aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/stroke/stroke_config.c
Commit message (Collapse)AuthorAgeFilesLines
* stroke: Fix error message if parsing leftsourceip failsTobias Brunner2014-01-061-1/+1
|
* stroke: Configure proposal with AH protocol if 'ah' option setMartin Willi2013-10-111-11/+14
|
* stroke: don't remove a matching peer config if used by other child configsMartin Willi2013-09-131-4/+3
| | | | | When configurations get merged during add, we should not remove peer configs if other connection entries use the same peer config.
* Fixed double free causing swapped ends to crash5.1.1dr3Andreas Steffen2013-09-071-1/+0
|
* ike: support multiple addresses, ranges and subnets in IKE address configMartin Willi2013-09-041-22/+63
| | | | | | | Replace the allowany semantic by a more powerful subnet and IP range matching. Multiple addresses, DNS names, subnets and ranges can be specified in a comma separated list. Initiators ignore the ranges/subnets, responders match configurations against all addresses, ranges and subnets.
* ike-cfg: remove the to be obsoleted allow any parameter in get_my/other_addrMartin Willi2013-09-041-1/+1
|
* stroke: ignore a leftsourceip if a rightsourceip is given as wellMartin Willi2013-09-041-1/+7
| | | | | | As we always negotiate virtual IPs in charon, having both left- and rightsourceip is not allowed. Both in IKEv1 and IKEv2 we support a single configuration payload exchange only.
* stroke: re-enable modeconfig keywordMartin Willi2013-09-041-1/+1
|
* peer-cfg: add a pull/push mode option to use with mode configMartin Willi2013-09-041-0/+1
|
* Use strpfx() helper where appropriateTobias Brunner2013-07-081-5/+5
|
* stroke: Changed how proto/port are specified in left|rightsubnetTobias Brunner2013-06-281-1/+8
| | | | Using a colon as separator conflicts with IPv6 addresses.
* stroke: support %dynamic in left/rightsubnet for dynamic selectorsMartin Willi2013-06-191-2/+10
| | | | | | | This has the same meaning as omitting left/rightsubnet, i.e. replace it by the IKE address. Supporting %dynamic allows configurations with multiple dynamic selectors in a left/rightsubnet, each with potentially different proto/port selectors.
* stroke: support a specific proto/port for each net defined in left/rightsubnetMartin Willi2013-06-191-3/+105
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-071-2/+1
|
* Load raw keys before possibly destroying the identityTobias Brunner2013-04-011-12/+11
| | | | | | | | If no identity (or %any) is configured the identification_t object is destroyed and an invalid object was associated with the created pubkey certificate. Actually using %any does not work as the certificate would not match when the client later provides an identity.
* Merge branch 'multi-cert'Martin Willi2013-03-011-15/+32
|\ | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * Load multiple comma seperarated certificates in the leftcert optionMartin Willi2013-01-181-15/+32
| |
* | Merge branch 'opaque-ports'Martin Willi2013-03-011-4/+4
|\ \ | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | Pass complete port range over stroke interface for more flexibilityMartin Willi2013-02-211-14/+4
| | |
| * | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-211-5/+15
| |/
* | Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-061-1/+1
| |
* | Add a DSCP configuration value to IKE configsMartin Willi2013-02-061-1/+2
|/
* Don't handle right=%any6 as "loose" identity, but as %anyMartin Willi2013-01-141-2/+1
|
* Merge branch 'ikev1-fragmentation'Tobias Brunner2013-01-121-1/+2
|\ | | | | | | | | | | | | This adds support for the proprietary IKEv1 fragmentation extension. Conflicts: NEWS
| * Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-241-1/+2
| |
* | Fixed some typos in commentsVolker Rümelin2013-01-111-1/+1
|/
* Make use of new CIDR string ts constructor where appropriateMartin Willi2012-10-241-26/+11
|
* Remove version argument on peer_cfg constructor, use ike_cfg version insteadMartin Willi2012-10-241-2/+1
|
* Add IKE version information to ike_cfg_tMartin Willi2012-10-241-1/+2
|
* Make it easy to check if an address is locally usable via changed ↵Tobias Brunner2012-09-211-15/+7
| | | | get_interface() method
* Make stroke user-creds work with XAuth configsTobias Brunner2012-09-181-9/+18
|
* Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>Tobias Brunner2012-09-181-0/+10
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-101-0/+3
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Merge branch 'multi-vip'Martin Willi2012-08-311-47/+126
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * Support multiple addresses/pools in left/rightsourceipMartin Willi2012-08-301-53/+122
| |
| * Support multiple address pools configured on a peer_cfgMartin Willi2012-08-301-2/+8
| |
| * Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-301-1/+5
| |
* | Use eap_vendor_type_from_string() in strokeTobias Brunner2012-08-311-38/+7
|/
* Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-081-1/+2
|
* Make the UDP ports charon listens for packets on (and uses as source ports) ↵Tobias Brunner2012-08-081-1/+4
| | | | configurable.
* Don't add ANY identity constraint to auth config, as XAuth rounds don't use oneMartin Willi2012-07-261-1/+8
|
* Add an ipsec.conf leftgroups2 parameter for the second authentication roundMartin Willi2012-07-261-3/+4
|
* Select requested virtual IP family based on remote TS, if no local TS availableMartin Willi2012-06-201-1/+12
|
* Added signature scheme options left/rightauthMartin Willi2012-06-121-11/+99
|
* implemented the right|leftallowany featureAndreas Steffen2012-06-081-4/+8
|
* make IKEv1 DPD timeout configurable in charonAndreas Steffen2012-05-171-1/+2
|
* Merge branch 'ikev1'Martin Willi2012-05-021-44/+19
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Added support for authby/xauth_server legacy optionsMartin Willi2012-03-201-42/+1
| |
| * Added a "aggressive" ipsec.conf connection optionMartin Willi2012-03-201-1/+1
| |
| * Added an aggressive mode peer_cfg optionMartin Willi2012-03-201-1/+1
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 20:31:36 +0000