aboutsummaryrefslogtreecommitdiffstats
path: root/src/swanctl/swanctl.opt
Commit message (Collapse)AuthorAgeFilesLines
* auth-cfg: Add RSA/PSS schemes for pubkey and rsa if enabled in strongswan.confTobias Brunner2017-11-081-2/+9
| | | | Also document the rsa/pss prefix.
* ike: Do not send initial contact only for UNIQUE_NEVERThomas Egerer2017-11-021-1/+1
| | | | Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
* vici: Make setting mark on inbound SA configurableTobias Brunner2017-11-021-11/+23
|
* child-sa: Allow requesting different unique marks for in/outEyal Birger2017-08-071-2/+6
| | | | | | | | | | | | | | | | | | | | When requiring unique flags for CHILD_SAs, allow the configuration to request different marks for each direction by using the %unique-dir keyword. This is useful when different marks are desired for each direction but the number of peers is not predefined. An example use case is when implementing a site-to-site route-based VPN without VTI devices. A use of 0.0.0.0/0 - 0.0.0.0/0 traffic selectors with identical in/out marks results in outbound traffic being wrongfully matched against the 'fwd' policy - for which the underlay 'template' does not match - and dropped. Using different marks for each direction avoids this issue as the 'fwd' policy uses the 'in' mark will not match outbound traffic. Closes strongswan/strongswan#78.
* swanctl: Include config snippets from conf.d subdirectoryTobias Brunner2017-07-271-0/+2
| | | | Fixes #2371.
* swanctl: Document eap_id in remote sectionsTobias Brunner2017-07-051-0/+6
|
* vici: Make 96-bit truncation for SHA-256 configurableTobias Brunner2017-05-261-0/+9
|
* vici: Make hardware offload configurableTobias Brunner2017-05-231-0/+4
|
* Add an option to announce support for IKE fragmentation but not sending ↵Tobias Brunner2017-05-231-7/+11
| | | | fragments
* swanctl: Reformulate IKEv1 selector restriction, describe problems with TS ↵Noel Kuntze2017-03-231-3/+10
| | | | narrowing
* swanctl: Describe what happens when a FQDN is specified in local|remote_addrsTobias Brunner2017-03-201-0/+6
|
* vici: Add support for mediation extensionTobias Brunner2017-02-161-0/+24
|
* vici: Add support to load CA certificates from tokens and paths in authority ↵Tobias Brunner2017-02-161-7/+29
| | | | sections
* vici: Add support to load certificates from file pathsTobias Brunner2017-02-161-0/+36
| | | | Probably not that useful via swanctl.conf but could be when used via VICI.
* vici: Add support to load certificates from tokensTobias Brunner2017-02-161-0/+48
|
* swanctl: Add `token` secrets for keys on tokens/smartcardsTobias Brunner2017-02-161-0/+16
|
* vici: Add support for NT Hash secretsTobias Brunner2017-02-161-0/+22
| | | | Fixes #1002.
* vici: Add support for IPv6 Transport Proxy ModeTobias Brunner2017-02-161-3/+5
|
* vici: Add support for certificate policiesTobias Brunner2017-02-161-0/+6
|
* vici: Add missing dscp setting for IKE_SAsTobias Brunner2017-02-161-0/+8
| | | | Fixes #2170.
* swanctl: Add 'private' directory/section to load any type of private keyTobias Brunner2016-10-051-0/+9
|
* vici: Enable IKE fragmentation by defaultTobias Brunner2016-10-041-3/+3
|
* vici: Make installation of outbound FWD policies configurableTobias Brunner2016-09-281-0/+7
|
* swanctl: Document how DH groups in CHILD_SA proposals are appliedTobias Brunner2016-08-311-6/+13
| | | | References #1039.
* Implemented IPsec policies restricted to given network interfaceAndreas Steffen2016-04-091-0/+3
|
* Support manually-set IPsec policy prioritiesAndreas Steffen2016-04-091-0/+7
|
* swanctl: Fix documented directory name for remote pubkeysTobias Brunner2016-03-221-1/+1
|
* vici: Order auth rounds by optional `round` parameter instead of by position ↵Tobias Brunner2016-03-081-0/+10
| | | | in the request
* swanctl: Document signature scheme constraintsTobias Brunner2016-03-041-1/+30
|
* swanctl: Fix minor typos in documentationChris Patterson2016-02-291-3/+3
| | | | | | "UPD" should be "UDP". Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
* vici: Support of raw public keysAndreas Steffen2016-01-091-10/+27
|
* swanctl.conf: IKEv2 fragmentation supportedAndreas Steffen2016-01-091-8/+9
|
* vici: Add option to disable policy installation for CHILD_SAsTobias Brunner2015-08-171-0/+6
|
* vici: Certification Authority support added.Andreas Steffen2015-07-211-0/+32
| | | | | | CDP and OCSP URIs for a one or multiple certification authorities can be added via the VICI interface. swanctl allows to read definitions from a new authorities section.
* swanctl: Support loading PKCS#12 containers from a pkcs12 swanctl directoryMartin Willi2015-03-181-0/+9
|
* vici: If a IKE reauth_time is configured, disable the default rekey_timeMartin Willi2015-03-031-1/+3
|
* ipsec-types: Support the %unique mark valueMartin Willi2015-02-201-4/+6
|
* vici: Add support for address range definitions of poolsTobias Brunner2014-10-301-4/+4
|
* swanctl: Document identity type prefixesMartin Willi2014-10-301-3/+18
|
* swanctl: Document how connections.*.unique affects initiatorsTobias Brunner2014-09-091-0/+5
|
* swanctl: Fix documentation of options for send_cert settingTobias Brunner2014-07-281-4/+4
|
* swanctl: Fix the swanctl.conf cacerts option name in the manpage and templateMartin Willi2014-07-141-1/+1
|
* Fixed some typosTobias Brunner2014-06-301-1/+1
|
* swanctl: Support private key decryption passhprases in swanctl.confMartin Willi2014-06-171-4/+37
| | | | | | | While there is no real security benefit of storing private keys encrypted if the passphrase is stored along with it, there still seems to be demand for this functionality. We add it for compatibility with ipsec.secrets, even if it is not really recommended.
* swanctl: Document replay_window optionMartin Willi2014-06-171-0/+7
|
* swanctl: Document most swanctl.conf options in manpageMartin Willi2014-05-071-126/+677
|
* swanctl: Convert swanctl.conf to an options file and generate configTobias Brunner2014-05-071-0/+188
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 01:02:24 +0000