aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* Avoid a race condition when reloading secrets from ipsec.secretsTobias Brunner2013-03-201-18/+25
| | | | | | | With the previous implementation that cleared the secrets in the active credential set and then loaded the secrets, IKE SA establishment would fail (as initiator or responder) if secrets are concurrently reloaded and the required secret was not yet loaded.
* Add an option to autobalance a HA cluster automaticallyMartin Willi2013-03-191-0/+59
|
* Check if for some reason we handle a HA segment on both nodesMartin Willi2013-03-191-1/+15
|
* Acquire HA segment lock while sending heartbeatMartin Willi2013-03-191-0/+2
|
* Removed unused variable 'id'Tobias Brunner2013-03-191-2/+1
|
* Fix scheduling of heartbeat sending in HA pluginMartin Willi2013-03-191-2/+11
| | | | | | e0efd7c1 switches to automated job rescheduling for HA heartbeat. However, send_status() is initially called directly, which will not reschedule the job as required.
* Fix compiler warning in HA pluginMartin Willi2013-03-191-1/+1
|
* Don't try to mmap() empty ipsec.secret filesMartin Willi2013-03-191-1/+5
|
* Added xauth-noauth pluginTobias Brunner2013-03-195-0/+261
| | | | | | | | This XAuth backend does not do any authentication of client credentials but simply sends a successful XAuth status to the client, thereby concluding the XAuth exchange. This can be useful to fallback to basic RSA authentication with clients that can not be configured without XAuth authentication.
* In stroke counters, check if we have an IKE_SA before getting the name from itMartin Willi2013-03-191-3/+6
| | | | | Fixes a segfault when receiving an invalid IKE SPI, where we don't have an IKE_SA for the raised alert.
* Add an "esp" load-tester option to configure custom CHILD_SA ESP proposalMartin Willi2013-03-181-3/+16
|
* Algorithms are not really specific to an IKE versionTobias Brunner2013-03-181-1/+1
| | | | | | But not all of them can be used with IKEv1. Fixes #314.
* Merge branch 'radius-ext'Martin Willi2013-03-1810-78/+1150
|\ | | | | | | | | | | Bring some extensions to eap-radius, namely a virtual IP address provider based on received Framed-IPs, forwarding of Cisco Unity banners, Interim Accounting updates and the reporting of sent/received packets.
| * Don't create interim update entries if RADIUS accounting is disabledMartin Willi2013-03-142-7/+7
| |
| * Add support for RADIUS Interim accounting updatesMartin Willi2013-03-143-39/+269
| |
| * Add an option to delete any established IKE_SA if RADIUS server is not ↵Martin Willi2013-03-144-7/+67
| | | | | | | | responding
| * Send Acct-Terminate-Cause based on some alerts catched on the busMartin Willi2013-03-141-0/+62
| | | | | | | | | | Currently supported are user disconnects, session timeouts and if the peer does not respond on IKE packets or DPDs.
| * Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Accounting-RequestsMartin Willi2013-03-141-4/+33
| |
| * Support RADIUS accounting of sent/received packetsMartin Willi2013-03-141-13/+23
| |
| * Report the number of processed packets in "ipsec statusall"Martin Willi2013-03-141-5/+9
| |
| * child_sa_t.get_usestats() can additionally return the number of processed ↵Martin Willi2013-03-142-5/+4
| | | | | | | | packets
| * kernel_ipsec_t.query_sa() additionally returns the number of processed packetsMartin Willi2013-03-141-2/+2
| |
| * Send NAS-Port, NAS-IP and Calling/Called-Station-ID in Access-RequestMartin Willi2013-03-131-7/+56
| |
| * Forward Cisco Banner received from RADIUS to Unity capable clientsMartin Willi2013-03-123-5/+176
| |
| * In eap-radius, hand out received Framed-IP-Address attributes as virtual IPMartin Willi2013-03-125-2/+460
| |
* | Merge branch 'stroke-counters'Martin Willi2013-03-183-11/+185
|\ \ | | | | | | | | | | | | Extend stroke counters functionality by connection specific counters, and a resetcounters command to reset the global or connection counters.
| * | Add a "resetcounters" command to ipsec, clearing global or connection countersMartin Willi2013-03-153-1/+38
| | |
| * | Add connection name specific stroke countersMartin Willi2013-03-153-11/+148
| | |
* | | Merge branch 'stroke-timeout'Martin Willi2013-03-181-18/+82
|\ \ \ | |_|/ |/| | | | | Add a strongswan.conf timeout option for stroke control commands.
| * | Add a stroke command timeout option, and report status of completed commandMartin Willi2013-03-071-18/+82
| |/
* | Support mutliple subnets and ranges as external load-tester addressesMartin Willi2013-03-111-15/+59
| |
* | instead of cloning use extract_buf() methodAndreas Steffen2013-03-041-1/+1
| |
* | Fixed Doxygen comments after scanning complete src directoryTobias Brunner2013-03-024-5/+5
| |
* | Removed backend for old Android frontend patchTobias Brunner2013-03-0210-917/+77
| | | | | | | | Moved the remaining DNS handler to a new plugin.
* | Merge branch 'multi-cert'Martin Willi2013-03-011-15/+32
|\ \ | | | | | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * | Load multiple comma seperarated certificates in the leftcert optionMartin Willi2013-01-181-15/+32
| | |
* | | Merge branch 'systime'Martin Willi2013-03-015-0/+445
|\ \ \ | | | | | | | | | | | | | | | | | | | | Add a systime-fix plugin allowing an embedded system to validate certificates if the system time has not been synchronized after boot. Certificates of established tunnels can be re-validated after the system time gets valid.
| * | | systime-fix disables certificate lifetime validation if system time not syncedMartin Willi2013-02-194-0/+326
| | | | | | | | | | | | | | | | | | | | | | | | The system time can be periodically checked. If it gets valid, certificates get rechecked with the current lifetime. If certificates are invalid, associated IKE_SAs can be closed or reauthenticated.
| * | | Add a stub for systime-fix, a plugin handling certificate lifetimes gracefullyMartin Willi2013-02-193-0/+119
| | |/ | |/|
* | | Merge branch 'vip-shunts'Martin Willi2013-03-011-11/+6
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Installs bypass policies for the physical address if a virtual address is assigned, and installs a proper source route to actually use the physical address for bypassed destinations. Conflicts: src/libcharon/plugins/unity/unity_handler.c
| * | | Include local address for Unity Split-Exclude shunt policiesMartin Willi2013-02-201-10/+5
| | | | | | | | | | | | | | | | | | | | If we use a virtual IP, having a shunt policy for just that wouldn't work, as we want a shunt bypass using the local address.
* | | | Merge branch 'opaque-ports'Martin Willi2013-03-015-9/+11
|\ \ \ \ | |/ / / |/| | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | | Pass complete port range over stroke interface for more flexibilityMartin Willi2013-02-211-14/+4
| | | |
| * | | Use a complete port range in traffic_selector_create_from_{subnet,cidr}Martin Willi2013-02-215-12/+22
| |/ /
* | | treat IF-M and IF-TNCCS remediation instructions/parameters in an equal wayAndreas Steffen2013-02-193-97/+198
| | |
* | | Streamlined log messages in ipseckey pluginAndreas Steffen2013-02-192-58/+30
| | |
* | | ipseckey: Report IPSECKEYs with invalid DNSSEC security stateReto Guadagnini2013-02-191-2/+12
| | |
* | | ipseckey: Added "enable" option for the IPSECKEY plugin to strongswan.confReto Guadagnini2013-02-191-3/+16
| | |
* | | Added ipseckey plugin, which provides support for public keys in IPSECKEY RRsReto Guadagnini2013-02-197-0/+852
| | |
* | | added missing return statementAndreas Steffen2013-02-191-0/+1
| | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 00:47:40 +0000