Brunner | 2012-09-12 | 1 | -39/+82 |
| | |||||
* | Some updates to ipsec.conf(5) man page | Tobias Brunner | 2012-09-12 | 1 | -49/+70 |
| | |||||
* | Add uniqueids=never to ignore INITIAL_CONTACT notifies | Tobias Brunner | 2012-09-10 | 1 | -9/+16 |
| | | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies. | ||||
* | Add random plugin options to strongswan.conf.5 | Martin Willi | 2012-09-10 | 2 | -0/+8 |
| | |||||
* | added libimcv.assessment_result to strongswan.conf man page | Andreas Steffen | 2012-09-09 | 1 | -0/+3 |
| | |||||
* | Merge branch 'multi-vip' | Martin Willi | 2012-08-31 | 1 | -6/+16 |
|\ | | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers. | ||||
| * | Updated ipsec.conf.5 with multiple left/rightsourceip support | Martin Willi | 2012-08-30 | 1 | -6/+6 |
| | | |||||
| * | Add a description of the leftdns option to ipsec.conf.5 | Martin Willi | 2012-08-21 | 1 | -0/+10 |
| | | |||||
* | | Documentation for eap-dynamic added | Tobias Brunner | 2012-08-31 | 2 | -0/+11 |
|/ | |||||
* | Merge branch 'android-ndk' | Tobias Brunner | 2012-08-13 | 2 | -2/+18 |
|\ | | | | | | | | | | | | | | | | | | | | | | | This branch comes with some preliminary changes for the user-land IPsec implementation and the Android App. One important change is that the UDP ports used by the socket-default plugin were made configurable (either via ./configure or strongswan.conf). Also, the plugin does randomly allocate a port if it is configured to 0, which is useful for client implementations. A consequence of these changes is that the local UDP port used when creating ike_cfg_t objects has to be fetched from the socket. | ||||
| * | Added option to prevent socket-default from setting the source address on ↵ | Tobias Brunner | 2012-08-08 | 1 | -0/+3 |
| | | | | | | | | outbound packets | ||||
| * | socket-default plugin allocates random ports if configured to 0. | Tobias Brunner | 2012-08-08 | 1 | -0/+9 |
| | | | | | | | | Also added strongswan.conf options to change the ports. | ||||
| * | Added ESP log group for libipsec log messages. | Tobias Brunner | 2012-08-08 | 2 | -1/+5 |
| | | |||||
| * | Moved Android specific logger to separate plugin. | Tobias Brunner | 2012-08-08 | 1 | -1/+1 |
| | | | | | | | | | | | | This is mainly because the other parts of the existing android plugin can not be built in the NDK (access to keystore and system properties are not part of the stable NDK libraries). | ||||
* | | Documentation fixes regarding xauth-pam/eap-gtc plugins | Tobias Brunner | 2012-08-11 | 1 | -3/+5 |
| | | |||||
* | | make max_message_size parameter consistent with similar options | Andreas Steffen | 2012-08-09 | 1 | -2/+2 |
|/ | |||||
* | Add an ipsec.conf leftgroups2 parameter for the second authentication round | Martin Willi | 2012-07-26 | 1 | -0/+6 |
| | |||||
* | added PA-TNC max_msg_len option to man page | Andreas Steffen | 2012-07-13 | 1 | -0/+6 |
| | |||||
* | make maximum PB-TNC batch size configurable | Andreas Steffen | 2012-07-11 | 1 | -0/+3 |
| | |||||
* | added charon.plugins.eap-tnc.protocol option | Andreas Steffen | 2012-07-11 | 1 | -0/+3 |
| | |||||
* | EAP-TNC does not support fragmentation | Andreas Steffen | 2012-07-11 | 1 | -6/+0 |
| | |||||
* | configure size of ITA Dummy PA-TNC attribute | Andreas Steffen | 2012-07-11 | 1 | -0/+3 |
| | |||||
* | max_message_count = 0 disables limit | Andreas Steffen | 2012-07-11 | 1 | -4/+4 |
| | |||||
* | Some updates in ipsec.conf(5) for 5.0.0 | Tobias Brunner | 2012-06-26 | 1 | -36/+50 |
| | |||||
* | added charon.cisco_unity to strongswan.conf.5 man page | Andreas Steffen | 2012-06-25 | 1 | -0/+3 |
| | |||||
* | added secret as valid authby argument | Andreas Steffen | 2012-06-18 | 1 | -1/+1 |
| | |||||
* | Add documentation for signature hash algorithm enforcing to man ipsec.conf | Martin Willi | 2012-06-12 | 1 | -4/+11 |
| | |||||
* | starter: Drop support for %defaultroute. | Tobias Brunner | 2012-06-11 | 1 | -16/+2 |
| | |||||
* | Retry IKE_SA initiation if DNS resolution failed. | Tobias Brunner | 2012-05-30 | 1 | -0/+4 |
| | | | | | This is disabled by default and can be enabled with the charon.retry_initiate_interval option in strongswan.conf. | ||||
* | Updated ipsec.conf(5) to reflect changes to IPComp support. | Tobias Brunner | 2012-05-24 | 1 | -4/+2 |
| | |||||
* | Merge branch 'ikev1' | Martin Willi | 2012-05-02 | 1 | -367/+79 |
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c |