aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins/vici/README.md
Commit message (Collapse)AuthorAgeFilesLines
* vici: Add 'get|reset-counters' commandsTobias Brunner2017-11-081-0/+29
|
* vici: Return key ID from load-key commandTobias Brunner2017-05-231-1/+2
| | | | | We already do this for load-token and this should simplify client implementations.
* Fixed some typos, courtesy of codespellTobias Brunner2017-03-231-1/+1
|
* vici: Document how we pronounce the vici protocol and pluginMartin Willi2017-03-201-3/+3
|
* vici: Add command to initiate SA rekeyingTobias Brunner2017-02-161-0/+18
|
* vici: Use unique names for CHILD_SAs in the list-sas commandTobias Brunner2017-02-161-1/+2
| | | | | | | | | The original name is returned in the new "name" attribute. This fixes an issue with bindings that map VICI messages to dictionaries. For instance, in roadwarrior scenarios where every CHILD_SA has the same name only the information of the last CHILD_SA would end up in the dictionary for that name.
* vici: Add command to load a private key from a tokenTobias Brunner2017-02-161-0/+18
| | | | | | | PINs are stored in a "hidden" credential set, so that its shared secrets are not exposed via VICI. Since they are not explicitly loaded as shared secrets via VICI a client might consider them as removed secrets and remove them.
* vici: List namespace/peer-cfg name with policies and allow filteringTobias Brunner2017-02-161-1/+4
| | | | The two names are also transmitted in separate keys.
* vici: Explicitly use peer name when uninstalling trap and shunt policiesTobias Brunner2017-02-161-1/+3
| | | | Also adds an `ike` parameter to the `uninstall` command.
* vici: Add possibility to remove shared keys by a unique identifierTobias Brunner2017-02-161-1/+25
| | | | | This identifier can be set when adding/replacing a secret. The unique identifiers of all secrets may be enumerated.
* vici: Add commands to enumerate and remove private keysTobias Brunner2017-02-161-0/+22
| | | | They are identified by their SHA-1 key identifier.
* vici: Add option to query a specific poolTobias Brunner2017-02-161-0/+1
|
* vici: Include the Netfilter marks in listed CHILD_SAsMartin Willi2017-02-131-0/+4
|
* vici: flush-certs command flushes certificate cacheAndreas Steffen2016-09-131-0/+13
| | | | | | | | | | When fresh CRLs are released with a high update frequency (e.g. every 24 hours) or OCSP is used then the certificate cache gets quickly filled with stale CRLs or OCSP responses. The new VICI flush-certs command allows to flush e.g. cached CRLs or OCSP responses only. Without the type argument all kind of certificates (e.g. also received end entity and intermediate CA certificates) are purged.
* vici list-conns sends reauthentication and rekeying time informationAndreas Steffen2016-05-041-0/+5
|
* vici: Fix documentation of some dictionary keys of two request messagesCameron McCord2016-03-311-3/+3
| | | | Closes strongswan/strongswan#40.
* vici: Match subnets and ranges against peer IP in redirect commandTobias Brunner2016-03-041-1/+2
|
* vici: Match identity with wildcards against remote ID in redirect commandTobias Brunner2016-03-041-1/+2
|
* vici: Add redirect commandTobias Brunner2016-03-041-0/+15
| | | | | This allows redirecting IKE_SAs by multiple different selectors, if none are given all SAs are redirected.
* vici: Provide ports of local and remote IKE endpointsTobias Brunner2016-03-031-0/+2
|
* vici: Correctly document 'up' key for updown eventsTobias Brunner2016-03-011-4/+4
| | | | Instead of sending 'no' it is omitted when an SA goes down.
* vici: list-cert sends subject, not-before and not-after attributes for pubkeysAndreas Steffen2016-01-091-0/+3
|
* Refactored certificate management for the vici and stroke interfaces5.4.0dr1Andreas Steffen2015-12-121-3/+7
|
* vici: Fix documentation about the initiate/terminate timeoutMartin Willi2015-12-071-2/+2
|
* vici: Honor an optionally passed IKE configuration name in initiate/installMartin Willi2015-12-071-0/+2
| | | | | | | If two IKE configurations have CHILD configurations with the same name, we have no control about the CHILD_SA that actually gets controlled. The new "ike" parameter specifies the peer config name to find the "child" config under.
