- applied andreas's patch
authorMartin Willi <martin@strongswan.org>
Thu, 18 May 2006 06:02:28 +0000 (06:02 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 18 May 2006 06:02:28 +0000 (06:02 -0000)
  - logger output improvements
  - testin gupdates
  - and a lot more

151 files changed:
configure.in
src/charon/config/connections/local_connection_store.c
src/charon/network/socket.c
src/charon/sa/ike_sa_manager.c
src/charon/threads/receiver.c
src/charon/threads/scheduler.c
src/charon/threads/sender.c
src/charon/threads/stroke_interface.c
src/charon/threads/thread_pool.c
src/libstrongswan/Makefile.am
src/libstrongswan/utils/host.c
src/libstrongswan/utils/host.h
src/libstrongswan/utils/logger.c
src/libstrongswan/utils/logger_manager.c
src/pluto/fetch.c
src/pluto/vendor.c
src/pluto/vendor.h
src/starter/starterstroke.c
src/stroke/Makefile.am
src/whack/Makefile.am
testing/hosts/alice/etc/ipsec.conf
testing/hosts/bob/etc/ipsec.conf
testing/hosts/carol/etc/ipsec.conf
testing/hosts/dave/etc/ipsec.conf
testing/hosts/moon/etc/ipsec.conf
testing/hosts/sun/etc/ipsec.conf
testing/hosts/venus/etc/ipsec.conf
testing/testing.conf
testing/tests/alg-blowfish/hosts/carol/etc/ipsec.conf
testing/tests/alg-blowfish/hosts/moon/etc/ipsec.conf
testing/tests/alg-serpent/hosts/carol/etc/ipsec.conf
testing/tests/alg-serpent/hosts/moon/etc/ipsec.conf
testing/tests/alg-sha2_256/hosts/carol/etc/ipsec.conf
testing/tests/alg-sha2_256/hosts/moon/etc/ipsec.conf
testing/tests/alg-twofish/hosts/carol/etc/ipsec.conf
testing/tests/alg-twofish/hosts/moon/etc/ipsec.conf
testing/tests/attr-cert/hosts/carol/etc/ipsec.conf
testing/tests/attr-cert/hosts/dave/etc/ipsec.conf
testing/tests/attr-cert/hosts/moon/etc/ipsec.conf
testing/tests/compress/hosts/carol/etc/ipsec.conf
testing/tests/compress/hosts/moon/etc/ipsec.conf
testing/tests/crl-from-cache/hosts/carol/etc/ipsec.conf
testing/tests/crl-from-cache/hosts/moon/etc/ipsec.conf
testing/tests/crl-ldap/hosts/carol/etc/ipsec.conf
testing/tests/crl-ldap/hosts/moon/etc/ipsec.conf
testing/tests/crl-revoked/hosts/carol/etc/ipsec.conf
testing/tests/crl-revoked/hosts/moon/etc/ipsec.conf
testing/tests/crl-strict/hosts/carol/etc/ipsec.conf
testing/tests/crl-strict/hosts/moon/etc/ipsec.conf
testing/tests/crl-to-cache/hosts/carol/etc/ipsec.conf
testing/tests/crl-to-cache/hosts/moon/etc/ipsec.conf
testing/tests/default-keys/hosts/carol/etc/ipsec.conf
testing/tests/default-keys/hosts/moon/etc/ipsec.conf
testing/tests/double-nat-net/hosts/alice/etc/ipsec.conf
testing/tests/double-nat-net/hosts/bob/etc/ipsec.conf
testing/tests/double-nat/hosts/alice/etc/ipsec.conf
testing/tests/dpd-clear/hosts/moon/etc/ipsec.conf
testing/tests/esp-ah-transport/hosts/carol/etc/ipsec.conf
testing/tests/esp-ah-transport/hosts/moon/etc/ipsec.conf
testing/tests/esp-ah-tunnel/hosts/carol/etc/ipsec.conf
testing/tests/esp-ah-tunnel/hosts/moon/etc/ipsec.conf
testing/tests/esp-alg-des/hosts/carol/etc/ipsec.conf
testing/tests/esp-alg-des/hosts/moon/etc/ipsec.conf
testing/tests/esp-alg-null/hosts/carol/etc/ipsec.conf
testing/tests/esp-alg-null/hosts/moon/etc/ipsec.conf
testing/tests/esp-alg-strict-fail/hosts/carol/etc/ipsec.conf
testing/tests/esp-alg-strict-fail/hosts/moon/etc/ipsec.conf
testing/tests/esp-alg-strict/hosts/carol/etc/ipsec.conf
testing/tests/esp-alg-strict/hosts/moon/etc/ipsec.conf
testing/tests/esp-alg-weak/hosts/carol/etc/ipsec.conf
testing/tests/esp-alg-weak/hosts/moon/etc/ipsec.conf
testing/tests/host2host-swapped/hosts/moon/etc/ipsec.conf
testing/tests/host2host-swapped/hosts/sun/etc/ipsec.conf
testing/tests/host2host-transport/hosts/moon/etc/ipsec.conf
testing/tests/host2host-transport/hosts/sun/etc/ipsec.conf
testing/tests/ike-alg-sha2_512/hosts/carol/etc/ipsec.conf
testing/tests/ike-alg-sha2_512/hosts/moon/etc/ipsec.conf
testing/tests/ike-alg-strict-fail/hosts/carol/etc/ipsec.conf
testing/tests/ike-alg-strict-fail/hosts/moon/etc/ipsec.conf
testing/tests/ike-alg-strict/hosts/carol/etc/ipsec.conf
