aboutsummaryrefslogtreecommitdiffstats
path: root/src/swanctl
Commit message (Collapse)AuthorAgeFilesLines
* swanctl: Add man page entry for flush-certs command5.5.1dr3Tobias Brunner2016-09-151-3/+4
|
* vici: flush-certs command flushes certificate cacheAndreas Steffen2016-09-133-1/+92
| | | | | | | | | | When fresh CRLs are released with a high update frequency (e.g. every 24 hours) or OCSP is used then the certificate cache gets quickly filled with stale CRLs or OCSP responses. The new VICI flush-certs command allows to flush e.g. cached CRLs or OCSP responses only. Without the type argument all kind of certificates (e.g. also received end entity and intermediate CA certificates) are purged.
* swanctl: Document how DH groups in CHILD_SA proposals are appliedTobias Brunner2016-08-311-6/+13
| | | | References #1039.
* vici: Increased various string buffers to BUF_LEN (512 bytes)Andreas Steffen2016-07-291-1/+1
|
* configure: Check for and explicitly link against -latomicMartin Willi2016-06-141-1/+1
| | | | | Some C libraries, such as uClibc, require an explicit link for some atomic functions. Check for any libatomic, and explcily link it.
* swanctl: indicate initiator and responder in --list-sasAndreas Steffen2016-05-071-2/+5
|
* swanctl: Do not display rekey times for shuntsAndreas Steffen2016-05-051-3/+5
|
* vici list-conns sends reauthentication and rekeying time informationAndreas Steffen2016-05-041-2/+71
|
* swanctl: --list-conns shows eap_id, xauth_id and aaa_idAndreas Steffen2016-05-041-0/+13
|
* swanctl: list EAP type in --list-connsAndreas Steffen2016-04-261-3/+10
|
* swanctl: log errors to stderrAndreas Steffen2016-04-243-3/+3
|
* Include manual policy priorities and restriction to interfaces in vici ↵Andreas Steffen2016-04-091-0/+13
| | | | list-conn command
* Implemented IPsec policies restricted to given network interfaceAndreas Steffen2016-04-091-0/+3
|
* Support manually-set IPsec policy prioritiesAndreas Steffen2016-04-091-0/+7
|
* swanctl: Fix documented directory name for remote pubkeysTobias Brunner2016-03-221-1/+1
|
* vici: Order auth rounds by optional `round` parameter instead of by position ↵Tobias Brunner2016-03-081-0/+10
| | | | in the request
* Display IKE ports with swanctl --list-sasAndreas Steffen2016-03-051-4/+9
|
* swanctl: Document signature scheme constraintsTobias Brunner2016-03-041-1/+30
|
* vici: Match subnets and ranges against peer IP in redirect commandTobias Brunner2016-03-041-1/+1
|
* vici: Match identity with wildcards against remote ID in redirect commandTobias Brunner2016-03-041-1/+1
|
* swanctl: Add --redirect commandTobias Brunner2016-03-044-1/+138
|
* swanctl: Fix minor typos in documentationChris Patterson2016-02-291-3/+3
| | | | | | "UPD" should be "UDP". Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
* swanctl: Load pubkeys with load-credsAndreas Steffen2016-01-091-0/+1
|
* vici: list-cert sends subject, not-before and not-after attributes for pubkeysAndreas Steffen2016-01-091-5/+36
|
* vici: Support of raw public keysAndreas Steffen2016-01-092-11/+35
|
* swanctl.conf: IKEv2 fragmentation supportedAndreas Steffen2016-01-091-8/+9
|
* swanctl: Slightly change usage summary for --list-certsTobias Brunner2015-12-161-4/+3
|
* swanctl: Never print more than MAX_LINES of usage summaryTobias Brunner2015-12-161-1/+10
| | | | Print a warning if a registered command exceeds that limit.
* swanctl --stats lists loaded pluginsAndreas Steffen2015-12-131-0/+12
|
* Refactored certificate management for the vici and stroke interfaces5.4.0dr1Andreas Steffen2015-12-123-59/+61
|
* Removed VICI protocol versioningAndreas Steffen2015-12-111-14/+7
|
* Use of certificate_printer by swanctl --list-certs commandAndreas Steffen2015-12-112-496/+25
|
* Share vici_cert_info.c with vici_cred.cAndreas Steffen2015-12-113-6/+38
|
* Use VICI 2.0 protocol version for certificate queriesAndreas Steffen2015-12-112-80/+124
|
* swanctl: Explicitly link against -lpthread and -ldl if requiredMartin Willi2015-12-041-1/+2
| | | | | We already do this for charon, as some toolchains require an explicit link even if libstrongswan already depends on it.
* swanctl: Add --list-algs command to query loaded algorithmsTobias Brunner2015-11-304-2/+110
|
* swanctl: Add option to query leases with --get-poolsTobias Brunner2015-11-101-3/+29
|
* swanctl: List virtual IPs in --list-sasTobias Brunner2015-11-101-1/+11
|
* swanctl: Correctly build man page in out-of-tree builds from the repositoryTobias Brunner2015-08-271-1/+1
|
* vici: Add option to disable policy installation for CHILD_SAsTobias Brunner2015-08-171-0/+6
|
* Improved legibility of swanctl CRL listings5.3.3dr1Andreas Steffen2015-07-221-1/+4
|
* vici: Certification Authority support added.Andreas Steffen2015-07-219-4/+610
| | | | | | CDP and OCSP URIs for a one or multiple certification authorities can be added via the VICI interface. swanctl allows to read definitions from a new authorities section.
* swanctl: Fix --uri optionMartin Willi2015-05-051-9/+36
| | | | | | | As we now pass the vici connection to the command dispatcher callback, we can't parse the --uri option to create the connection from the same callback. Instead pre-process the common command options in a separate loop, and ignore the same options while processing the actual command.
* swanctl: Implement monitoring of IKE_SA and CHILD_SA changesTimo Teräs2015-05-042-2/+84
| | | | Signed-off-by: Timo Teräs <timo.teras@iki.fi>
* swanctl: Add missing unit in install-time logRomain Francoise2015-05-041-1/+1
|
* swanctl: Append /ESN to proposal for a CHILD_SA using Extended Sequence NumbersMartin Willi2015-03-231-1/+1
| | | | | | | We previously printed just the value for the "esn" keyword, which is "1", and not helpful as such. Fixes #904.
* vici: Return authentication rounds with unique namesMartin Willi2015-03-181-2/+3
| | | | | | To simplify handling of authentication rounds in dictionaries/hashtables on the client side, we assign unique names to each authentication round when listing connection.
* swanctl: Cache entered PKCS#12 decryption secretMartin Willi2015-03-181-6/+23
| | | | | It is usually used more than once, but most likely the same for decryption and MAC verification.
* swanctl: Support loading PKCS#12 containers from a pkcs12 swanctl directoryMartin Willi2015-03-184-0/+128
|
* swanctl: Generalize private key decryption to support other credential typesMartin Willi2015-03-181-55/+97
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 18:43:00 +0000