aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Added possibility to register custom proposal keywordsTobias Brunner2012-09-138-18/+185
| | | | Keyword lookup and registration are handled via the new lib->proposal object.
* Removed len argument from proposal_get_token()Tobias Brunner2012-09-135-31/+29
| | | | Also use enumerators instead of lexparser.h to parse proposal strings.
* Make arguments for enumerator_create_token|directory constTobias Brunner2012-09-132-7/+10
|
* Moved proposal_keywords to proposal_keywords_staticFrancois ten Krooden2012-09-137-34/+131
| | | | Added new proposal keywords with function to reference the static keywords.
* Option added to enforce a configured destination address for DHCP packetsTobias Brunner2012-09-131-1/+9
|
* Allow calls to set_address() for any host-sized TS, not only dynamic onesTobias Brunner2012-09-121-1/+1
| | | | | This fixes CHILD_SA updates (e.g. due to MOBIKE), which were broken since 4cb0783.
* Ensure traffic selectors are dynamic before calling set_address() when ↵Tobias Brunner2012-09-121-2/+2
| | | | deriving them
* Consistently log XFRM mark masks with 0 prefix in kernel-netlink pluginTobias Brunner2012-09-121-13/+13
|
* starter: Added --nolog option to suppress logging in starter itselfTobias Brunner2012-09-121-2/+6
| | | | Fixes #224.
* starter: Allow %any also for protocol in left|rightprotoportTobias Brunner2012-09-121-9/+15
|
* Don't allow NULL encryption with PEAPMartin Willi2012-09-121-1/+3
|
* Use memmove on overlapping regions, and operate with correct sizeof()Martin Willi2012-09-121-2/+2
|
* Whitespace cleanups in tls_eapMartin Willi2012-09-121-6/+6
|
* Use uintptr_t in mem pool to avoid compiler warning if sizeof(void*) != ↵Martin Willi2012-09-121-3/+2
| | | | sizeof(int)
* Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is emptyMartin Willi2012-09-111-29/+14
|
* Don't use host address for dynamic TS in IKEv1 if a virtual IP was expectedMartin Willi2012-09-111-40/+57
|
* Don't use host address for dynamic TS in IKEv2 if a virtual IP was expectedMartin Willi2012-09-111-1/+33
|
* Don't return a subset for a dynamic TS unless set_address has been calledMartin Willi2012-09-111-1/+5
|
* Send FAILED_CP_REQUIRED if a configuration payload was expected, but not ↵Martin Willi2012-09-111-0/+9
| | | | received
* Check for an existing lease in all stroke pools before creating a new oneMartin Willi2012-09-113-83/+180
|
* Pass full pool list to release_addressMartin Willi2012-09-119-47/+95
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-1110-73/+109
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add a linked list constructor initializing from an enumeratorMartin Willi2012-09-112-0/+27
|
* Add a responder narrow() hook to change TS in the kernel, but not on the wireMartin Willi2012-09-113-3/+48
|
* Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radiusMartin Willi2012-09-111-2/+10
|
* Fix leak while enumerating RADIUS Framed-IPs from IKE_SAMartin Willi2012-09-111-0/+1
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-105-5/+12
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Add strongswan.conf runtime options for /dev/[u]random filesMartin Willi2012-09-101-2/+7
| | | | Fixes #221.
* Use the proper types for comma separated attributes read from strongswan.confTobias Brunner2012-09-101-27/+25
| | | | | | Attributes of different address families previously were mapped to the same attribute type (the one derived from the address family of the first address).
* Print the name of mem pools instead of the confusing <base>/<size>Tobias Brunner2012-09-101-2/+4
|
* Properly remove broadcast address from mem poolsTobias Brunner2012-09-101-1/+1
|
* use base IMC ID if src IMC ID is not supportedAndreas Steffen2012-09-103-5/+11
|
* make sending of IETF Assessment Result attributes configurableAndreas Steffen2012-09-091-11/+13
|
* introduced sending of standard IETF Assessment Result PA-TNC attribute by IMVsAndreas Steffen2012-09-0920-81/+633
|
* Only initiate an exchange from send_dpd() if a task was actually queuedTobias Brunner2012-09-071-2/+8
| | | | | Otherwise, the initiator would prematurely initiate Quick Mode if it has DPD enabled and XAuth is used.
* android: New release after adding certificate authentication and reauth fixTobias Brunner2012-09-061-2/+2
|
* Trigger ike_updown event caused by retransmits only after reestablish() has ↵Tobias Brunner2012-09-063-10/+5
| | | | | | | | been called This allows listeners to migrate to the new IKE_SA with the ike_reestablish event without having to worry about an ike_updown event for the old IKE_SA.
* android: Properly handle reauthentication initiated by the clientTobias Brunner2012-09-061-7/+42
|
* android: Create a new VpnService.Builder after VPN has been establishedTobias Brunner2012-09-061-9/+20
|
* Add ike_reestablish() event that is triggered when an IKE_SA is reestablishedTobias Brunner2012-09-064-0/+49
| | | | | This is particularly useful during reauthentication to get the new IKE_SA.
* Add a new condition to mark IKE_SAs that are currently being reauthenticatedTobias Brunner2012-09-062-9/+9
|
* starter: Load config again when restarting charonTobias Brunner2012-09-051-0/+16
| | | | This got lost in 041e763b.
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-055-1/+43
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* In mode_config, destroy temporary pool list instead of the virtual IP list twiceMartin Willi2012-09-051-1/+1
|
* Merge branch 'android-client-cert'Tobias Brunner2012-09-0425-181/+929
|\ | | | | | | Introduces IKEv2 client certificate authentication for the Android App.
| * android: Native parts handle ikev2-cert VPN typeTobias Brunner2012-08-313-16/+71
| |
| * android: android_creds_t can provide a user's private key and certificateTobias Brunner2012-08-312-3/+89
| |
| * android: Added JNI method to retrieve user certificate and private keyTobias Brunner2012-08-313-13/+109
| | | | | | | | | | To simplify things the private key, the user certificate and the CA certificates are all put into the same list.
| * android: Don't show the password dialog if not requiredTobias Brunner2012-08-311-1/+2
| |
| * android: Enable pkcs8 pluginTobias Brunner2012-08-312-1/+3
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-14 09:59:54 +0000