testing/tests/ike-alg-strict/hosts/moon/etc/ipsec.conf
testing/tests/ikev2-net2net/description.txt
testing/tests/ikev2-net2net/hosts/moon/etc/ipsec.conf
testing/tests/ikev2-net2net/hosts/sun/etc/ipsec.conf
testing/tests/mode-config-swapped/hosts/carol/etc/ipsec.conf
testing/tests/mode-config-swapped/hosts/dave/etc/ipsec.conf
testing/tests/mode-config-swapped/hosts/moon/etc/ipsec.conf
testing/tests/mode-config/hosts/carol/etc/ipsec.conf
testing/tests/mode-config/hosts/dave/etc/ipsec.conf
testing/tests/mode-config/hosts/moon/etc/ipsec.conf
testing/tests/multi-level-ca-ldap/hosts/carol/etc/ipsec.conf
testing/tests/multi-level-ca-ldap/hosts/dave/etc/ipsec.conf
testing/tests/multi-level-ca-ldap/hosts/moon/etc/ipsec.conf
testing/tests/multi-level-ca-loop/hosts/carol/etc/ipsec.conf
testing/tests/multi-level-ca-loop/hosts/moon/etc/ipsec.conf
testing/tests/multi-level-ca-revoked/hosts/carol/etc/ipsec.conf
testing/tests/multi-level-ca-revoked/hosts/moon/etc/ipsec.conf
testing/tests/multi-level-ca-strict/hosts/carol/etc/ipsec.conf
testing/tests/multi-level-ca-strict/hosts/dave/etc/ipsec.conf
testing/tests/multi-level-ca-strict/hosts/moon/etc/ipsec.conf
testing/tests/multi-level-ca/hosts/carol/etc/ipsec.conf
testing/tests/multi-level-ca/hosts/dave/etc/ipsec.conf
testing/tests/multi-level-ca/hosts/moon/etc/ipsec.conf
testing/tests/net2net-pgp/hosts/moon/etc/ipsec.conf
testing/tests/net2net-pgp/hosts/sun/etc/ipsec.conf
testing/tests/net2net-psk-fail/hosts/moon/etc/ipsec.conf
testing/tests/net2net-psk-fail/hosts/sun/etc/ipsec.conf
testing/tests/net2net-psk/hosts/moon/etc/ipsec.conf
testing/tests/net2net-psk/hosts/sun/etc/ipsec.conf
testing/tests/net2net-route/hosts/moon/etc/ipsec.conf
testing/tests/net2net-rsa/hosts/moon/etc/ipsec.conf
testing/tests/net2net-rsa/hosts/sun/etc/ipsec.conf
testing/tests/net2net-start/hosts/moon/etc/ipsec.conf
testing/tests/ocsp-revoked/hosts/carol/etc/ipsec.conf
testing/tests/ocsp-revoked/hosts/moon/etc/ipsec.conf
testing/tests/ocsp-strict/hosts/carol/etc/ipsec.conf
testing/tests/ocsp-strict/hosts/moon/etc/ipsec.conf
testing/tests/protoport-dual/hosts/carol/etc/ipsec.conf
testing/tests/protoport-dual/hosts/moon/etc/ipsec.conf
testing/tests/protoport-pass/hosts/carol/etc/ipsec.conf
testing/tests/protoport-pass/hosts/moon/etc/ipsec.conf
testing/tests/protoport-route/hosts/carol/etc/ipsec.conf
testing/tests/protoport-route/hosts/moon/etc/ipsec.conf
testing/tests/req-pkcs10/hosts/carol/etc/ipsec.conf
testing/tests/rw-psk-fqdn-named/hosts/carol/etc/ipsec.conf
testing/tests/rw-psk-fqdn-named/hosts/moon/etc/ipsec.conf
testing/tests/rw-psk-fqdn/hosts/carol/etc/ipsec.conf
testing/tests/rw-psk-fqdn/hosts/moon/etc/ipsec.conf
testing/tests/rw-psk-ipv4/hosts/carol/etc/ipsec.conf
testing/tests/rw-psk-ipv4/hosts/moon/etc/ipsec.conf
testing/tests/rw-psk-no-policy/hosts/carol/etc/ipsec.conf
testing/tests/rw-psk-no-policy/hosts/moon/etc/ipsec.conf
testing/tests/rw-psk-rsa-mixed/hosts/carol/etc/ipsec.conf
testing/tests/rw-psk-rsa-mixed/hosts/moon/etc/ipsec.conf
testing/tests/self-signed/hosts/carol/etc/ipsec.conf
testing/tests/self-signed/hosts/moon/etc/ipsec.conf
testing/tests/starter-also-loop/hosts/moon/etc/ipsec.conf
testing/tests/starter-also/hosts/moon/etc/ipsec.conf
testing/tests/starter-includes/hosts/carol/etc/ipsec.conf
testing/tests/starter-includes/hosts/dave/etc/ipsec.conf
testing/tests/starter-includes/hosts/moon/etc/ipsec.conf
testing/tests/virtual-ip-swapped/hosts/carol/etc/ipsec.conf
testing/tests/virtual-ip-swapped/hosts/moon/etc/ipsec.conf
testing/tests/virtual-ip/hosts/carol/etc/ipsec.conf
testing/tests/virtual-ip/hosts/moon/etc/ipsec.conf
testing/tests/wildcards/hosts/carol/etc/ipsec.conf
testing/tests/wildcards/hosts/dave/etc/ipsec.conf
testing/tests/wildcards/hosts/moon/etc/ipsec.conf
testing/tests/wlan/hosts/alice/etc/ipsec.conf
testing/tests/wlan/hosts/moon/etc/ipsec.conf
testing/tests/wlan/hosts/venus/etc/ipsec.conf

