aboutsummaryrefslogtreecommitdiffstats
path: root/src/swanctl/swanctl.opt
Commit message (Collapse)AuthorAgeFilesLines
* swanctl: Document eap_id in remote sectionsTobias Brunner2017-07-051-0/+6
|
* vici: Make 96-bit truncation for SHA-256 configurableTobias Brunner2017-05-261-0/+9
|
* vici: Make hardware offload configurableTobias Brunner2017-05-231-0/+4
|
* Add an option to announce support for IKE fragmentation but not sending ↵Tobias Brunner2017-05-231-7/+11
| | | | fragments
* swanctl: Reformulate IKEv1 selector restriction, describe problems with TS ↵Noel Kuntze2017-03-231-3/+10
| | | | narrowing
* swanctl: Describe what happens when a FQDN is specified in local|remote_addrsTobias Brunner2017-03-201-0/+6
|
* vici: Add support for mediation extensionTobias Brunner2017-02-161-0/+24
|
* vici: Add support to load CA certificates from tokens and paths in authority ↵Tobias Brunner2017-02-161-7/+29
| | | | sections
* vici: Add support to load certificates from file pathsTobias Brunner2017-02-161-0/+36
| | | | Probably not that useful via swanctl.conf but could be when used via VICI.
* vici: Add support to load certificates from tokensTobias Brunner2017-02-161-0/+48
|
* swanctl: Add `token` secrets for keys on tokens/smartcardsTobias Brunner2017-02-161-0/+16
|
* vici: Add support for NT Hash secretsTobias Brunner2017-02-161-0/+22
| | | | Fixes #1002.
* vici: Add support for IPv6 Transport Proxy ModeTobias Brunner2017-02-161-3/+5
|
* vici: Add support for certificate policiesTobias Brunner2017-02-161-0/+6
|
* vici: Add missing dscp setting for IKE_SAsTobias Brunner2017-02-161-0/+8
| | | | Fixes #2170.
* swanctl: Add 'private' directory/section to load any type of private keyTobias Brunner2016-10-051-0/+9
|
* vici: Enable IKE fragmentation by defaultTobias Brunner2016-10-041-3/+3
|
* vici: Make installation of outbound FWD policies configurableTobias Brunner2016-09-281-0/+7
|
* swanctl: Document how DH groups in CHILD_SA proposals are appliedTobias Brunner2016-08-311-6/+13
| | | | References #1039.
* Implemented IPsec policies restricted to given network interfaceAndreas Steffen2016-04-091-0/+3
|
* Support manually-set IPsec policy prioritiesAndreas Steffen2016-04-091-0/+7
|
* swanctl: Fix documented directory name for remote pubkeysTobias Brunner2016-03-221-1/+1
|
* vici: Order auth rounds by optional `round` parameter instead of by position ↵Tobias Brunner2016-03-081-0/+10
| | | | in the request
* swanctl: Document signature scheme constraintsTobias Brunner2016-03-041-1/+30
|
* swanctl: Fix minor typos in documentationChris Patterson2016-02-291-3/+3
| | | | | | "UPD" should be "UDP". Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
* vici: Support of raw public keysAndreas Steffen2016-01-091-10/+27
|
* swanctl.conf: IKEv2 fragmentation supportedAndreas Steffen2016-01-091-8/+9
|
* vici: Add option to disable policy installation for CHILD_SAsTobias Brunner2015-08-171-0/+6
|
* vici: Certification Authority support added.Andreas Steffen2015-07-211-0/+32
| | | | | | CDP and OCSP URIs for a one or multiple certification authorities can be added via the VICI interface. swanctl allows to read definitions from a new authorities section.
* swanctl: Support loading PKCS#12 containers from a pkcs12 swanctl directoryMartin Willi2015-03-181-0/+9
|
* vici: If a IKE reauth_time is configured, disable the default rekey_timeMartin Willi2015-03-031-1/+3
|
* ipsec-types: Support the %unique mark valueMartin Willi2015-02-201-4/+6
|
* vici: Add support for address range definitions of poolsTobias Brunner2014-10-301-4/+4
|
* swanctl: Document identity type prefixesMartin Willi2014-10-301-3/+18
|
* swanctl: Document how connections.*.unique affects initiatorsTobias Brunner2014-09-091-0/+5
|
* swanctl: Fix documentation of options for send_cert settingTobias Brunner2014-07-281-4/+4
|
* swanctl: Fix the swanctl.conf cacerts option name in the manpage and templateMartin Willi2014-07-141-1/+1
|
* Fixed some typosTobias Brunner2014-06-301-1/+1
|
* swanctl: Support private key decryption passhprases in swanctl.confMartin Willi2014-06-171-4/+37
| | | | | | | While there is no real security benefit of storing private keys encrypted if the passphrase is stored along with it, there still seems to be demand for this functionality. We add it for compatibility with ipsec.secrets, even if it is not really recommended.
* swanctl: Document replay_window optionMartin Willi2014-06-171-0/+7
|
* swanctl: Document most swanctl.conf options in manpageMartin Willi2014-05-071-126/+677
|
* swanctl: Convert swanctl.conf to an options file and generate configTobias Brunner2014-05-071-0/+188
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-19 15:06:00 +0000