aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/config
Commit message (Collapse)AuthorAgeFilesLines
...
* Use subset matching instead of is_contained_in() to select a child_cfgMartin Willi2013-06-131-4/+8
| | | | | | | If one selector has a wider IP range than the other, but the other has a wider port/protocol selector than the first one, none is completely contained in the other. The check for a match using is_contained_in() therefore would fail. Using get_subset() can handle such cases, fixing configuration selection.
* Add a DSCP configuration value to IKE configsMartin Willi2013-02-062-2/+23
|
* Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-122-5/+19
|
* Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-242-3/+27
|
* Include 'aggressive' when comparing peer_cfg_t objectsTobias Brunner2012-11-071-0/+1
|
* proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove allTobias Brunner2012-10-243-6/+15
|
* Moved data structures to new collections subfolderTobias Brunner2012-10-247-7/+7
|
* Moved host_t and host_resolver_t to a new networking subfolderTobias Brunner2012-10-243-3/+3
|
* Only add an implicit PRF based on the MAC alg if no PRF given in proposalMartin Willi2012-10-241-38/+38
|
* Remove peer_cfg IKE version matching, as it is done in ike_cfg matchingMartin Willi2012-10-241-22/+3
|
* Respect IKE version while selecting an ike_cfg as responderMartin Willi2012-10-242-11/+34
|
* Remove version argument on peer_cfg constructor, use ike_cfg version insteadMartin Willi2012-10-242-11/+4
|
* Add IKE version information to ike_cfg_tMartin Willi2012-10-242-2/+24
|
* Move ike_version_t definition from peer_cfg_t to ike_cfg_tMartin Willi2012-10-244-24/+24
|
* Make sure we propose a dynamic TS if we don't have hosts to derive a TS fromTobias Brunner2012-09-211-10/+8
| | | | 7ee37114 removed this behavior.
* Derive a dynamic TS to multiple virtual IPsMartin Willi2012-09-184-48/+55
|
* Added possibility to register custom proposal keywordsTobias Brunner2012-09-131-2/+2
| | | | Keyword lookup and registration are handled via the new lib->proposal object.
* Removed len argument from proposal_get_token()Tobias Brunner2012-09-131-24/+23
| | | | Also use enumerators instead of lexparser.h to parse proposal strings.
* Ensure traffic selectors are dynamic before calling set_address() when ↵Tobias Brunner2012-09-121-2/+2
| | | | deriving them
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-101-3/+5
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Merge branch 'multi-vip'Martin Willi2012-08-312-35/+94
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * Support multiple address pools configured on a peer_cfgMartin Willi2012-08-302-15/+46
| |
| * Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-302-22/+50
| |
* | Log configured IKE_SA proposals as initiatorTobias Brunner2012-08-241-0/+2
| |
* | Log configured CHILD_SA proposals as initiatorTobias Brunner2012-08-241-0/+2
|/
* Add DH group 15 (MODP-3072) to IKE proposalAdrian-Ken Rueegsegger2012-08-061-0/+1
|
* Pass opaque data to printf hooks and print_in_hook()Martin Willi2012-07-132-15/+15
|
* implemented the right|leftallowany featureAndreas Steffen2012-06-083-40/+75
|
* Added support for IKEv1 IPComp proposals in proposal substructure.Tobias Brunner2012-05-242-1/+3
|
* make IKEv1 DPD timeout configurable in charonAndreas Steffen2012-05-172-4/+27
|
* Merge branch 'ikev1'Martin Willi2012-05-024-59/+126
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Added an aggressive mode peer_cfg optionMartin Willi2012-03-202-6/+27
| |
| * Fix ike_version_t enum namesMartin Willi2012-03-201-1/+1
| |
| * Separated libcharon/sa directory with ikev1 and ikev2 subfoldersMartin Willi2012-03-201-2/+0
| |
| * Pass IKE version to peer config enumerator, filter configsMartin Willi2012-03-203-19/+44
| |
| * Support an "any" IKE version for both IKEv1 or IKEv2Martin Willi2012-03-201-0/+2
| |
| * Fixed SIGSEGV when logging peer config matches.Tobias Brunner2012-03-201-2/+3
| |
| * Log peer cfg enumeration externally for flexibilityMartin Willi2012-03-201-3/+0
| |
| * Accept NULL identities passed to peer config enumerationMartin Willi2012-03-201-9/+9
| |
| * Added a get_rekey/reauth_time() jitter parameter to get time without ↵Martin Willi2012-03-202-8/+10
| | | | | | | | randomization
| * Use enum to define IKE version on peer_cfg_t.Tobias Brunner2012-03-202-17/+38
| | | | | | | | Replaced all those magic numbers.
* | Make AES-CMAC actually usable for IKEv2.Tobias Brunner2012-04-041-0/+5
|/
* Added additional debug info to peer config matchingMartin Willi2011-10-111-0/+8
|
* Migrated peer_cfg_t to INIT/METHOD macros.Tobias Brunner2011-08-032-173/+122
|
* Fixed common misspellings.Tobias Brunner2011-07-204-10/+10
| | | | Mostly found by 'codespell'.
* Replaced more complex iterator usages.Tobias Brunner2011-07-061-10/+10
|
* Add NO_EXT_SEQ_NUMBER to proposal only if it has not been specified in stringMartin Willi2011-04-201-4/+10
|
* Added proposal keywords for ESN supportMartin Willi2011-04-202-18/+0
|
* Filter out non-matching ike_cfg in backend manager, so backends don't have toMartin Willi2011-02-031-0/+10
|
* Added a null-safe strdup variantMartin Willi2011-01-052-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 21:51:43 +0000