* vici: Support completely asynchronous initiating and terminationMartin Willi2015-12-071-0/+6
| | | | | | In some situations the vici client is not interested in waiting for a timeout at all, so don't register a logging callback if the timeout argument is negative.
* Built the CPAN file structure for the Vici::Session perl moduleAndreas Steffen2015-12-011-0/+40
|
* vici: Add get-algorithms command to query loaded algorithms and implementationsTobias Brunner2015-11-301-0/+10
|
* vici: Add option to query leases of poolsTobias Brunner2015-11-101-1/+10
| | | | | We could later perhaps add filter parameters similar to those of the `ipsec leases` command (pool name/virtual IP).
* vici: Return local and remote virtual IPs when listing SAsTobias Brunner2015-11-101-0/+6
|
* vici: Add NAT information when listing IKE_SAsTobias Brunner2015-11-091-0/+4
| | | | | | | | | | The `nat-local` and `nat-remote` keys contain information on the NAT status of the local and remote IKE endpoints, respectively. If a responder did not detect a NAT but is configured to fake a NAT situation this is indicated by `nat-fake` (if an initiator fakes a NAT situation `nat-local` is set). If any NAT is detected or faked `nat-any` is set. Closes strongswan/strongswan#16.
* vici: Optionally check limits when initiating connectionsTobias Brunner2015-08-211-0/+1
| | | | | If the init-limits parameter is set (disabled by default) init limits will be checked and might prevent new SAs from getting initiated.
* vici: Add ike/child-rekey eventsTobias Brunner2015-08-171-0/+36
|
* vici: Document the ike/child-updown eventsTobias Brunner2015-08-171-0/+23
|
* vici: Certification Authority support added.Andreas Steffen2015-07-211-0/+64
| | | | | | CDP and OCSP URIs for a one or multiple certification authorities can be added via the VICI interface. swanctl allows to read definitions from a new authorities section.
* vici: Catch Python GeneratorExit to properly cancel streamed event iterationMartin Willi2015-03-181-0/+5
|
* vici: Return a Python generator instead of a list for streamed responsesMartin Willi2015-03-181-4/+4
| | | | | | | In addition that it may reduce memory usage and improve performance for large responses, it returns immediate results. This is important for longer lasting commands, such as initiate/terminate, where immediate log feedback is preferable when interactively calling such commands.
* vici: Add initial Python egg documentation to READMEMartin Willi2015-03-181-0/+65
|
* vici: Use default Unix vici socket if none passed to ruby constructorMartin Willi2015-03-181-3/+3
| | | | | While we currently have a static path instead of one generated with Autotools, this at least is congruent to what we have in the Python library.
* vici: Include the CHILD_SA unique ID in list-sa eventMartin Willi2015-02-201-0/+1
|
* vici: Fix README example encoding element type values, off by oneMartin Willi2015-01-211-10/+10
| | | | | | | While we fixed the wrong values in the description with d39e04b5, the example values are still off by one. Fixes #828.
* vici: Document the ruby gem and add some simple examplesMartin Willi2014-10-101-0/+58
|
* vici: Add some simple libvici examples to the READMEMartin Willi2014-10-101-2/+116
|
* vici: Document the available vici command and event messagesMartin Willi2014-10-101-1/+509
|
* vici: Fix message encoding type values in documentationMartin Willi2014-10-101-6/+6
|
* Fixed some typosTobias Brunner2014-06-301-1/+1
|
* vici: Increase vici message length header from 16 to 32 bitsMartin Willi2014-05-071-4/+4
| | | | | | | | | While we currently have no need for messages larger than 65KB, we should design the protocol to be future-proof, as we plan to keep at least to lowest protocol layer stable. To avoid any allocation issues, we currently keep the message size limit at 512KB.
* vici: Add low-level IPC protocol descriptionMartin Willi2014-05-071-0/+176
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 08:20:51 +0000