Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | vici: Add support for mediation extension | Tobias Brunner | 2017-02-16 | 1 | -0/+24 |
| | |||||
* | swanctl: Add --rekey command | Tobias Brunner | 2017-02-16 | 4 | -1/+130 |
| | |||||
* | vici: Use unique names for CHILD_SAs in the list-sas command | Tobias Brunner | 2017-02-16 | 1 | -2/+3 |
| | | | | | | | | | The original name is returned in the new "name" attribute. This fixes an issue with bindings that map VICI messages to dictionaries. For instance, in roadwarrior scenarios where every CHILD_SA has the same name only the information of the last CHILD_SA would end up in the dictionary for that name. | ||||
* | swanctl: Allow specifying pubkeys directly via 0x/0s prefix | Tobias Brunner | 2017-02-16 | 1 | -28/+38 |
| | |||||
* | vici: Add support to load CA certificates from tokens and paths in authority ↵ | Tobias Brunner | 2017-02-16 | 2 | -11/+33 |
| | | | | sections | ||||
* | vici: Add support to load certificates from file paths | Tobias Brunner | 2017-02-16 | 1 | -0/+36 |
| | | | | Probably not that useful via swanctl.conf but could be when used via VICI. | ||||
* | vici: Add support to load certificates from tokens | Tobias Brunner | 2017-02-16 | 1 | -0/+48 |
| | |||||
* | swanctl: Add `token` secrets for keys on tokens/smartcards | Tobias Brunner | 2017-02-16 | 2 | -0/+106 |
| | |||||
* | swanctl: Pass optional connection name to --initiate/install/uninstall | Tobias Brunner | 2017-02-16 | 2 | -5/+22 |
| | |||||
* | vici: Add support for NT Hash secrets | Tobias Brunner | 2017-02-16 | 2 | -1/+25 |
| | | | | Fixes #1002. | ||||
* | vici: Add support for IPv6 Transport Proxy Mode | Tobias Brunner | 2017-02-16 | 1 | -3/+5 |
| | |||||
* | vici: Add support for certificate policies | Tobias Brunner | 2017-02-16 | 2 | -0/+7 |
| | |||||
* | vici: Add missing dscp setting for IKE_SAs | Tobias Brunner | 2017-02-16 | 1 | -0/+8 |
| | | | | Fixes #2170. | ||||
* | swanctl: Automatically unload removed shared keys | Tobias Brunner | 2017-02-16 | 1 | -15/+49 |
| | |||||
* | swanctl: Automatically unload removed private keys | Tobias Brunner | 2017-02-16 | 1 | -76/+175 |
| | |||||
* | swanctl: Add possibility to query a specific pool by name | Tobias Brunner | 2017-02-16 | 1 | -3/+11 |
| | |||||
* | swanctl: List CHILD_SA marks, if set | Martin Willi | 2017-02-13 | 1 | -0/+18 |
| | |||||
* | swanctl: Add 'private' directory/section to load any type of private key | Tobias Brunner | 2016-10-05 | 4 | -5/+26 |
| | |||||
* | vici: Enable IKE fragmentation by default | Tobias Brunner | 2016-10-04 | 1 | -3/+3 |
| | |||||
* | vici: Make installation of outbound FWD policies configurable | Tobias Brunner | 2016-09-28 | 1 | -0/+7 |
| | |||||
* | swanctl: Add man page entry for flush-certs command5.5.1dr3 | Tobias Brunner | 2016-09-15 | 1 | -3/+4 |
| | |||||
* | vici: flush-certs command flushes certificate cache | Andreas Steffen | 2016-09-13 | 3 | -1/+92 |
| | | | | | | | | | | When fresh CRLs are released with a high update frequency (e.g. every 24 hours) or OCSP is used then the certificate cache gets quickly filled with stale CRLs or OCSP responses. The new VICI flush-certs command allows to flush e.g. cached CRLs or OCSP responses only. Without the type argument all kind of certificates (e.g. also received end entity and intermediate CA certificates) are purged. | ||||
* | swanctl: Document how DH groups in CHILD_SA proposals are applied | Tobias Brunner | 2016-08-31 | 1 | -6/+13 |
