aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
Commit message (Collapse)AuthorAgeFilesLines
...
| * Request and acquire multiple virtual IPs in IKEv2 configuration payloadMartin Willi2012-08-301-49/+67
| |
| * Pass all configured pool names to attribute provider enumeratorMartin Willi2012-08-304-7/+21
| |
| * Pass a list instead of a single virtual IP to attribute enumeratorsMartin Willi2012-08-306-32/+89
| |
| * Support multiple addresses/pools in left/rightsourceipMartin Willi2012-08-305-100/+189
| |
| * Support multiple address pools configured on a peer_cfgMartin Willi2012-08-3020-46/+144
| |
| * Support multiple virtual IPs on peer_cfg and ike_sa classesMartin Willi2012-08-3031-254/+420
| |
| * Add a DNS attribute handler to updown, passing servers to updown scriptMartin Willi2012-08-216-4/+377
| |
| * Add a stroke attribute_handler requesting DNS servers given with leftdnsMartin Willi2012-08-214-0/+307
| |
| * Serve ipsec.conf rightdns servers through stroke attribute providerMartin Willi2012-08-211-10/+143
| |
| * Add a left/rightdns keyword to configure connection specific DNS attributesMartin Willi2012-08-211-0/+2
| |
* | Merge branch 'eap-client-select'Tobias Brunner2012-08-3114-69/+858
|\ \ | | | | | | | | | | | | | | | This brings support for EAP-Nak payloads on the client (to select a specific or supported method), and the server (via the eap-dynamic plugin which selects a method supported/requested by the client).
| * | Log the proper type for virtual EAP methodsTobias Brunner2012-08-311-1/+5
| | |
| * | Added an option to prefer types sent by peer in eap-dynamic pluginTobias Brunner2012-08-311-14/+42
| | |
| * | eap-dynamic plugin handles EAP-Nak messages and selects a method supported ↵Tobias Brunner2012-08-311-1/+72
| | | | | | | | | | | | by the peer
| * | Preferred EAP methods for eap-dynamic can be configuredTobias Brunner2012-08-311-1/+59
| | |
| * | The eap-dynamic plugin uses the first supported method as defaultTobias Brunner2012-08-311-1/+91
| | |
| * | Added eap-dynamic plugin which can proxy any other EAP methodTobias Brunner2012-08-316-0/+326
| | |
| * | Use eap_vendor_type_from_string() in strokeTobias Brunner2012-08-311-38/+7
| | |
| * | Added method to enumerate EAP types contained in an EAP-NakTobias Brunner2012-08-312-11/+79
| | |
| * | Encode EAP-Naks in expanded format if we got an expanded type requestTobias Brunner2012-08-315-6/+19
| | | | | | | | | | | | | | | Since methods defined by the IETF (vendor ID 0) could also be encoded in expanded type format the previous check was insufficient.
| * | Allow clients to request a configured EAP method via EAP-NakTobias Brunner2012-08-315-8/+37
| | |
| * | Virtual EAP methods handle EAP-Naks themselvesTobias Brunner2012-08-311-5/+17
| | |
| * | Send EAP-Nak with supported types if requested type is unsupportedTobias Brunner2012-08-315-12/+81
| | |
| * | Filter invalid EAP authentication types when enumerating themTobias Brunner2012-08-312-1/+10
| | | | | | | | | | | | Valid authentication types defined by the IETF are 4-253 and 255.
| * | Added a method to enumerate registered EAP methodsTobias Brunner2012-08-212-0/+43
| |/
* | Log configured IKE_SA proposals as initiatorTobias Brunner2012-08-241-0/+2
| |
* | Log configured CHILD_SA proposals as initiatorTobias Brunner2012-08-241-0/+2
| |
* | Fall back to local address as IKEv1 identity if nothing else is configuredTobias Brunner2012-08-241-2/+14
| |
* | Apply send delay before adding non-ESP markerTobias Brunner2012-08-241-16/+16
| | | | | | | | | | Otherwise the packet header could not be parsed correctly when NAT-T is used.
