aboutsummaryrefslogtreecommitdiffstats
path: root/src/swanctl
Commit message (Collapse)AuthorAgeFilesLines
* Improved legibility of swanctl CRL listings5.3.3dr1Andreas Steffen2015-07-221-1/+4
|
* vici: Certification Authority support added.Andreas Steffen2015-07-219-4/+610
| | | | | | CDP and OCSP URIs for a one or multiple certification authorities can be added via the VICI interface. swanctl allows to read definitions from a new authorities section.
* swanctl: Fix --uri optionMartin Willi2015-05-051-9/+36
| | | | | | | As we now pass the vici connection to the command dispatcher callback, we can't parse the --uri option to create the connection from the same callback. Instead pre-process the common command options in a separate loop, and ignore the same options while processing the actual command.
* swanctl: Implement monitoring of IKE_SA and CHILD_SA changesTimo Teräs2015-05-042-2/+84
| | | | Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* swanctl: Add missing unit in install-time logRomain Francoise2015-05-041-1/+1
|
* swanctl: Append /ESN to proposal for a CHILD_SA using Extended Sequence NumbersMartin Willi2015-03-231-1/+1
| | | | | | | We previously printed just the value for the "esn" keyword, which is "1", and not helpful as such. Fixes #904.
* vici: Return authentication rounds with unique namesMartin Willi2015-03-181-2/+3
| | | | | | To simplify handling of authentication rounds in dictionaries/hashtables on the client side, we assign unique names to each authentication round when listing connection.
* swanctl: Cache entered PKCS#12 decryption secretMartin Willi2015-03-181-6/+23
| | | | | It is usually used more than once, but most likely the same for decryption and MAC verification.
* swanctl: Support loading PKCS#12 containers from a pkcs12 swanctl directoryMartin Willi2015-03-184-0/+128
|
* swanctl: Generalize private key decryption to support other credential typesMartin Willi2015-03-181-55/+97
|
* vici: If a IKE reauth_time is configured, disable the default rekey_timeMartin Willi2015-03-031-1/+3
|
* ipsec-types: Support the %unique mark valueMartin Willi2015-02-201-4/+6
|
* swanctl: List CHILD_SA unique ID as the primary identifier, but print reqid, tooMartin Willi2015-02-201-2/+2
|
* swanctl: Fail loading a connection if loading a cacert constraint failsMartin Willi2014-12-121-10/+37
|
* vici: Add support for address range definitions of poolsTobias Brunner2014-10-301-4/+4
|
* swanctl: Document identity type prefixesMartin Willi2014-10-301-3/+18
|
* swanctl: Fix man page build on FreeBSDTobias Brunner2014-10-141-1/+1
| | | | | BSD make seems to only evaluate $< for certain rules (like the suffix rule used to generate the config template).
* swanctl: Fix exit codes based on errnoMartin Willi2014-10-1013-20/+45
| | | | | As fprintf() most likely sets errno, we should save it before printing the error message.
* Don't fail to install if sysconfdir isn't writableShea Levy2014-09-261-1/+1
|
* swanctl: Complete --load-creds command summaryMartin Willi2014-09-221-1/+1
|
* swanctl: Fix description of load-pools command summaryMartin Willi2014-09-221-1/+1
|
* swanctl: Add a --load-all command, performing --load-{creds,pools,conns}Martin Willi2014-09-2210-97/+329
|
* swanctl: Add a --reload-settings commandMartin Willi2014-09-225-2/+93
|
* swanctl: Document --stats commandTobias Brunner2014-09-191-0/+3
|
* swanctl: Document how connections.*.unique affects initiatorsTobias Brunner2014-09-091-0/+5
|
* swanctl: Fix documentation of options for send_cert settingTobias Brunner2014-07-281-4/+4
|
* swanctl: Fix the swanctl.conf cacerts option name in the manpage and templateMartin Willi2014-07-141-1/+1
|
* swanctl: Fix Doxygen group assignmentTobias Brunner2014-06-301-1/+1
|
* Fixed some typosTobias Brunner2014-06-301-1/+1
|
* swanctl: Add a --stats command to print daemon infos and statisticsMartin Willi2014-06-173-1/+120
|
* swanctl: Support private key decryption passhprases in swanctl.confMartin Willi2014-06-172-23/+145
| | | | | | | While there is no real security benefit of storing private keys encrypted if the passphrase is stored along with it, there still seems to be demand for this functionality. We add it for compatibility with ipsec.secrets, even if it is not really recommended.
* swanctl: Document replay_window optionMartin Willi2014-06-171-0/+7
|
* Split swanctl --raw mode into single-line and --pretty modeAndreas Steffen2014-06-1414-154/+240
|
* Added missing units (s = seconds)Andreas Steffen2014-06-101-1/+1
|
* swanctl: Stop logging with Ctrl+C on Windows as wellMartin Willi2014-06-041-4/+5
|
* swanctl: Concatenate relative certificate paths correctly on WindowsMartin Willi2014-06-041-3/+5
|
* Make sure getpass() is availableTobias Brunner2014-05-291-1/+3
| | | | It's not on Android for example.
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-161-3/+3
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* swanctl: Properly initialize return value of --install commandMartin Willi2014-05-161-1/+1
|
* swanctl: Increase default debug level to 1Martin Willi2014-05-141-1/+1
| | | | | We initially intended to silence debugging only during thread initialization, not for swanctl in general.
* swanctl: By default print local swanctl version with --versionMartin Willi2014-05-071-2/+12
| | | | But add a --daemon option to query the IKE daemon for its version.
* swanctl: Install empty credential folders with appropriate permissionsMartin Willi2014-05-071-0/+8
|
* swanctl: Document most swanctl.conf options in manpageMartin Willi2014-05-072-130/+693
|
* swanctl: Keep swanctl.conf man/template section order as definedMartin Willi2014-05-071-2/+2
|
* swanctl: Add a swanctl command overview manpageMartin Willi2014-05-073-0/+85
|
* swanctl: Generate swanctl.conf(5) man pageTobias Brunner2014-05-074-0/+34
|
* swanctl: Generate man page snippet with config optionsTobias Brunner2014-05-071-3/+7
|
* swanctl: Convert swanctl.conf to an options file and generate configTobias Brunner2014-05-074-126/+198
|
* swanctl: Install swanctl.conf if it does not exist yetTobias Brunner2014-05-071-2/+6
|
* swanctl: Change syntax of secrets to accept identities with special charsMartin Willi2014-05-072-46/+55
| | | | | | | | | | | Having identity strings in the settings key is problematic, as the parser can't handle arbitrary characters in it. Further, the space separation makes it impossible to define identities with spaces. The new format uses key prefixes, similar to those used in local/remote auth sections of connections. The secrets section takes subsections with type prefixes, and each subsection uses "id" prefixes to define an arbitrary number of identities.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 12:52:03 +0000