Martin Willi [Wed, 4 Jul 2007 09:10:13 +0000 (09:10 -0000)]
using correct nexthop for inserted route
Martin Willi [Wed, 4 Jul 2007 07:26:34 +0000 (07:26 -0000)]
changed mobike behavior to NOT use additional responder addresses until we have path discovery
Martin Willi [Wed, 4 Jul 2007 06:27:33 +0000 (06:27 -0000)]
fixed responder initiated CHILD_SA rekeying when using virtual IPs
Andreas Steffen [Wed, 4 Jul 2007 05:42:58 +0000 (05:42 -0000)]
describe eap option in ipsec.conf.5 man page
Andreas Steffen [Wed, 4 Jul 2007 05:42:09 +0000 (05:42 -0000)]
cosmetics
Andreas Steffen [Wed, 4 Jul 2007 05:41:51 +0000 (05:41 -0000)]
removed the ipsec.conf version number
Martin Willi [Tue, 3 Jul 2007 13:49:29 +0000 (13:49 -0000)]
fixed firewall script invocation when interface is not available anymore
Andreas Steffen [Tue, 3 Jul 2007 13:08:13 +0000 (13:08 -0000)]
version bumps
Andreas Steffen [Tue, 3 Jul 2007 13:06:27 +0000 (13:06 -0000)]
recognize strongswan-2.8.6 VID
Andreas Steffen [Tue, 3 Jul 2007 12:51:29 +0000 (12:51 -0000)]
starter bug fix and pkcs11initargs patch by Robert Varga
Martin Willi [Tue, 3 Jul 2007 12:32:38 +0000 (12:32 -0000)]
improved MOBIKE:
prefer address family already used
do not change address implicit when mobike supported
handle multiple simultaneous roaming requests more properly
proper enabling/disabling of UDP encapsulation
Andreas Steffen [Tue, 3 Jul 2007 09:33:02 +0000 (09:33 -0000)]
support of PKCS#11 init arguments required by NSS softoken, patch contributed by Robert Varga
Andreas Steffen [Tue, 3 Jul 2007 09:26:44 +0000 (09:26 -0000)]
support of PKCS#11 init arguments required by NSS softoken, patch contributed by Robert Varga
Martin Willi [Tue, 3 Jul 2007 09:00:16 +0000 (09:00 -0000)]
added message ID to message log
Martin Willi [Tue, 3 Jul 2007 08:50:14 +0000 (08:50 -0000)]
show kind of notify contained in messages in log
Andreas Steffen [Mon, 2 Jul 2007 20:13:15 +0000 (20:13 -0000)]
DBG1 level for 'peer supports MOBIKE' debug message
Andreas Steffen [Mon, 2 Jul 2007 20:10:26 +0000 (20:10 -0000)]
fixed typo
Andreas Steffen [Mon, 2 Jul 2007 17:56:04 +0000 (17:56 -0000)]
cosmetics
Andreas Steffen [Mon, 2 Jul 2007 17:48:30 +0000 (17:48 -0000)]
fix of the bug fix, courtesy of Robert Varga
Andreas Steffen [Mon, 2 Jul 2007 17:42:16 +0000 (17:42 -0000)]
bug fix courtesy of Robert Varga
Martin Willi [Mon, 2 Jul 2007 12:55:43 +0000 (12:55 -0000)]
updated documentation files
Martin Willi [Mon, 2 Jul 2007 12:55:07 +0000 (12:55 -0000)]
fixed mobike address update from and to NAT
Andreas Steffen [Mon, 2 Jul 2007 09:52:20 +0000 (09:52 -0000)]
changes in uml configuration to allow mobike
Martin Willi [Mon, 2 Jul 2007 09:49:22 +0000 (09:49 -0000)]
proper update of IPsec SA when roaming a host-to-host tunnel
roaming of IPsec SAs using virtual IPs
Martin Willi [Mon, 2 Jul 2007 08:33:15 +0000 (08:33 -0000)]
fixed memleak
Martin Willi [Fri, 29 Jun 2007 09:21:28 +0000 (09:21 -0000)]
updated charons architecture description
Martin Willi [Fri, 29 Jun 2007 08:03:32 +0000 (08:03 -0000)]
fixed dpd=hold when using virtual IPs
Martin Willi [Fri, 29 Jun 2007 07:40:04 +0000 (07:40 -0000)]
removed accidently checked in debbuging code
Andreas Steffen [Thu, 28 Jun 2007 21:33:51 +0000 (21:33 -0000)]
MobIKE requires iptables to open udp/4500
Andreas Steffen [Thu, 28 Jun 2007 21:33:13 +0000 (21:33 -0000)]
MobIKE requires iptables to open udp/4500
Martin Willi [Thu, 28 Jun 2007 15:24:24 +0000 (15:24 -0000)]
fixed IKE_SA reestablishment after DPD using port 500
Andreas Steffen [Wed, 27 Jun 2007 21:49:09 +0000 (21:49 -0000)]
alphabetical order
Andreas Steffen [Wed, 27 Jun 2007 15:42:11 +0000 (15:42 -0000)]
separated pluto, charon, and klips setup config section parameters
Andreas Steffen [Wed, 27 Jun 2007 14:25:15 +0000 (14:25 -0000)]
added passthrough scenario
Andreas Steffen [Wed, 27 Jun 2007 14:03:56 +0000 (14:03 -0000)]
added lefthostaccess and leftprotoport parameters
Andreas Steffen [Wed, 27 Jun 2007 13:31:16 +0000 (13:31 -0000)]
right=%<fqdn> wildcard added
Andreas Steffen [Wed, 27 Jun 2007 13:29:36 +0000 (13:29 -0000)]
update ipsec.conf man page
Andreas Steffen [Wed, 27 Jun 2007 13:29:20 +0000 (13:29 -0000)]
add starter.8 man page to distribution
Martin Willi [Wed, 27 Jun 2007 13:10:55 +0000 (13:10 -0000)]
further mobike improvements, regarding to NAT-T
Andreas Steffen [Wed, 27 Jun 2007 10:04:02 +0000 (10:04 -0000)]
cosmetics
Andreas Steffen [Wed, 27 Jun 2007 08:11:22 +0000 (08:11 -0000)]
recognize wildcard keyingtries=%forever
Andreas Steffen [Wed, 27 Jun 2007 08:11:08 +0000 (08:11 -0000)]
recognize wildcards right=%group and keyingtries=%forever
Andreas Steffen [Wed, 27 Jun 2007 07:36:44 +0000 (07:36 -0000)]
updated copyright statement
Andreas Steffen [Wed, 27 Jun 2007 07:25:19 +0000 (07:25 -0000)]
fixed distro and copyright information
Martin Willi [Tue, 26 Jun 2007 13:04:13 +0000 (13:04 -0000)]
simple roaming of the client works (not MOBIKE conform yet!)
