| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | vici: add (deprecated) async parameter | Timo Teräs | 2017-11-20 | 1 | -2/+3 |
| | | | | | | | | This is obsoleted by the new "timeout=-1" option that achieves the same. Only for compatibility with old versions of quagga-nhrp. Signed-off-by: Timo Teräs <timo.teras@iki.fi> | ||||
| * | charon: add optional source and remote overrides for initiate | Timo Teräs | 2017-11-20 | 1 | -9/+54 |
| | | | | | | | | | | | | This introduces support for specifying optional IKE SA specific source and remote address for child sa initiation. This allows to initiate wildcard connection for known address via vici. In addition this allows impler implementation of trap-any patches and is a prerequisite for dmvpn support. Signed-off-by: Timo Teräs <timo.teras@iki.fi> | ||||
| * | vici: Don't fall back to uninstalling traps if a matching shunt was found | Tobias Brunner | 2017-03-23 | 1 | -3/+7 |
| | | | | | | | | This is different if `ike` and `child` are provided and uninstall() fails as we call that without knowing whether a matching shunt exists. But if `ike` is not provided we explicitly search for a matching shunt and if found don't need to look for a trap policy. | ||||
| * | vici: Add command to initiate SA rekeying | Tobias Brunner | 2017-02-16 | 1 | -2/+100 |
| | | |||||
| * | vici: Explicitly use peer name when uninstalling trap and shunt policies | Tobias Brunner | 2017-02-16 | 1 | -5/+29 |
| | | | | | Also adds an `ike` parameter to the `uninstall` command. | ||||
| * | shunt-manager: Add an optional namespace for each shunt | Tobias Brunner | 2017-02-16 | 1 | -2/+2 |
| | | | | | | This will allow us to reuse the names of child configs e.g. when they are defined in different connections. | ||||
| * | vici: Reload loggers after reloading strongswan.conf via reload-setting command | Tobias Brunner | 2017-01-25 | 1 | -0/+1 |
| | | |||||
| * | Use standard unsigned integer types | Andreas Steffen | 2016-03-24 | 1 | -3/+3 |
| | | |||||
| * | vici: Don't redirect all SAs if no selectors are given | Tobias Brunner | 2016-03-04 | 1 | -1/+1 |
| | | | | | | This avoid confusion and redirecting all SAs can now easily be done explicitly (e.g. peer_ip=0.0.0.0/0). | ||||
| * | vici: Match subnets and ranges against peer IP in redirect command | Tobias Brunner | 2016-03-04 | 1 | -11/+40 |
| | | |||||
| * | vici: Match identity with wildcards against remote ID in redirect command | Tobias Brunner | 2016-03-04 | 1 | -4/+7 |
| | | |||||
| * | vici: Add redirect command | Tobias Brunner | 2016-03-04 | 1 | -0/+117 |
| | | | | | | This allows redirecting IKE_SAs by multiple different selectors, if none are given all SAs are redirected. | ||||
| * | vici: Honor an optionally passed IKE configuration name in initiate/install | Martin Willi | 2015-12-07 | 1 | -5/+11 |
| | | | | | | | | If two IKE configurations have CHILD configurations with the same name, we have no control about the CHILD_SA that actually gets controlled. The new "ike" parameter specifies the peer config name to find the "child" config under. | ||||
| * | vici: Support completely asynchronous initiating and termination | Martin Willi | 2015-12-07 | 1 | -5/+17 |
| | | | | | | | In some situations the vici client is not interested in waiting for a timeout at all, so don't register a logging callback if the timeout argument is negative. | ||||
| * | vici: Optionally check limits when initiating connections | Tobias Brunner | 2015-08-21 | 1 | -1/+6 |
| | | | | | | If the init-limits parameter is set (disabled by default) init limits will be checked and might prevent new SAs from getting initiated. | ||||
| * | controller: Optionally adhere to init limits also when initiating IKE_SAs | Tobias Brunner | 2015-08-21 | 1 | -2/+2 |
| | | |||||
| * | Initialize variables that some compilers seem to warn about | Tobias Brunner | 2015-08-13 | 1 | -1/+1 |
| | | |||||
| * | controller: Use the CHILD_SA unique_id to terminate CHILD_SAs | Martin Willi | 2015-02-20 | 1 | -2/+2 |
| | | |||||
| * | vici: Add a command to reload strongswan.conf | Martin Willi | 2014-09-22 | 1 | -0/+12 |
| | | |||||
| * | vici: Return number of matching and closed SAs in terminate command | Martin Willi | 2014-05-07 | 1 | -9/+12 |
| | | |||||
| * | vici: Be less verbose about client connections | Martin Willi | 2014-05-07 | 1 | -0/+26 |
| | | | | | Instead, log the explicit commands at a higher level. | ||||
| * | vici: Add install/uninstall commands to manage trap and shunt policies | Martin Willi | 2014-05-07 | 1 | -0/+112 |
| | | |||||
| * | vici: Extract CHILD_SA config lookup method | Martin Willi | 2014-05-07 | 1 | -14/+26 |
| | | |||||
| * | vici: Avoid recursive control log invocations | Martin Willi | 2014-05-07 | 1 | -18/+24 |
| | | |||||
| * | vici: Implement a terminate command to close IKE or CHILD_SAs | Martin Willi | 2014-05-07 | 1 | -0/+118 |
| | | |||||
| * | vici: Add a control backend, currently to initiate connections by name | Martin Willi | 2014-05-07 | 1 | -0/+219 |
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |