aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Fixed IPv6 source address lookupTobias Brunner2012-06-251-5/+43
| | | | | | | | | | | | | Because Linux kernels prior to 3.0 do not support RTA_PREFSRC for IPv6 routes we didn't use NLM_F_DUMP to get all routes. Still routes installed with policies are installed also for IPv6. So since only one route is returned without DUMP, and we ignore all routes from our own routing table, no source address was found during roaming if DST of the installed route included the IKE peer. With newer kernels we can now use DUMP as we did for IPv4 already, for older kernels we do so if our own routes are installed in a separate routing table, otherwise we still use GET.
* support Cisco Unity VIDAndreas Steffen2012-06-252-3/+11
|
* ldaphost and ldapbase ca section keywords are deprecatedTobias Brunner2012-06-254-8/+2
|
* Removed pluto-specifics from ipsec scriptTobias Brunner2012-06-251-75/+1
|
* Enforce uniqueids=keep based on XAuth identityMartin Willi2012-06-251-0/+6
|
* Don't send XAUTH_OK if a hook prevents SA to establishMartin Willi2012-06-251-4/+14
|
* Enforce uniqueids=keep only for non-XAuth Main/Agressive ModesMartin Willi2012-06-252-28/+28
|
* Show EAP/XAuth identity in "ipsec status", if availableMartin Willi2012-06-251-1/+1
|
* Use XAuth/EAP remote identity for uniqueness checkMartin Willi2012-06-253-4/+6
|
* Add missing XAuth name variable when complaining about missing XAuth backendMartin Willi2012-06-251-1/+1
|
* some copyright additionsAndreas Steffen2012-06-231-5/+8
|
* update copyrightAndreas Steffen2012-06-231-6/+4
|
* Fix SIGSEGV if kernel install fails during Quick Mode as responder.Tobias Brunner2012-06-221-4/+8
|
* Fixed compile error because of charon->name in certexpire plugin.Tobias Brunner2012-06-211-0/+1
|
* Select requested virtual IP family based on remote TS, if no local TS availableMartin Willi2012-06-201-1/+12
|
* Doxygen fix in PKCS#7 wrapperTobias Brunner2012-06-191-1/+1
|
* NLM_F_DUMP includes NLM_F_ROOT.Tobias Brunner2012-06-151-1/+1
|
* Don't create roam jobs based on cached/cloned routes.Tobias Brunner2012-06-151-0/+4
|
* Don't compare ports when comparing cached routes.Tobias Brunner2012-06-153-6/+6
| | | | At least src_ip has a port set sometimes.
* starter: Fixed parsing of %defaultroute.Tobias Brunner2012-06-151-6/+12
|
* Adopt children as XAuth initiator (which is IKE responder)Martin Willi2012-06-141-2/+2
|
* Print the kind of *Swan during starter startupMartin Willi2012-06-141-1/+4
|
* Show what kind of *Swan we run in "ipsec status"Martin Willi2012-06-141-3/+16
|
* Require a scary option to respond to Aggressive Mode PSK requestsMartin Willi2012-06-141-0/+17
| | | | | | | | While Aggressive Mode PSK is widely used, it is known to be subject to dictionary attacks by passive attackers. We don't complain as initiator to be compatible with existing (insecure) setups, but require a scary strongswan.conf option if someone wants to use it as responder.
* thanks to narrowing treat right|leftsubnetwithin as synonyms for ↵Andreas Steffen2012-06-141-2/+2
| | | | right|leftsubnet
* scepclient: Fixed Makefile after removing enable-smartcard configure option.Tobias Brunner2012-06-131-6/+0
|
* Use proper defines for IPV6_PKTINFO on Mac OS X Lion and newer.Tobias Brunner2012-06-131-0/+2
|
* starter: Print additional help texts for selected deprecated keywords.Tobias Brunner2012-06-124-6/+25
|
* starter: Improved how deprecated keywords are handled.Tobias Brunner2012-06-124-7/+99
| | | | We only throw a warning now instead of rejecting the config.
* Revert "starter: Don't treat unsupported keywords as fatal errors just ↵Tobias Brunner2012-06-121-3/+3
| | | | | | report them." This reverts commit e55876a657ae9d4bbf14320e5a14f86cc5c31c7f.
* Added signature scheme options left/rightauthMartin Willi2012-06-121-11/+99
|
* Support multiple different public key strength types in constraintsMartin Willi2012-06-121-41/+38
|
* Add signature schemes to auth_cfg during trustchain validationMartin Willi2012-06-125-19/+45
|
* certificate_t->issued_by takes an argument to receive signature schemeMartin Willi2012-06-1216-24/+68
|
* Define auth_cfg rules for signature schemesMartin Willi2012-06-122-0/+53
|
* starter: Fixed parsing of left|right=%any.Tobias Brunner2012-06-121-1/+3
|
* starter: Fix comparison of connections.Tobias Brunner2012-06-111-3/+4
|
* starter: Removed all unsupported keywords.Tobias Brunner2012-06-117-203/+26
|
* starter: Don't treat unsupported keywords as fatal errors just report them.Tobias Brunner2012-06-111-3/+3
|
* Bye bye Pluto!Tobias Brunner2012-06-11178-69797/+3
| | | | | Charon will take over IKEv1 duties from here. This also removes libfreeswan and whack.
* _copyright: Replicate copyright text here instead of calling libfreeswan.Tobias Brunner2012-06-112-4/+34
|
* starter: Remove all ties to pluto/libfreeswan.Tobias Brunner2012-06-1110-46/+25
| | | | Moved some types/constants in the process.
* starter: Use custom type for SA specific options (flags).Tobias Brunner2012-06-114-22/+36
|
* starter: Parse left|rightprotoport directly in confread.c.Tobias Brunner2012-06-113-6/+53
|
* starter: No special handling for left|rightsubnet, just pass it on as string.Tobias Brunner2012-06-114-39/+1
|
* starter: Use host_t to parse left|rightsourceip.Tobias Brunner2012-06-111-18/+17
| | | | Also for the yet unused natip option.
* starter: Remove left|rightsubnetwithin option (charon narrows ↵Tobias Brunner2012-06-116-25/+0
| | | | left|rightsubnet down accordingly).
* starter: Don't resolve any addresses in starter.Tobias Brunner2012-06-116-129/+10
| | | | Also removed remains of some unknown iface option.
* starter: Removed pfs and pfsgroup options (handled via esp option).Tobias Brunner2012-06-115-28/+2
|
* starter: Store mode of the IPsec SA/policy in a separate member.Tobias Brunner2012-06-114-51/+32
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-22 03:02:53 +0000