aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Removed the unneeded socket-raw pluginTobias Brunner2012-09-147-885/+0
|
* Change traffic selectors during Quick Mode in case of a NAT in transport modeTobias Brunner2012-09-141-9/+19
| | | | | | | | | Windows 7 sends its internal address as TSi. While we don't support the NAT-T drafts as used by Windows XP it is interesting to note that the client there omits the TSi payload which then would automatically get set to the public IP address of the client. Fixes #220.
* Added algorithm lookup via kernel_interface_t to the various kernel interfacesTobias Brunner2012-09-135-19/+72
|
* Added possibility to register custom kernel algorithms to kernel interfaceTobias Brunner2012-09-132-1/+172
|
* Added possibility to register custom proposal keywordsTobias Brunner2012-09-138-18/+185
| | | | Keyword lookup and registration are handled via the new lib->proposal object.
* Removed len argument from proposal_get_token()Tobias Brunner2012-09-135-31/+29
| | | | Also use enumerators instead of lexparser.h to parse proposal strings.
* Make arguments for enumerator_create_token|directory constTobias Brunner2012-09-132-7/+10
|
* Moved proposal_keywords to proposal_keywords_staticFrancois ten Krooden2012-09-137-34/+131
| | | | Added new proposal keywords with function to reference the static keywords.
* Option added to enforce a configured destination address for DHCP packetsTobias Brunner2012-09-131-1/+9
|
* Allow calls to set_address() for any host-sized TS, not only dynamic onesTobias Brunner2012-09-121-1/+1
| | | | | This fixes CHILD_SA updates (e.g. due to MOBIKE), which were broken since 4cb0783.
* Ensure traffic selectors are dynamic before calling set_address() when ↵Tobias Brunner2012-09-121-2/+2
| | | | deriving them
* Consistently log XFRM mark masks with 0 prefix in kernel-netlink pluginTobias Brunner2012-09-121-13/+13
|
* starter: Added --nolog option to suppress logging in starter itselfTobias Brunner2012-09-121-2/+6
| | | | Fixes #224.
* starter: Allow %any also for protocol in left|rightprotoportTobias Brunner2012-09-121-9/+15
|
* Don't allow NULL encryption with PEAPMartin Willi2012-09-121-1/+3
|
* Use memmove on overlapping regions, and operate with correct sizeof()Martin Willi2012-09-121-2/+2
|
* Whitespace cleanups in tls_eapMartin Willi2012-09-121-6/+6
|
* Use uintptr_t in mem pool to avoid compiler warning if sizeof(void*) != ↵Martin Willi2012-09-121-3/+2
| | | | sizeof(int)
* Always send a configuration payload in IKEv1 TRANSACTIONs, even if it is emptyMartin Willi2012-09-111-29/+14
|
* Don't use host address for dynamic TS in IKEv1 if a virtual IP was expectedMartin Willi2012-09-111-40/+57
|
* Don't use host address for dynamic TS in IKEv2 if a virtual IP was expectedMartin Willi2012-09-111-1/+33
|
* Don't return a subset for a dynamic TS unless set_address has been calledMartin Willi2012-09-111-1/+5
|
* Send FAILED_CP_REQUIRED if a configuration payload was expected, but not ↵Martin Willi2012-09-111-0/+9
| | | | received
* Check for an existing lease in all stroke pools before creating a new oneMartin Willi2012-09-113-83/+180
|
* Pass full pool list to release_addressMartin Willi2012-09-119-47/+95
|
* Pass the full list of pools to acquire_address, enumerate in providersMartin Willi2012-09-1110-73/+109
| | | | | | | | If the provider has access to the full pool list, it can enumerate them twice, for example to search for existing leases first, and only search for new leases in a second step. Fixes lease enumeration in attr-sql using multiple pools.
* Add a linked list constructor initializing from an enumeratorMartin Willi2012-09-112-0/+27
|
* Add a responder narrow() hook to change TS in the kernel, but not on the wireMartin Willi2012-09-113-3/+48
|
* Support RADIUS accounting when using IKEv1 with xauth-eap and eap-radiusMartin Willi2012-09-111-2/+10
|
* Fix leak while enumerating RADIUS Framed-IPs from IKE_SAMartin Willi2012-09-111-0/+1
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-105-5/+12
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Add strongswan.conf runtime options for /dev/[u]random filesMartin Willi2012-09-101-2/+7
| | | | Fixes #221.
* Use the proper types for comma separated attributes read from strongswan.confTobias Brunner2012-09-101-27/+25
| | | | | | Attributes of different address families previously were mapped to the same attribute type (the one derived from the address family of the first address).
* Print the name of mem pools instead of the confusing <base>/<size>Tobias Brunner2012-09-101-2/+4
|
* Properly remove broadcast address from mem poolsTobias Brunner2012-09-101-1/+1
|
* use base IMC ID if src IMC ID is not supportedAndreas Steffen2012-09-103-5/+11
|
* make sending of IETF Assessment Result attributes configurableAndreas Steffen2012-09-091-11/+13
|
* introduced sending of standard IETF Assessment Result PA-TNC attribute by IMVsAndreas Steffen2012-09-0920-81/+633
|
* Only initiate an exchange from send_dpd() if a task was actually queuedTobias Brunner2012-09-071-2/+8
| | | | | Otherwise, the initiator would prematurely initiate Quick Mode if it has DPD enabled and XAuth is used.
* android: New release after adding certificate authentication and reauth fixTobias Brunner2012-09-061-2/+2
|
* Trigger ike_updown event caused by retransmits only after reestablish() has ↵Tobias Brunner2012-09-063-10/+5
| | | | | | | | been called This allows listeners to migrate to the new IKE_SA with the ike_reestablish event without having to worry about an ike_updown event for the old IKE_SA.
* android: Properly handle reauthentication initiated by the clientTobias Brunner2012-09-061-7/+42
|
* android: Create a new VpnService.Builder after VPN has been establishedTobias Brunner2012-09-061-9/+20
|
* Add ike_reestablish() event that is triggered when an IKE_SA is reestablishedTobias Brunner2012-09-064-0/+49
| | | | | This is particularly useful during reauthentication to get the new IKE_SA.
* Add a new condition to mark IKE_SAs that are currently being reauthenticatedTobias Brunner2012-09-062-9/+9
|
* starter: Load config again when restarting charonTobias Brunner2012-09-051-0/+16
| | | | This got lost in 041e763b.
* Clear virtual IPs before storing assigned ones on the IKE_SATobias Brunner2012-09-055-1/+43
| | | | | Otherwise we'll end up with duplicate or invalid VIPs stored on the IKE_SA.
* In mode_config, destroy temporary pool list instead of the virtual IP list twiceMartin Willi2012-09-051-1/+1
|
* Merge branch 'android-client-cert'Tobias Brunner2012-09-0425-181/+929
|\ | | | | | | Introduces IKEv2 client certificate authentication for the Android App.
| * android: Native parts handle ikev2-cert VPN typeTobias Brunner2012-08-313-16/+71
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 02:39:10 +0000