* | use pen_type_t for PA Message SubtypeAndreas Steffen2012-08-233-32/+29
|/
* Remove unused src/dst variables in send_no_marker()Martin Willi2012-08-211-5/+0
|
* Remove the unused second IKE_SA entry match function argumentMartin Willi2012-08-201-4/+4
| | | | LLVMs clang complains about this parameter, so remove it.
* Add keymat_t constructor registration functionAdrian-Ken Rueegsegger2012-08-202-3/+45
| | | | | | Using the register_constructor function enables custom keymat_t implementations per IKE version. If no constructor is registered the default behavior is preserved.
* CAP_AUDIT_WRITE is now required by xauth-pam not eap-gtc pluginTobias Brunner2012-08-172-7/+7
|
* Removed manual EAP method registration in eap-gtc pluginTobias Brunner2012-08-171-5/+0
|
* Enable build of eap-tls, eap-ttls and eap-peap on AndroidTobias Brunner2012-08-171-0/+20
|
* Enable UDP decapsulation for both address familiesTobias Brunner2012-08-162-9/+11
| | | | | | | | Since the 3.5 Linux kernel both UDP implementations have a separate static flag to indicate whether ANY sockets enabled UDP decapsulation. As we only ever enabled it for one address family (in earlier versions IPv4 only, now for IPv6, if supported, and for IPv4 otherwise) UDP decapsulation wouldn't work anymore (at least for one address family).
* Correctly transmit EAP-MSCHAPv2 user name if it contains a domain partTobias Brunner2012-08-161-11/+12
|
* Merge branch 'android-app'Tobias Brunner2012-08-1314-298/+43
|\ | | | | | | | | | | | | | | This branch introduces a userland IPsec implementation (libipsec) and an Android App which targets the VpnService API that is provided by Android 4+. The implementation is based on the bachelor thesis 'Userland IPsec for Android 4' by Giuliano Grassi and Ralf Sager.
| * Use a CALLBACK feature to create charon's sender and receiverTobias Brunner2012-08-081-12/+31
| |
| * Moved packet_t to libstrongswanTobias Brunner2012-08-0811-284/+9
| |
| * Increase log verbosity when sending NAT keep-alivesTobias Brunner2012-08-081-1/+1
| |
| * Only log the sending of regular packets in sender_tTobias Brunner2012-08-081-1/+2
| | | | | | | | | | | | | | | | When sender_t is used to send ESP packets this would otherwise cause an extreme amount of debug messages. With this change all messages sent via sender_t.send_no_marker() cause no extra DBG1 log message, but for debugging purposes the socket plugins do log the same message again with DBG2 for all packets.
* | Merge branch 'android-ndk'Tobias Brunner2012-08-1336-282/+584
|\| | | | | | | | | | | | | | | | | | | | | | | This branch comes with some preliminary changes for the user-land IPsec implementation and the Android App. One important change is that the UDP ports used by the socket-default plugin were made configurable (either via ./configure or strongswan.conf). Also, the plugin does randomly allocate a port if it is configured to 0, which is useful for client implementations. A consequence of these changes is that the local UDP port used when creating ike_cfg_t objects has to be fetched from the socket.
| * Added option to prevent socket-default from setting the source address on ↵Tobias Brunner2012-08-081-1/+9
| | | | | | | | outbound packets
| * socket-default plugin allocates random ports if configured to 0.Tobias Brunner2012-08-081-36/+84
| | | | | | | | Also added strongswan.conf options to change the ports.
| * Replaced usages of CHARON_*_PORT with calls to get_port().Tobias Brunner2012-08-0813-19/+31
| |
| * Added get_port() method to socket_t to learn the listening port.Tobias Brunner2012-08-086-5/+59
| |
| * Use send_no_marker to send NAT keepalives.Tobias Brunner2012-08-082-9/+4
| |
| * Avoid double-free when prepending Non-ESP marker.Tobias Brunner2012-08-081-1/+1
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 01:03:56 +0000