aboutsummaryrefslogtreecommitdiffstats
path: root/src/swanctl
Commit message (Collapse)AuthorAgeFilesLines
* vici: Add support for mediation extensionTobias Brunner2017-02-161-0/+24
|
* swanctl: Add --rekey commandTobias Brunner2017-02-164-1/+130
|
* vici: Use unique names for CHILD_SAs in the list-sas commandTobias Brunner2017-02-161-2/+3
| | | | | | | | | The original name is returned in the new "name" attribute. This fixes an issue with bindings that map VICI messages to dictionaries. For instance, in roadwarrior scenarios where every CHILD_SA has the same name only the information of the last CHILD_SA would end up in the dictionary for that name.
* swanctl: Allow specifying pubkeys directly via 0x/0s prefixTobias Brunner2017-02-161-28/+38
|
* vici: Add support to load CA certificates from tokens and paths in authority ↵Tobias Brunner2017-02-162-11/+33
| | | | sections
* vici: Add support to load certificates from file pathsTobias Brunner2017-02-161-0/+36
| | | | Probably not that useful via swanctl.conf but could be when used via VICI.
* vici: Add support to load certificates from tokensTobias Brunner2017-02-161-0/+48
|
* swanctl: Add `token` secrets for keys on tokens/smartcardsTobias Brunner2017-02-162-0/+106
|
* swanctl: Pass optional connection name to --initiate/install/uninstallTobias Brunner2017-02-162-5/+22
|
* vici: Add support for NT Hash secretsTobias Brunner2017-02-162-1/+25
| | | | Fixes #1002.
* vici: Add support for IPv6 Transport Proxy ModeTobias Brunner2017-02-161-3/+5
|
* vici: Add support for certificate policiesTobias Brunner2017-02-162-0/+7
|
* vici: Add missing dscp setting for IKE_SAsTobias Brunner2017-02-161-0/+8
| | | | Fixes #2170.
* swanctl: Automatically unload removed shared keysTobias Brunner2017-02-161-15/+49
|
* swanctl: Automatically unload removed private keysTobias Brunner2017-02-161-76/+175
|
* swanctl: Add possibility to query a specific pool by nameTobias Brunner2017-02-161-3/+11
|
* swanctl: List CHILD_SA marks, if setMartin Willi2017-02-131-0/+18
|
* swanctl: Add 'private' directory/section to load any type of private keyTobias Brunner2016-10-054-5/+26
|
* vici: Enable IKE fragmentation by defaultTobias Brunner2016-10-041-3/+3
|
* vici: Make installation of outbound FWD policies configurableTobias Brunner2016-09-281-0/+7
|
* swanctl: Add man page entry for flush-certs command5.5.1dr3Tobias Brunner2016-09-151-3/+4
|
* vici: flush-certs command flushes certificate cacheAndreas Steffen2016-09-133-1/+92
| | | | | | | | | | When fresh CRLs are released with a high update frequency (e.g. every 24 hours) or OCSP is used then the certificate cache gets quickly filled with stale CRLs or OCSP responses. The new VICI flush-certs command allows to flush e.g. cached CRLs or OCSP responses only. Without the type argument all kind of certificates (e.g. also received end entity and intermediate CA certificates) are purged.
* swanctl: Document how DH groups in CHILD_SA proposals are appliedTobias Brunner2016-08-311-6/+13
| | | | References #1039.
* vici: Increased various string buffers to BUF_LEN (512 bytes)Andreas Steffen2016-07-291-1/+1
|
* configure: Check for and explicitly link against -latomicMartin Willi2016-06-141-1/+1
| | | | | Some C libraries, such as uClibc, require an explicit link for some atomic functions. Check for any libatomic, and explcily link it.
* swanctl: indicate initiator and responder in --list-sasAndreas Steffen2016-05-071-2/+5
|
* swanctl: Do not display rekey times for shuntsAndreas Steffen2016-05-051-3/+5
|
* vici list-conns sends reauthentication and rekeying time informationAndreas Steffen2016-05-041-2/+71
|
* swanctl: --list-conns shows eap_id, xauth_id and aaa_idAndreas Steffen2016-05-041-0/+13
|
* swanctl: list EAP type in --list-connsAndreas Steffen2016-04-261-3/+10
|
* swanctl: log errors to stderrAndreas Steffen2016-04-243-3/+3
|
* Include manual policy priorities and restriction to interfaces in vici ↵Andreas Steffen2016-04-091-0/+13
| | | | list-conn command
* Implemented IPsec policies restricted to given network interfaceAndreas Steffen2016-04-091-0/+3
|
* Support manually-set IPsec policy prioritiesAndreas Steffen2016-04-091-0/+7
|
* swanctl: Fix documented directory name for remote pubkeysTobias Brunner2016-03-221-1/+1
|
* vici: Order auth rounds by optional `round` parameter instead of by position ↵Tobias Brunner2016-03-081-0/+10
| | | | in the request
* Display IKE ports with swanctl --list-sasAndreas Steffen2016-03-051-4/+9
|
* swanctl: Document signature scheme constraintsTobias Brunner2016-03-041-1/+30
|
* vici: Match subnets and ranges against peer IP in redirect commandTobias Brunner2016-03-041-1/+1
|
* vici: Match identity with wildcards against remote ID in redirect commandTobias Brunner2016-03-041-1/+1
|
* swanctl: Add --redirect commandTobias Brunner2016-03-044-1/+138
|
* swanctl: Fix minor typos in documentationChris Patterson2016-02-291-3/+3
| | | | | | "UPD" should be "UDP". Signed-off-by: Chris Patterson <pattersonc@ainfosec.com>
* swanctl: Load pubkeys with load-credsAndreas Steffen2016-01-091-0/+1
|
* vici: list-cert sends subject, not-before and not-after attributes for pubkeysAndreas Steffen2016-01-091-5/+36
|
* vici: Support of raw public keysAndreas Steffen2016-01-092-11/+35
|
* swanctl.conf: IKEv2 fragmentation supportedAndreas Steffen2016-01-091-8/+9
|
* swanctl: Slightly change usage summary for --list-certsTobias Brunner2015-12-161-4/+3
|
* swanctl: Never print more than MAX_LINES of usage summaryTobias Brunner2015-12-161-1/+10
| | | | Print a warning if a registered command exceeds that limit.
* swanctl --stats lists loaded pluginsAndreas Steffen2015-12-131-0/+12
|
* Refactored certificate management for the vici and stroke interfaces5.4.0dr1Andreas Steffen2015-12-123-59/+61
|