| | | | | References #1039. | ||||
* | vici: Increased various string buffers to BUF_LEN (512 bytes) | Andreas Steffen | 2016-07-29 | 1 | -1/+1 |
| | |||||
* | configure: Check for and explicitly link against -latomic | Martin Willi | 2016-06-14 | 1 | -1/+1 |
| | | | | | Some C libraries, such as uClibc, require an explicit link for some atomic functions. Check for any libatomic, and explcily link it. | ||||
* | swanctl: indicate initiator and responder in --list-sas | Andreas Steffen | 2016-05-07 | 1 | -2/+5 |
| | |||||
* | swanctl: Do not display rekey times for shunts | Andreas Steffen | 2016-05-05 | 1 | -3/+5 |
| | |||||
* | vici list-conns sends reauthentication and rekeying time information | Andreas Steffen | 2016-05-04 | 1 | -2/+71 |
| | |||||
* | swanctl: --list-conns shows eap_id, xauth_id and aaa_id | Andreas Steffen | 2016-05-04 | 1 | -0/+13 |
| | |||||
* | swanctl: list EAP type in --list-conns | Andreas Steffen | 2016-04-26 | 1 | -3/+10 |
| | |||||
* | swanctl: log errors to stderr | Andreas Steffen | 2016-04-24 | 3 | -3/+3 |
| | |||||
* | Include manual policy priorities and restriction to interfaces in vici ↵ | Andreas Steffen | 2016-04-09 | 1 | -0/+13 |
| | | | | list-conn command | ||||
* | Implemented IPsec policies restricted to given network interface | Andreas Steffen | 2016-04-09 | 1 | -0/+3 |
| | |||||
* | Support manually-set IPsec policy priorities | Andreas Steffen | 2016-04-09 | 1 | -0/+7 |
| | |||||
* | swanctl: Fix documented directory name for remote pubkeys | Tobias Brunner | 2016-03-22 | 1 | -1/+1 |
| | |||||
* | vici: Order auth rounds by optional `round` parameter instead of by position ↵ | Tobias Brunner | 2016-03-08 | 1 | -0/+10 |
| | | | | in the request | ||||
* | Display IKE ports with swanctl --list-sas | Andreas Steffen | 2016-03-05 | 1 | -4/+9 |
| | |||||
* | swanctl: Document signature scheme constraints | Tobias Brunner | 2016-03-04 | 1 | -1/+30 |
| | |||||
* | vici: Match subnets and ranges against peer IP in redirect command | Tobias Brunner | 2016-03-04 | 1 | -1/+1 |
| | |||||
* | vici: Match identity with wildcards against remote ID in redirect command | Tobias Brunner | 2016-03-04 | 1 | -1/+1 |
| | |||||
* | swanctl: Add --redirect command | Tobias Brunner | 2016-03-04 | 4 | -1/+138 |
| | |||||
* | swanctl: Fix minor typos in documentation | Chris Patterson | 2016-02-29 | 1 | -3/+3 |
| | | | | | | "UPD" should be "UDP". Signed-off-by: Chris Patterson <pattersonc@ainfosec.com> | ||||
* | swanctl: Load pubkeys with load-creds | Andreas Steffen | 2016-01-09 | 1 | -0/+1 |
| | |||||
* | vici: list-cert sends subject, not-before and not-after attributes for pubkeys | Andreas Steffen | 2016-01-09 | 1 | -5/+36 |
| | |||||
* | vici: Support of raw public keys | Andreas Steffen | 2016-01-09 | 2 | -11/+35 |
| | |||||
* | swanctl.conf: IKEv2 fragmentation supported | Andreas Steffen | 2016-01-09 | 1 | -8/+9 |
| | |||||
* | swanctl: Slightly change usage summary for --list-certs | Tobias Brunner | 2015-12-16 | 1 | -4/+3 |
| | |||||
* | swanctl: Never print more than MAX_LINES of usage summary | Tobias Brunner | 2015-12-16 | 1 | -1/+10 |
| | | | | Print a warning if a registered command exceeds that limit. | ||||
* | swanctl --stats lists loaded plugins | Andreas Steffen | 2015-12-13 | 1 | -0/+12 |
| | |||||
* | Refactored certificate management for the vici and stroke interfaces5.4.0dr1 | Andreas Steffen | 2015-12-12 | 3 | -59/+61 |
| |