| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | addrblock: Use dynamic TS narrowing instead of rejecting the whole CHILD_SA | Martin Willi | 2017-03-02 | 1 | -43/+28 |
| | | | | | | | | | Previously, the client had to propose no wider selectors than the certificate permits, otherwise the complete CHILD_SA was rejected. However, with IKEv2 we can dynamically narrow the selectors to what the certificate allows. This makes client and gateway configurations very simple by just proposing 0.0.0.0/0, narrowed to selectors the client is permitted to route into the network. | ||||
| * | Moved X509 ipAddrBlock checking to the addrblock plugin | Martin Willi | 2010-07-13 | 1 | -0/+154 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |