| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Pass the full list of pools to acquire_address, enumerate in providers | Martin Willi | 2012-09-11 | 1 | -20/+6 | |
| | | | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools. | |||||
| * | Add a responder narrow() hook to change TS in the kernel, but not on the wire | Martin Willi | 2012-09-11 | 1 | -2/+20 | |
| | | ||||||
| * | Trigger ike_updown event caused by retransmits only after reestablish() has ↵ | Tobias Brunner | 2012-09-06 | 1 | -5/+1 | |
| | | | | | | | | | been called This allows listeners to migrate to the new IKE_SA with the ike_reestablish event without having to worry about an ike_updown event for the old IKE_SA. | |||||
| * | Clear virtual IPs before storing assigned ones on the IKE_SA | Tobias Brunner | 2012-09-05 | 1 | -0/+4 | |
| | | | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA. | |||||
| * | In mode_config, destroy temporary pool list instead of the virtual IP list twice | Martin Willi | 2012-09-05 | 1 | -1/+1 | |
| | | ||||||
| * | Merge branch 'multi-vip' | Martin Willi | 2012-08-31 | 7 | -62/+199 | |
| |\ | | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers. | |||||
| | * | Request and acquire multiple virtual IPs in IKEv1 Mode Config | Martin Willi | 2012-08-30 | 1 | -47/+61 | |
| | | | ||||||
| | * | Pass all configured pool names to attribute provider enumerator | Martin Willi | 2012-08-30 | 1 | -2/+9 | |
| | | | ||||||
| | * | Pass a list instead of a single virtual IP to attribute enumerators | Martin Willi | 2012-08-30 | 1 | -11/+35 | |
| | | | ||||||
| | * | Support multiple address pools configured on a peer_cfg | Martin Willi | 2012-08-30 | 6 | -6/+45 | |
| | | | ||||||
| | * | Support multiple virtual IPs on peer_cfg and ike_sa classes | Martin Willi | 2012-08-30 | 7 | -28/+81 | |
| | | | ||||||
| * | | Fall back to local address as IKEv1 identity if nothing else is configured | Tobias Brunner | 2012-08-24 | 1 | -2/+14 | |
| |/ | ||||||
| * | Merge branch 'android-ndk' | Tobias Brunner | 2012-08-13 | 1 | -1/+2 | |
| |\ | | | | | | | | | | | | | | | | | | | | | | | This branch comes with some preliminary changes for the user-land IPsec implementation and the Android App. One important change is that the UDP ports used by the socket-default plugin were made configurable (either via ./configure or strongswan.conf). Also, the plugin does randomly allocate a port if it is configured to 0, which is useful for client implementations. A consequence of these changes is that the local UDP port used when creating ike_cfg_t objects has to be fetched from the socket. | |||||
| | * | Replaced usages of CHARON_*_PORT with calls to get_port(). | Tobias Brunner | 2012-08-08 | 1 | -1/+2 | |
| | | | ||||||
| | * | Make the UDP ports charon listens for packets on (and uses as source ports) ↵ | Tobias Brunner | 2012-08-08 | 1 | -1/+1 | |
| | | | | | | | | | configurable. | |||||
| * | | Use actual daemon name to enable XAuth/PSK with aggressive mode | Martin Willi | 2012-08-10 | 1 | -2/+3 | |
| |/ | ||||||
| * | Remove queued IKEv1 message before processing it | Martin Willi | 2012-08-08 | 1 | -3/+5 | |
| | | | | | | Avoids destruction or processing of a queued message in recursive process_message() call. | |||||
| * | Block XAuth transaction on established IKE_SAs, but allow Mode Config | Martin Willi | 2012-08-03 | 1 | -1/+1 | |
| | | ||||||
| * | Lookup IKEv1 PSK even if the peer identity is not known | Martin Willi | 2012-07-31 | 1 | -1/+1 | |
| | | ||||||
| * | Implement late peer config switching after XAuth authentication | Martin Willi | 2012-07-26 | 1 | -15/+80 | |
| | | | | | | | | If additional authentication constraints, such as group membership, is not fulfilled by an XAuth backend, we search for another peer configuration that fulfills all constraints, including those from phase1. | |||||
| * | Check if XAuth round complies to configured authentication round | Martin Willi | 2012-07-26 | 1 | -7/+18 | |
| | | ||||||
| * | Merge auth config items added from XAuth backends to IKE_SA | Martin Willi | 2012-07-26 | 1 | -0/+1 | |
| | | ||||||
| * | Refactored error handling in keymat_v1_t | Martin Willi | 2012-07-16 | 1 | -25/+27 | |
| | | ||||||
| * | Cleaned up memory management and return values for encryption payload | Martin Willi | 2012-07-16 | 1 | -1/+4 | |
| | | ||||||
| * | Add a return value to hasher_t.allocate_hash() | Martin Willi | 2012-07-16 | 2 | -8/+31 | |
| | | ||||||
| * | Add a return value to keymat_v1_t.{get,update,confirm}_iv | Martin Willi | 2012-07-16 | 2 | -13/+31 | |
| | | ||||||
| * | Add a return value to crypter_t.set_key() | Martin Willi | 2012-07-16 | 1 | -3/+6 | |
| | | ||||||
| * | Add a return value to crypter_t.decrypt() | Martin Willi | 2012-07-16 | 1 | -2/+1 | |
| | | ||||||
| * | Add a return value to crypter_t.encrypt | Martin Willi | 2012-07-16 | 1 | -2/+1 | |
| | | ||||||
| * | Check rng return value when generating IKEv1 message IDs | Tobias Brunner | 2012-07-16 | 1 | -8/+20 | |
| | | ||||||
| * | Check rng return value when generating fake NAT detection payloads | Tobias Brunner | 2012-07-16 | 1 | -2/+3 | |
| | | ||||||
| * | Nonce: Let get_nonce, allocate_nonce return boolean | Reto Buerki | 2012-07-16 | 2 | -2/+12 | |
| | | ||||||
| * | Add a return value to prf_t.set_key() | Martin Willi | 2012-07-16 | 1 | -10/+25 | |
| | | ||||||
| * | Add a return value to prf_t.allocate_bytes() | Martin Willi | 2012-07-16 | 1 | -11/+45 | |
| | | ||||||
| * | Use a bool return value in keymat_v1_t.get_hash_phase2() | Martin Willi | 2012-07-16 | 2 | -27/+27 | |
| | | ||||||
| * | Add a return value to keymat_v1_t.get_hash() | Martin Willi | 2012-07-16 | 4 | -17/+35 | |
| | | ||||||
| * | Add a return value to prf_t.get_bytes() | Martin Willi | 2012-07-16 | 1 | -9/+19 | |
| | | ||||||
| * | prf_plus_create() can return NULL on failure | Martin Willi | 2012-07-16 | 1 | -0/+10 | |
| | | ||||||
| * | Add a return value to prf_plus_t.allocate_bytes() | Martin Willi | 2012-07-16 | 1 | -4/+14 | |
| | | ||||||
| * | Add a return value to aead_t.set_key() | Martin Willi | 2012-07-16 | 1 | -1/+2 | |
| | | ||||||
| * | Add a return value to aead_t.encrypt() | Martin Willi | 2012-07-16 | 1 | -1/+2 | |
| | | ||||||
| * | Send cert request based on peers configured authentication class | Martin Willi | 2012-07-10 | 1 | -3/+30 | |
| | | ||||||
| * | Don't send CERTREQs when initiating aggressive mode PSK | Martin Willi | 2012-07-09 | 1 | -0/+4 | |
| | | ||||||
| * | As a responder, don't start a TRANSACTION request if we expect one from the ↵ | Martin Willi | 2012-06-29 | 2 | -2/+4 | |
| | | | | | initiator | |||||
| * | Defer quick mode initiation if we expect a mode config request | Martin Willi | 2012-06-27 | 1 | -1/+20 | |
| | | ||||||
| * | Queue a mode config task as responder if we need a virtual IP | Martin Willi | 2012-06-27 | 2 | -4/+16 | |
| | | ||||||
| * | Add basic support for XAuth responder authentication | Martin Willi | 2012-06-27 | 2 | -8/+10 | |
| | | ||||||
| * | support Cisco Unity VID | Andreas Steffen | 2012-06-25 | 1 | -3/+6 | |
| | | ||||||
| * | Enforce uniqueids=keep based on XAuth identity | Martin Willi | 2012-06-25 | 1 | -0/+6 | |
| | | ||||||
| * | Don't send XAUTH_OK if a hook prevents SA to establish | Martin Willi | 2012-06-25 | 1 | -4/+14 | |
| | | ||||||
 |
index : tteras/strongswan | |
| tteras' strongSwan tree | gitolite |
| aboutsummaryrefslogtreecommitdiffstats |