index 9a610f6..e9d6f19 100644 (file)
@@ -16,7 +16,7 @@ dnl ===========================
 dnl  initialize & set some vars
 dnl ===========================
 
-AC_INIT(strongSwan,4.0.0)
+AC_INIT(strongSwan,4.0.1)
 AM_INIT_AUTOMAKE
 AC_C_BIGENDIAN
 AC_SUBST(ipsecdir, '${libexecdir}/ipsec')
index 0ae18e0..a7e4d18 100644 (file)
@@ -57,69 +57,84 @@ struct private_local_connection_store_t {
  */
 static connection_t *get_connection_by_hosts(private_local_connection_store_t *this, host_t *my_host, host_t *other_host)
 {
+       typedef enum {
+               PRIO_UNDEFINED=         0x00,
+               PRIO_ADDR_ANY=          0x01,
+               PRIO_ADDR_MATCH=        0x02
+       } prio_t;
+
+       prio_t best_prio = PRIO_UNDEFINED;
+
        iterator_t *iterator;
-       connection_t *current, *found = NULL;
+       connection_t *candidate;
+       connection_t *found = NULL;
        
-       this->logger->log(this->logger, CONTROL|LEVEL1, "getting config for hosts %s - %s", 
+       this->logger->log(this->logger, CONTROL|LEVEL1, "searching connection for host pair %s...%s",
                                          my_host->get_address(my_host), other_host->get_address(other_host));
-       
+
        iterator = this->connections->create_iterator(this->connections, TRUE);
+
+       /* determine closest matching connection */
        while (iterator->has_next(iterator))
        {
-               host_t *config_my_host, *config_other_host;
+               host_t *candidate_my_host;
+               host_t *candidate_other_host;
                
-               iterator->current(iterator, (void**)&current);
+               iterator->current(iterator, (void**)&candidate);
 
-               config_my_host = current->get_my_host(current);
-               config_other_host = current->get_other_host(current);
+               candidate_my_host    = candidate->get_my_host(candidate);
+               candidate_other_host = candidate->get_other_host(candidate);
 
-               /* first check if ip is equal */
-               if(config_other_host->ip_equals(config_other_host, other_host))
+               /* my_host addresses must match*/
+               if (my_host->ip_equals(my_host, candidate_my_host))
                {
-                       this->logger->log(this->logger, CONTROL|LEVEL2, "config entry with remote host %s", 
-                                                         config_other_host->get_address(config_other_host));
-                       /* could be right one, check my_host for default route*/
-                       if (config_my_host->is_default_route(config_my_host))
+                       prio_t prio = PRIO_UNDEFINED;
+
+                       /* exact match of peer host address or wildcard address? */
+                       if (other_host->ip_equals(other_host, candidate_other_host))
                        {
-                               found = current->clone(current);
-                               break;
+                               prio |= PRIO_ADDR_MATCH;
                        }
-                       /* check now if host informations are the same */
-                       else if (config_my_host->ip_equals(config_my_host,my_host))
+                       else if (candidate_other_host->is_anyaddr(candidate_other_host))
                        {
-                               found = current->clone(current);
-                               break;
+                               prio |= PRIO_ADDR_ANY;
                        }
-                       
-               }
-               /* Then check for wildcard hosts!
-               * TODO
-               * actually its only checked if other host with default route can be found! */
-               else if (config_other_host->is_default_route(config_other_host))
-               {
-                       /* could be right one, check my_host for default route*/
-                       if (config_my_host->is_default_route(config_my_host))
-                       {
-                               found = current->clone(current);
-                               break;
-                       }
-                       /* check now if host informations are the same */
-                       else if (config_my_host->ip_equals(config_my_host,my_host))
+
+                       this->logger->log(this->logger, CONTROL|LEVEL2,
+                                                        "candidate connection \"%s\": %s...%s (prio=%d)",
+                                                         candidate->get_name(candidate),
+                                                         candidate_my_host->get_address(candidate_my_host),
+                                                         candidate_other_host->get_address(candidate_other_host),
+                                                         prio);
+
+                       if (prio > best_prio)
                        {
-                               found = current->clone(current);
-                               break;
-                       }
+                               found = candidate;
+                               best_prio = prio;
+                       }                       
                }
        }
        iterator->destroy(iterator);
        
-       /* apply hosts as they are supplied since my_host may be %defaultroute, and other_host may be %any. */
        if (found)
        {
-               found->update_my_host(found, my_host->clone(my_host));
-               found->update_other_host(found, other_host->clone(other_host));
+               host_t *found_my_host    = found->get_my_host(found);
+               host_t *found_other_host = found->get_other_host(found);
+               
+               this->logger->log(this->logger, CONTROL|LEVEL1,
+                                                "found matching connection \"%s\": %s...%s (prio=%d)",
+                                                 found->get_name(found),
+                                                 found_my_host->get_address(found_my_host),
+                                                 found_other_host->get_address(found_other_host),
+                                                 best_prio);
+
+               found = found->clone(found);
+               if (best_prio & PRIO_ADDR_ANY)
+               {
+                       /* replace %any by the peer's address */
+                       found->update_other_host(found, other_host->clone(other_host));
+               }
        }
-       
        return found;
 }
 
index 4193e6f..89f67c9 100644 (file)
@@ -390,11 +390,9 @@ static bool is_listening_on(private_socket_t *this, host_t *host)
 {
        iterator_t *iterator;
        
-       /* listening on 0.0.0.0 is always TRUE */
-       if (host->is_default_route(host))
-       {
-               return TRUE;
-       }
+       /* listening on wildcard 0.0.0.0 is always FALSE */
+       if (host->is_anyaddr(host))
+               return FALSE;
        
        /* compare host with all interfaces */
        iterator = this->interfaces->create_iterator(this->interfaces, TRUE);
index a65f410..e6c8e49 100644 (file)
@@ -507,9 +507,9 @@ static status_t checkout_by_hosts(private_ike_sa_manager_t *this, host_t *me, ho
                sa_other = current->ike_sa->get_other_host(current->ike_sa);
                
                /* one end may be default/any, but not both */
-               if (me->is_default_route(me))
+               if (me->is_anyaddr(me))
                {
-                       if (other->is_default_route(other))
+                       if (other->is_anyaddr(other))
                        {
                                break;
                        }
@@ -519,7 +519,7 @@ static status_t checkout_by_hosts(private_ike_sa_manager_t *this, host_t *me, ho
                                ike_sa_id = current->ike_sa_id;
                        }
                }
-               else if (other->is_default_route(other))
+               else if (other->is_anyaddr(other))
                {
                        if (me->equals(me, sa_me))
                        {
index 0cf8b7b..5986577 100644 (file)
@@ -74,7 +74,7 @@ static void receive_packets(private_receiver_t * this)
        /* cancellation disabled by default */
        pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
        
-       this->logger->log(this->logger, CONTROL, "Receiver thread running, thread_id %u", (int)pthread_self());
+       this->logger->log(this->logger, CONTROL, "receiver thread running,  thread_ID: %06d", (int)pthread_self());
        
        while (1)
        {
index 47c5d6f..9bbe5c9 100644 (file)
@@ -72,7 +72,7 @@ static void get_events(private_scheduler_t * this)
        /* cancellation disabled by default */
        pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
        
-       this->logger->log(this->logger, CONTROL, "Scheduler thread running, thread_id %u", (int)pthread_self());
+       this->logger->log(this->logger, CONTROL, "scheduler thread running, thread_ID: %06d", (int)pthread_self());
 
        for (;;)
        {
index 42d11be..4f5f7e1 100644 (file)
@@ -73,7 +73,7 @@ static void send_packets(private_sender_t * this)
        /* cancellation disabled by default */
        pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
 
-       this->logger->log(this->logger, CONTROL, "Sender thread running, thread_id %u", (int)pthread_self());
+       this->logger->log(this->logger, CONTROL, "sender thread running,    thread_ID: %06d", (int)pthread_self());
 
        while (1)
        {
index a9c5567..f8db7ad 100755 (executable)
@@ -240,9 +240,6 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
                        my_id = cert->get_subject(cert);
                        my_id = my_id->clone(my_id);
                        cert->destroy(cert);
-                       this->logger->log(this->logger, CONTROL, 
-                                                         "valid certificate with ID \"%s\"",
-                                                          my_id->get_string(my_id));
                }
        }
        if (msg->add_conn.other.cert)
@@ -256,9 +253,6 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
                        other_id = cert->get_subject(cert);
                        other_id = other_id->clone(other_id);
                        cert->destroy(cert);
-                       this->logger->log(this->logger, CONTROL, 
-                                                         "valid certificate with ID \"%s\"",
-                                                          other_id->get_string(other_id));
                }
        }
        
@@ -278,8 +272,15 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
        proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0);
        proposal->add_algorithm(proposal, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0);
        connection->add_proposal(connection, proposal);
+
        /* add to global connection list */
        charon->connections->add_connection(charon->connections, connection);
+       this->logger->log(this->logger, CONTROL, "added connection \"%s\": %s[%s]...%s[%s]",
+                                         msg->add_conn.name,
+                                         my_host->get_address(my_host),
+                                         my_id->get_string(my_id),
+                                         other_host->get_address(other_host),
+                                         other_id->get_string(other_id));
        
        policy = policy_create(my_id, other_id);
        proposal = proposal_create(1);
@@ -289,10 +290,10 @@ static void stroke_add_conn(private_stroke_t *this, stroke_msg_t *msg)
        policy->add_proposal(policy, proposal);
        policy->add_my_traffic_selector(policy, my_ts);
        policy->add_other_traffic_selector(policy, other_ts);
+
        /* add to global policy list */
        charon->policies->add_policy(charon->policies, policy);
        
-       this->stroke_logger->log(this->stroke_logger, CONTROL|LEVEL1, "connection \"%s\" added", msg->add_conn.name);
 }
 
 /**
index 4482e79..0a39c2e 100644 (file)
@@ -144,7 +144,7 @@ static void process_jobs(private_thread_pool_t *this)
        /* cancellation disabled by default */
        pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, NULL);
        
-       this->worker_logger->log(this->worker_logger, CONTROL, "Worker thread running, thread_id: %u", (int)pthread_self());
+       this->worker_logger->log(this->worker_logger, CONTROL, "worker thread running,    thread_ID: %06d", (int)pthread_self());
 
        for (;;) {
                
@@ -600,7 +600,7 @@ thread_pool_t *thread_pool_create(size_t pool_size)
        {
                if (pthread_create(&(this->threads[current]), NULL, (void*(*)(void*))this->process_jobs, this) == 0) 
                {
-                       this->pool_logger->log(this->pool_logger, CONTROL, "Created worker thread #%d", current+1);
+                       this->pool_logger->log(this->pool_logger, CONTROL, "created worker thread #%d", current+1);
                }
                else
                {
index e9827a8..85e6e97 100644 (file)
@@ -65,7 +65,7 @@ library.c \
 types.c \
 library.h 
 
-LDADD = -lgmp -lpthread
+libstrongswan_la_LIBADD = -lgmp -lpthread
 
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 EXTRA_DIST = asn1/oid.txt asn1/oid.pl
index b85dc07..53b6932 100644 (file)
@@ -77,21 +77,17 @@ static socklen_t *get_sockaddr_len(private_host_t *this)
 }
 
 /**
- * Implementation of host_t.is_default_route.
+ * Implementation of host_t.is_anyaddr.
  */
-static bool is_default_route (private_host_t *this)
+static bool is_anyaddr(private_host_t *this)
 {
        switch (this->family) 
        {
                case AF_INET: 
                {
-                       static u_int8_t default_route[4] = {0x00,0x00,0x00,0x00};
+                       static u_int8_t default_route[4] = {0x00, 0x00, 0x00, 0x00};
                        
-                       if (memcmp(default_route,&(this->address4.sin_addr.s_addr),4) == 0)
-                       {
-                               return TRUE;
-                       }
-                       return FALSE;
+                       return !memcmp(default_route, &(this->address4.sin_addr.s_addr), 4);
                }
                default:
                {
@@ -114,10 +110,12 @@ static char *get_address(private_host_t *this)
                        /* we need to clone it, since inet_ntoa overwrites 
                         * internal buffer on subsequent calls
                         */
-                       free(this->string);
-                       string = inet_ntoa(this->address4.sin_addr);
-                       this->string = malloc(strlen(string)+1);
-                       strcpy(this->string, string);
+                       if (this->string == NULL)
+                       {
+                               string = is_anyaddr(this)? "%any" : inet_ntoa(this->address4.sin_addr);
+                               this->string = malloc(strlen(string)+1);
+                               strcpy(this->string, string);
+                       }
                        return this->string;
                }
                default:
@@ -275,7 +273,7 @@ static private_host_t *host_create_empty(void)
        this->public.get_port = (u_int16_t (*) (host_t *))get_port;
        this->public.ip_equals = (bool (*) (host_t *,host_t *)) ip_equals;
        this->public.equals = (bool (*) (host_t *,host_t *)) equals;
-       this->public.is_default_route = (bool (*) (host_t *)) is_default_route;
+       this->public.is_anyaddr = (bool (*) (host_t *)) is_anyaddr;
        this->public.destroy = (void (*) (host_t*))destroy;
        
        this->string = NULL;
index d81efff..0ca7d57 100644 (file)
@@ -126,7 +126,7 @@ struct host_t {
         *                                              - TRUE if host has IP 0.0.0.0 for default route 
         *                                              - FALSE otherwise
         */
-       bool (*is_default_route) (host_t *this);
+       bool (*is_anyaddr) (host_t *this);
        
        /** 
         * @brief get the address of this host as chunk_t
index 151fbfd..728892b 100644 (file)
@@ -122,9 +122,9 @@ static void prepend_prefix(private_logger_t *this, log_level_t loglevel, const c
        
        if (this->log_thread_id)
        {
-               snprintf(thread_id, sizeof(thread_id), " @%d", (int)pthread_self());
+               snprintf(thread_id, sizeof(thread_id), "%06d", (int)pthread_self());
        }
-       snprintf(buffer, MAX_LOG, "[%c%c:%s]%s %s", log_type, log_details, this->name, thread_id, string);
+       snprintf(buffer, MAX_LOG, "%s[%c%c:%s] %s", thread_id, log_type, log_details, this->name, string);
 }
 
 /**
@@ -200,7 +200,7 @@ static void log_bytes(private_logger_t *this, log_level_t loglevel, const char *
 
                if (this->log_thread_id)
                {
-                       snprintf(thread_id, sizeof(thread_id), " @%d", (int)pthread_self());
+                       snprintf(thread_id, sizeof(thread_id), "%06d", (int)pthread_self());
                }
 
                /* since me can't do multi-line output to syslog, 
@@ -244,11 +244,11 @@ static void log_bytes(private_logger_t *this, log_level_t loglevel, const char *
 
                                if (this->output == NULL)
                                {
-                                       syslog(get_priority(loglevel), "[  :%5d]%s   %s  %s", line_start, thread_id, buffer, ascii_buffer);     
+                                       syslog(get_priority(loglevel), "%s[  :%5d]   %s  %s", thread_id, line_start, buffer, ascii_buffer);     
                                }
                                else
                                {
-                                       fprintf(this->output, "[  :%5d]%s   %s  %s\n", line_start, thread_id, buffer, ascii_buffer);
+                                       fprintf(this->output, "%s[  :%5d]   %s  %s\n", thread_id, line_start, buffer, ascii_buffer);
                                }
                                buffer_pos = buffer;
                                line_start += MAX_BYTES;
index 62956c7..bc093e7 100644 (file)
@@ -66,14 +66,14 @@ struct {
        { "SAMGR", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* IKE_SA_MANAGER */
        { "CHDSA", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* CHILD_SA */
        { "MESSG", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* MESSAGE */
-       { "TPOOL", ERROR|CONTROL|AUDIT|LEVEL0,  FALSE}, /* THREAD_POOL */
+       { "TPOOL", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* THREAD_POOL */
        { "WORKR", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* WORKER */
-       { "SCHED", ERROR|CONTROL|AUDIT|LEVEL0,  FALSE}, /* SCHEDULER */
-       { "SENDR", ERROR|CONTROL|AUDIT|LEVEL0,  FALSE}, /* SENDER */
-       { "RECVR", ERROR|CONTROL|AUDIT|LEVEL0,  FALSE}, /* RECEIVER */
-       { "SOCKT", ERROR|CONTROL|AUDIT|LEVEL0,  FALSE}, /* SOCKET */
-       { "TESTR", ERROR|CONTROL|AUDIT|LEVEL0,  FALSE}, /* TESTER */
-       { "DAEMN", ERROR|CONTROL|AUDIT|LEVEL0,  FALSE}, /* DAEMON */
+       { "SCHED", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* SCHEDULER */
+       { "SENDR", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* SENDER */
+       { "RECVR", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* RECEIVER */
+       { "SOCKT", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* SOCKET */
+       { "TESTR", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* TESTER */
+       { "DAEMN", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* DAEMON */
        { "CONFG", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* CONFIG */
        { "ENCPL", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* ENCRYPTION_PAYLOAD */
        { "PAYLD", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* PAYLOAD */
@@ -81,7 +81,7 @@ struct {
        { "DEREC", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* DER_ENCODER */
        { "ASN_1", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* ASN1 */
        { "XFRM ", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* XFRM */
-       { "LEAKD", ERROR|CONTROL|AUDIT|LEVEL0,  FALSE}, /* LEAK_DETECT */
+       { "LEAKD", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE }, /* LEAK_DETECT */
 };
 
 
index 075b88f..4bfb603 100644 (file)
@@ -12,7 +12,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * RCSID $Id: fetch.c,v 1.11 2005/11/25 10:08:00 as Exp $
+ * RCSID $Id: fetch.c,v 1.12 2006/05/16 14:19:27 as Exp $
  */
 
 #include <stdlib.h>
@@ -339,7 +339,7 @@ fetch_curl(char *url, chunk_t *blob)
        }
        curl_easy_cleanup(curl);
        /* not using freeanychunk because of realloc (no leak detective) */
-       free(response.ptr);
+       curl_free(response.ptr);
     }
     return strlen(errorbuffer) > 0 ? "libcurl error" : NULL;
 #else   /* !LIBCURL */
@@ -728,7 +728,7 @@ fetch_ocsp_status(ocsp_location_t* location)
        curl_easy_cleanup(curl);
        pfree(uri);
        /* not using freeanychunk because of realloc (no leak detective) */
-       free(response.ptr);
+       curl_free(response.ptr);
     }
     freeanychunk(location->nonce);
     freeanychunk(request);
index 1616fed..fe19cc4 100644 (file)
@@ -198,7 +198,10 @@ static struct vid_struct _vid_tab[] = {
        /*
         * strongSwan
         */
-       DEC_MD5_VID(STRONGSWAN,       "strongSwan 4.0.0")
+       DEC_MD5_VID(STRONGSWAN,       "strongSwan 4.0.1")
+       DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0")
+
+       DEC_MD5_VID(STRONGSWAN_2_7_1, "strongSwan 2.7.1")
        DEC_MD5_VID(STRONGSWAN_2_7_0, "strongSwan 2.7.0")
        DEC_MD5_VID(STRONGSWAN_2_6_4, "strongSwan 2.6.4")
        DEC_MD5_VID(STRONGSWAN_2_6_3, "strongSwan 2.6.3")
index 7c2030d..c512560 100644 (file)
@@ -77,6 +77,9 @@ enum known_vendorid {
   VID_STRONGSWAN_2_6_3         = 56,
   VID_STRONGSWAN_2_6_4         = 57,
   VID_STRONGSWAN_2_7_0         = 58,
+  VID_STRONGSWAN_2_7_1         = 59,
+
+  VID_STRONGSWAN_4_0_0         = 70,
 
   /* 101 - 200 : NAT-Traversal */
   VID_NATT_STENBERG_01         =101,
index 9ef4b75..67a0995 100644 (file)
 
 static char* push_string(stroke_msg_t **strm, char *string)
 {
-    stroke_msg_t *stroke_msg;
-    size_t string_length;
-
-    if (string == NULL)
-    {
-       return NULL;
-    }
-    stroke_msg = *strm;
-    string_length = strlen(string) + 1;
-    stroke_msg->length += string_length;
-
-    stroke_msg = realloc(stroke_msg, stroke_msg->length);
-    strcpy((char*)stroke_msg + stroke_msg->length - string_length, string);
-
-    *strm = stroke_msg;
-    return (char*)(u_int)stroke_msg->length - string_length;
+       stroke_msg_t *stroke_msg;
+       size_t string_length;
+
+       if (string == NULL)
+       {
+               return NULL;
+       }
+       stroke_msg = *strm;
+       string_length = strlen(string) + 1;
+       stroke_msg->length += string_length;
+
+       stroke_msg = realloc(stroke_msg, stroke_msg->length);
+       strcpy((char*)stroke_msg + stroke_msg->length - string_length, string);
+
+       *strm = stroke_msg;
+       return (char*)(u_int)stroke_msg->length - string_length;
 }
 
 static int
 send_stroke_msg (stroke_msg_t *msg)
 {
-    struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
-    int sock;
-    int byte_count;
-    char buffer[64];
-
-    sock = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (sock < 0)
-    {
-       plog("socket() failed: %s", strerror(errno));
-       return -1;
-    }
-    if (connect(sock, (struct sockaddr *)&ctl_addr, 
-       offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
-    {
-       plog("connect(charon_ctl) failed: %s", strerror(errno));
-       close(sock);
-       return -1;
-    }
-
-    /* send message */
+       struct sockaddr_un ctl_addr = { AF_UNIX, CHARON_CTL_FILE };
+       int sock;
+       int byte_count;
+       char buffer[64];
+
+       sock = socket(AF_UNIX, SOCK_STREAM, 0);
+       if (sock < 0)
+       {
+               plog("socket() failed: %s", strerror(errno));
+               return -1;
+       }
+       if (connect(sock, (struct sockaddr *)&ctl_addr, 
+               offsetof(struct sockaddr_un, sun_path) + strlen(ctl_addr.sun_path)) < 0)
+       {
+               plog("connect(charon_ctl) failed: %s", strerror(errno));
+               close(sock);
+               return -1;
+       }
+
+       /* send message */
     if (write(sock, msg, msg->length) != msg->length)
-    {
-       plog("write(charon_ctl) failed: %s", strerror(errno));
+       {
+               plog("write(charon_ctl) failed: %s", strerror(errno));
+               close(sock);
+               return -1;
+       }
+       while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0)
+       {
+               buffer[byte_count] = '\0';
+               plog("%s", buffer);
+       }
+       if (byte_count < 0)
+       {
+               plog("read() failed: %s", strerror(errno));
+       }
+
        close(sock);
-       return -1;
-    }
-    while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0)
-    {
-       buffer[byte_count] = '\0';
-       plog("%s", buffer);
-    }
-    if (byte_count < 0)
-    {
-       plog("read() failed: %s", strerror(errno));
-    }
-
-    close(sock);
-    return 0;
+       return 0;
 }
 
 static char *
 connection_name(starter_conn_t *conn)
 {
-    /* if connection name is '%auto', create a new name like conn_xxxxx */
-    static char buf[32];
-
-    if (streq(conn->name, "%auto"))
-    {
-       sprintf(buf, "conn_%ld", conn->id);
-       return buf;
-    }
-    return conn->name;
+       /* if connection name is '%auto', create a new name like conn_xxxxx */
+       static char buf[32];
+
+       if (streq(conn->name, "%auto"))
+       {
+               sprintf(buf, "conn_%ld", conn->id);
+               return buf;
+       }
+       return conn->name;
 }
 
 
 int starter_stroke_add_conn(starter_conn_t *conn)
 {
-    stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-    int res;
+       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
+       int res;
 
-    msg->length = sizeof(stroke_msg_t);
-    msg->type = STR_ADD_CONN;
+       msg->length = sizeof(stroke_msg_t);
+       msg->type = STR_ADD_CONN;
 
-    msg->add_conn.name = push_string(&msg, connection_name(conn));
+       msg->add_conn.name = push_string(&msg, connection_name(conn));
 
-    msg->add_conn.me.id = push_string(&msg, conn->left.id);
-    msg->add_conn.me.cert = push_string(&msg, conn->left.cert);
-    msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr));
-    msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr));
-    msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits;
+       msg->add_conn.me.id = push_string(&msg, conn->left.id);
+       msg->add_conn.me.cert = push_string(&msg, conn->left.cert);
+       msg->add_conn.me.address = push_string(&msg, inet_ntoa(conn->left.addr.u.v4.sin_addr));
+       msg->add_conn.me.subnet = push_string(&msg, inet_ntoa(conn->left.subnet.addr.u.v4.sin_addr));
+       msg->add_conn.me.subnet_mask = conn->left.subnet.maskbits;
 
-    msg->add_conn.other.id = push_string(&msg, conn->right.id);
-    msg->add_conn.other.cert = push_string(&msg, conn->right.cert);
-    msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr));
-    msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr));
-    msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits;
+       msg->add_conn.other.id = push_string(&msg, conn->right.id);
+       msg->add_conn.other.cert = push_string(&msg, conn->right.cert);
+       msg->add_conn.other.address = push_string(&msg, inet_ntoa(conn->right.addr.u.v4.sin_addr));
+       msg->add_conn.other.subnet = push_string(&msg, inet_ntoa(conn->right.subnet.addr.u.v4.sin_addr));
+       msg->add_conn.other.subnet_mask = conn->right.subnet.maskbits;
 
-    res = send_stroke_msg(msg);
-    free(msg);
-    return res;
+       res = send_stroke_msg(msg);
+       free(msg);
+       return res;
 }
 
 int starter_stroke_del_conn(starter_conn_t *conn)
 {
-    return 0;
+       return 0;
 }
+
 int starter_stroke_route_conn(starter_conn_t *conn)
 {
-    stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-    int res;
-
-    msg->length = sizeof(stroke_msg_t);
-    msg->type = STR_INSTALL;
-    msg->install.name = push_string(&msg, connection_name(conn));
-    res = send_stroke_msg(msg);
-    free(msg);
-    return res;
+       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
+       int res;
+
+       msg->length = sizeof(stroke_msg_t);
+       msg->type = STR_INSTALL;
+       msg->install.name = push_string(&msg, connection_name(conn));
+       res = send_stroke_msg(msg);
+       free(msg);
+       return res;
 }
 
 int starter_stroke_initiate_conn(starter_conn_t *conn)
 {
-    stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
-    int res;
-
-    msg->length = sizeof(stroke_msg_t);
-    msg->type = STR_INITIATE;
-    msg->initiate.name = push_string(&msg, connection_name(conn));
-    res = send_stroke_msg(msg);
-    free(msg);
-    return res;
+       stroke_msg_t *msg = malloc(sizeof(stroke_msg_t));
+       int res;
+
+       msg->length = sizeof(stroke_msg_t);
+       msg->type = STR_INITIATE;
+       msg->initiate.name = push_string(&msg, connection_name(conn));
+       res = send_stroke_msg(msg);
+       free(msg);
+       return res;
 }
index 611f2a8..2f18349 100644 (file)
@@ -1,4 +1,3 @@
 ipsec_PROGRAMS = stroke
 
 stroke_SOURCES = stroke.c stroke.h
-stroke_INCLUDES = -I$(top_srcdir)/src/libstrongswan
index 7eabef5..5583def 100644 (file)
@@ -2,4 +2,4 @@ ipsec_PROGRAMS = whack
 
 whack_SOURCES = whack.c whack.h
 INCLUDES = -I$(top_srcdir)/src/libfreeswan -I$(top_srcdir)/src/pluto
-LDADD = $(top_builddir)/src/libfreeswan/libfreeswan.a
+whack_LDADD = $(top_builddir)/src/libfreeswan/libfreeswan.a
index d6cdbba..da909d8 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index cdef4e0..0bbd405 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 3228f4e..656ef70 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 7662349..7813227 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index a0e97e0..a230d3c 100755 (executable)
@@ -6,13 +6,14 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
-       left=192.168.0.1
+       left=PH_IP_MOON
        leftnexthop=%direct
        leftcert=moonCert.pem
        leftid=@moon.strongswan.org
@@ -20,13 +21,13 @@ conn %default
 
 conn net-net
        leftsubnet=10.1.0.0/16
-       right=192.168.0.2
+       right=PH_IP_SUN
        rightsubnet=10.2.0.0/16
        rightid=@sun.strongswan.org
        auto=add
         
 conn host-host
-       right=192.168.0.2
+       right=PH_IP_SUN
        rightid=@sun.strongswan.org
        auto=add
 
index 4d0299a..f09aa76 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 35f264f..f5be61b 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 92a1382..d3ed112 100755 (executable)
@@ -21,7 +21,7 @@ UMLTESTDIR=~/strongswan-testing
 
 # Bzipped kernel sources
 # (file extension .tar.bz2 required)
-KERNEL=$UMLTESTDIR/linux-2.6.16.9.tar.bz2
+KERNEL=$UMLTESTDIR/linux-2.6.16.16.tar.bz2
 
 # Extract kernel version
 KERNELVERSION=`basename $KERNEL .tar.bz2 | sed -e 's/linux-//'`
@@ -34,7 +34,7 @@ KERNELCONFIG=$UMLTESTDIR/.config-2.6.16
 UMLPATCH=
 
 # Bzipped source of strongSwan
-STRONGSWAN=$UMLTESTDIR/strongswan-2.7.0.tar.bz2
+STRONGSWAN=$UMLTESTDIR/strongswan-4.0.1.tar.bz2
 
 # strongSwan compile options (use "yes" or "no")
 USE_LIBCURL="yes"
index fa68c9d..82b466a 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 39916a7..77a72f2 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 5d23699..e814499 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 7bdddf0..f53cdf2 100755 (executable)
@@ -6,7 +6,8 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
-
+       charonstart=no
+       
 conn %default
        ikelifetime=60m
        keylife=20m
index c55ae8a..a90e074 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 748b1b8..7cff7b3 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 8e3037a..1d6d3b2 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 01004e9..3467c49 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 62fc498..8f92ef4 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 9d932dc..b0d7700 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index bd72715..4a526f5 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 9462ba5..1c6cdbe 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index b8dfae6..25d789a 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 93c4d79..44930d3 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=yes
        cachecrls=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index ef92375..6b1d4c1 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=yes
        cachecrls=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 669a47d..f867d3c 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=yes
        cachecrls=yes
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index d5c0dd1..3235008 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=yes
        cachecrls=yes
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index 5a1d246..b81adef 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index a8953f5..ac302a5 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 6d0aee8..156ea9b 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index a8953f5..ac302a5 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 955f08b..3a0ddd5 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        cachecrls=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 885354a..d52084f 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        cachecrls=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index c4bb10a..26ea4df 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=0
        strictcrlpolicy=no
        nocrsend=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index eeeec64..52d0853 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=0
        strictcrlpolicy=no
        nocrsend=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
@@ -15,7 +16,7 @@ conn %default
        keyingtries=1
 
 conn carol
-       left=192.168.0.1
+       left=PH_IP_MOON
        leftnexthop=%direct
        leftcert=selfCert.der
        leftsendcert=never
index 395e62e..35ce73c 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 6927a5c..6b2863b 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 5b3cddb..bba11a5 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index cac521c..641f2ae 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 13ab3e0..7941866 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 809f3c7..926221f 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 98cdaab..655a0c1 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 7f97637..446d1a7 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index b4f067b..ff74715 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 9513f81..300b897 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index b732eba..79202c0 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index af11591..adbc542 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index ae8d2b7..da824ca 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 2dd1c76..0d34ff2 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 5a14de0..f49e2eb 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 2dd1c76..0d34ff2 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index b4f067b..ff74715 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 3f07213..735af86 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 4b66a5e..a51b1b2 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index a58894b..2605628 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index af5000f..f1fc069 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 10bea98..766fc39 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 1f73cdc..ec6dfe2 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 9091199..8433fab 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug="control crypt"
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index ae8d2b7..da824ca 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 85cd235..50c0d00 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 5a14de0..f49e2eb 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 85cd235..50c0d00 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 1f371c9..0dd1b77 100644 (file)
@@ -1,5 +1,5 @@
 A connection between the subnets behind the gateways <b>moon</b> and <b>sun</b>
 is set up using the IKEv2 key exchange protocol. The authentication is based on
-locally importerd <b>X.509 certificates</b>.
+locally imported <b>X.509 certificates</b>.
 In order to test the established tunnel, client <b>alice</b> behind gateway <b>moon</b>
 pings client <b>bob</b> located behind gateway <b>sun</b>.
index 16f46cf..9c763e9 100644 (file)
@@ -6,10 +6,10 @@ config setup
        plutostart=no
 
