aboutsummaryrefslogtreecommitdiffstats
path: root/src/starter
Commit message (Collapse)AuthorAgeFilesLines
...
* automake: replace INCLUDES by AM_CPPFLAGSMartin Willi2013-07-181-18/+16
| | | | | | INCLUDES are now deprecated and throw warnings when using automake 1.13. We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and defines are passed to AM_CPPFLAGS only.
* plugin-loader: Removed unused path argument of load() methodTobias Brunner2013-06-281-1/+1
| | | | | Multiple additional search paths can be added with the add_path() method.
* starter: Make ipsec.conf path configurable via command lineTobias Brunner2013-06-211-3/+14
|
* starter: ignore return value of sete[gu]id(), now having warn_unused_resultMartin Willi2013-06-181-5/+4
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-072-5/+7
|
* Use the GEN silent rule when generating gperf filesMartin Willi2013-05-061-1/+1
|
* android: Remove/filter header files from LOCAL_SRC_FILESTobias Brunner2013-03-201-1/+3
| | | | This avoids huge warnings when building the native code.
* starter: Make daemon name configurableAdrian-Ken Rueegsegger2013-03-194-35/+120
| | | | | | | | A daemon can be specified using the '--daemon' command line parameter. This tells starter to invoke a daemon other than 'charon'. Additionally the ipsec script uses the environment variable DAEMON_NAME to tell the starter which daemon to use.
* Merge branch 'opaque-ports'Martin Willi2013-03-014-10/+37
|\ | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * Optionally support port ranges in leftprotoportMartin Willi2013-02-211-4/+20
| |
| * Support %opaque keyword in leftprotoport for "opaque" portsMartin Willi2013-02-211-0/+5
| |
| * Pass complete port range over stroke interface for more flexibilityMartin Willi2013-02-214-9/+13
| |
* | Add a ikedscp ipsec.conf option to set DSCP value on outgoing IKE packetsMartin Willi2013-02-065-3/+21
|/
* starter: Add --attach-gdb option to usage textAdrian-Ken Rueegsegger2013-01-221-1/+2
|
* Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-124-7/+18
|
* Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-246-0/+8
|
* Remove MODP groups from default ESP proposalTobias Brunner2012-10-241-1/+1
| | | | | This now actually makes pfs=no the default and it equals the default listed in ipsec.conf.5. efc69e9f preserved the default of pfs=yes.
* Moved debug.[ch] to utils folderTobias Brunner2012-10-248-8/+8
|
* Starter ignores non-fatal errors when reloading configTobias Brunner2012-10-181-1/+1
|
* Starter unroutes removed or changed connections before loading and routing ↵Tobias Brunner2012-10-183-0/+19
| | | | new ones
* starter: Added --nolog option to suppress logging in starter itselfTobias Brunner2012-09-121-2/+6
| | | | Fixes #224.
* starter: Allow %any also for protocol in left|rightprotoportTobias Brunner2012-09-121-9/+15
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-101-0/+1
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* starter: Load config again when restarting charonTobias Brunner2012-09-051-0/+16
| | | | This got lost in 041e763b.
* Merge branch 'multi-vip'Martin Willi2012-08-317-89/+8
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * Support multiple addresses/pools in left/rightsourceipMartin Willi2012-08-303-55/+0
| |
| * Remove unused ipsec.conf left/rightnatip keywordMartin Willi2012-08-216-34/+0
| |
| * Add a left/rightdns keyword to configure connection specific DNS attributesMartin Willi2012-08-215-0/+8
| |
* | Removed deprecated options from ipsec.conf templateTobias Brunner2012-08-241-9/+1
|/
* starter: Restore original config in case also= is used (which reads the same ↵Tobias Brunner2012-08-161-20/+30
| | | | values)
* Only load kernel plugins in starter when flushing SAD/SPD entriesTobias Brunner2012-08-162-9/+8
| | | | | | | | This avoids keeping the kernel sockets open when they are not actually needed, which could lead to resource problems (in particular with PF_KEY where all open sockets receive all messages). Fixes #217.
* Add an ipsec.conf leftgroups2 parameter for the second authentication roundMartin Willi2012-07-265-0/+8
|
* Mask the configured mark value to ensure it is in rangeTobias Brunner2012-06-261-0/+2
|
* Removed -o argument when creating .../ipsec.d with installTobias Brunner2012-06-251-1/+1
| | | | This should have been removed with 2b52d5cb41.
* ldaphost and ldapbase ca section keywords are deprecatedTobias Brunner2012-06-254-8/+2
|
* starter: Fixed parsing of %defaultroute.Tobias Brunner2012-06-151-6/+12
|
* Print the kind of *Swan during starter startupMartin Willi2012-06-141-1/+4
|
* thanks to narrowing treat right|leftsubnetwithin as synonyms for ↵Andreas Steffen2012-06-141-2/+2
| | | | right|leftsubnet
* starter: Print additional help texts for selected deprecated keywords.Tobias Brunner2012-06-124-6/+25
|
* starter: Improved how deprecated keywords are handled.Tobias Brunner2012-06-124-7/+99
| | | | We only throw a warning now instead of rejecting the config.
* Revert "starter: Don't treat unsupported keywords as fatal errors just ↵Tobias Brunner2012-06-121-3/+3
| | | | | | report them." This reverts commit e55876a657ae9d4bbf14320e5a14f86cc5c31c7f.
* starter: Fixed parsing of left|right=%any.Tobias Brunner2012-06-121-1/+3
|
* starter: Fix comparison of connections.Tobias Brunner2012-06-111-3/+4
|
* starter: Removed all unsupported keywords.Tobias Brunner2012-06-117-203/+26
|
* starter: Don't treat unsupported keywords as fatal errors just report them.Tobias Brunner2012-06-111-3/+3
|
* Bye bye Pluto!Tobias Brunner2012-06-114-23/+1
| | | | | Charon will take over IKEv1 duties from here. This also removes libfreeswan and whack.
* starter: Remove all ties to pluto/libfreeswan.Tobias Brunner2012-06-1110-46/+25
| | | | Moved some types/constants in the process.
* starter: Use custom type for SA specific options (flags).Tobias Brunner2012-06-114-22/+36
|
* starter: Parse left|rightprotoport directly in confread.c.Tobias Brunner2012-06-113-6/+53
|
* starter: No special handling for left|rightsubnet, just pass it on as string.Tobias Brunner2012-06-114-39/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-01 17:49:16 +0000