 conn net-net 
-       left=192.168.0.1
+       left=PH_IP_MOON
        leftcert=moonCert.pem
        leftsubnet=10.1.0.0/16
-       right=192.168.0.2
+       right=PH_IP_SUN
        rightcert=sunCert.pem
        rightsubnet=10.2.0.0/16
        keyexchange=ikev2
index a90a4ce..defccb9 100644 (file)
@@ -6,10 +6,10 @@ config setup
        plutostart=no
 
 conn net-net 
-       left=192.168.0.2
+       left=PH_IP_SUN
        leftcert=sunCert.pem
        leftsubnet=10.2.0.0/16
-       right=192.168.0.1
+       right=PH_IP_MOON
        rightcert=moonCert.pem
        rightsubnet=10.1.0.0/16
        keyexchange=ikev2
index bee23f4..ca53709 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 698cd96..e484600 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index b9e4010..a449130 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 598997b..b1d9a08 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index da60138..fcf690f 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 49333e2..d83b2d9 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 222c3cf..5149fcf 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 ca strongswan
         cacert=strongswanCert.pem
index bfa0ebb..d04667f 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index e2b6058..3754c2e 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index c56678b..621dca2 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 343042f..c0b9b6a 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 6d0aee8..156ea9b 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 39a298d..e48a7f1 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index de179c5..1240dbf 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 2fb6a30..eb972c8 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 6ed262d..2242cab 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index e851a82..2a753b9 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 458a4ca..cabdfea 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index e60bbc0..dcc0296 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index e7de6cf..4194c57 100755 (executable)
@@ -5,6 +5,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 config setup
        plutodebug=control
        nocrsend=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 5dd8a85..1a44840 100755 (executable)
@@ -5,6 +5,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 config setup
        plutodebug=control
        nocrsend=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 87396e4..acc336a 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 7e102b2..4b26453 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 51c53a5..ddfce35 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 9c36951..ed3fe25 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 4063ae0..a161290 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 7727623..7eaea49 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 9626ef1..018ea65 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 677955b..64b11a2 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 7d43847..2f49539 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index 7134b6e..9236234 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index b347194..1bdb0ac 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index 7134b6e..9236234 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=yes
+       charonstart=no
 
 ca strongswan
        cacert=strongswanCert.pem
index 9e05ecf..b9e60c2 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 84b9b0b..4597f96 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index ade7308..a19bc6d 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index fd67e2b..8c46e89 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 31c25c1..94a7808 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 84b9b0b..4597f96 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 58e2f1e..95d5bde 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index da5e198..9ae925c 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index c32dfaf..6244e04 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index da5e198..9ae925c 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 9a89480..bb0eec7 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 2c0227b..57ae965 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index a75d4e2..fd6d619 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 413eff7..8d402d7 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index ac63abd..196968e 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 69e13b5..d1abc5b 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index b23248b..3268b1f 100755 (executable)
@@ -4,6 +4,7 @@ version 2.0     # conforms to second version of ipsec.conf specification
 
 config setup
        plutodebug=control
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index fcf7a17..cb831c4 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=0
        strictcrlpolicy=no
        nocrsend=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 7d7f42b..7665e7c 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=0
        strictcrlpolicy=no
        nocrsend=yes
+       charonstart=no
 
 conn %default
        ikelifetime=60m
@@ -15,7 +16,7 @@ conn %default
        keyingtries=1
 
 conn carol
-       left=192.168.0.1
+       left=PH_IP_MOON
        leftnexthop=%direct
        leftcert=moonCert.der
        leftid=@moon.strongswan.org
index e1d2102..e7731dd 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
@@ -30,7 +31,7 @@ conn rw
        auto=add
 
 conn moon
-       left=192.168.0.1
+       left=PH_IP_MOON
         leftnexthop=%direct
         leftcert=moonCert.pem
         leftid=@moon.strongswan.org
@@ -41,7 +42,7 @@ conn moon-net
        leftsubnet=10.1.0.0/16
 
 conn sun
-       right=192.168.0.2
+       right=PH_IP_SUN
        rightid=@sun.strongswan.org
 
 conn sun-net
index 74d009c..7da2716 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
@@ -30,7 +31,7 @@ conn rw
        auto=add
 
 conn moon
-       left=192.168.0.1
+       left=PH_IP_MOON
         leftnexthop=%direct
         leftcert=moonCert.pem
         leftid=@moon.strongswan.org
@@ -40,7 +41,7 @@ conn moon-net
        leftsubnet=10.1.0.0/16
 
 conn sun
-       right=192.168.0.2
+       right=PH_IP_SUN
        rightid=@sun.strongswan.org
 
 conn sun-net
index 598997b..b1d9a08 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index da60138..fcf690f 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index aa91162..f8f78aa 100755 (executable)
@@ -6,5 +6,6 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 include /etc/ipsec.connections
index 0e239b7..980552d 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index db6effb..253c298 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 2f1170a..73f2189 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 1cd8aab..5cdd215 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index de179c5..1240dbf 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 2fb6a30..eb972c8 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index ee7bc81..90bf48d 100755 (executable)
@@ -6,6 +6,7 @@ config setup
        plutodebug=control
        crlcheckinterval=180
        strictcrlpolicy=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index a658e4f..9c3003f 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index f873479..0a6c491 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m
index 742c1db..bf0f423 100755 (executable)
@@ -7,6 +7,7 @@ config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        nat_traversal=no
+       charonstart=no
 
 conn %default
        ikelifetime=60m