Andreas Steffen [Tue, 26 Jun 2007 10:46:30 +0000 (10:46 -0000)]
use of the right=%<fqdn> wildcard
Martin Willi [Mon, 25 Jun 2007 13:26:02 +0000 (13:26 -0000)]
further fixed for mobike roaming
Andreas Steffen [Mon, 25 Jun 2007 11:28:39 +0000 (11:28 -0000)]
support of right=%<FQDN> wildcard
Andreas Steffen [Mon, 25 Jun 2007 09:06:13 +0000 (09:06 -0000)]
discarded unused functions
Andreas Steffen [Mon, 25 Jun 2007 07:10:23 +0000 (07:10 -0000)]
make starter behave more gracefully in the presence of non-fatal errors
Martin Willi [Thu, 21 Jun 2007 15:25:28 +0000 (15:25 -0000)]
further MOBIKE stuff:
kernel properly reports network reconfiguration and informs all IKE_SAs
MOBIKE in IKE_AUTH: MOBIKE_SUPPORTED notify and address exchange
reestablishment of IKE_SAs on network reconfiguration kinda works
not stable yet!
Martin Willi [Wed, 20 Jun 2007 10:12:11 +0000 (10:12 -0000)]
added MOBIKE rfc
Andreas Steffen [Wed, 20 Jun 2007 09:46:54 +0000 (09:46 -0000)]
IKEv1 rightallowany flag introduced
Martin Willi [Tue, 19 Jun 2007 07:56:28 +0000 (07:56 -0000)]
don't modify des/3des input key anymore
Martin Willi [Tue, 19 Jun 2007 06:20:33 +0000 (06:20 -0000)]
fixed virtua IP: adding virtual IP to interface address list cache directly
corrected debug targets
Andreas Steffen [Mon, 18 Jun 2007 20:07:47 +0000 (20:07 -0000)]
set nexthop to him when instantiating rightallowyes template with leftnexthop == right
Andreas Steffen [Mon, 18 Jun 2007 17:51:45 +0000 (17:51 -0000)]
support of right|leftallowany flag
Andreas Steffen [Mon, 18 Jun 2007 17:50:54 +0000 (17:50 -0000)]
added dynamic DNS scenarios
Martin Willi [Mon, 18 Jun 2007 10:32:01 +0000 (10:32 -0000)]
added extensions management to IKE_SA
fixed NATD payload (port) when using route lookup
Martin Willi [Mon, 18 Jun 2007 07:25:58 +0000 (07:25 -0000)]
source address lookup in kernel interface
use it for NAT detection if no source address known from config
support for %any...%any connections
Martin Willi [Mon, 18 Jun 2007 05:57:59 +0000 (05:57 -0000)]
support for left=%any change our address dynamically
Martin Willi [Mon, 18 Jun 2007 05:56:18 +0000 (05:56 -0000)]
increased receive buffer to handle more interfaces
Andreas Steffen [Sun, 17 Jun 2007 15:29:49 +0000 (15:29 -0000)]
eliminated nexthop
Andreas Steffen [Sat, 16 Jun 2007 20:22:05 +0000 (20:22 -0000)]
fixed typo
Andreas Steffen [Sat, 16 Jun 2007 20:21:14 +0000 (20:21 -0000)]
recognize strongswan-2.8.5 VID
Martin Willi [Fri, 15 Jun 2007 13:23:18 +0000 (13:23 -0000)]
implemented more flexible iterator hook API
kernel interface handles interface changes and updates address list
Martin Willi [Thu, 14 Jun 2007 15:16:15 +0000 (15:16 -0000)]
implemented address change notification (for MOBIKE)
implemented up to date address list cache to list interfaces
Martin Willi [Thu, 14 Jun 2007 08:44:19 +0000 (08:44 -0000)]
fixed memleak when initiating to %any
Martin Willi [Thu, 14 Jun 2007 08:17:23 +0000 (08:17 -0000)]
added missing files to the last commit
Martin Willi [Thu, 14 Jun 2007 08:13:05 +0000 (08:13 -0000)]
proper reauthentication:
IKE_SA is closed completely before the new is initiated,
resolves some issues when a dynamic IP is requested from a pool
Martin Willi [Thu, 14 Jun 2007 07:02:01 +0000 (07:02 -0000)]
case insensitive identification_t.equals() for FQDN and RFC822ADDR
Martin Willi [Mon, 11 Jun 2007 14:24:32 +0000 (14:24 -0000)]
ported interfaces to new threading functions (incomplete)
Martin Willi [Mon, 11 Jun 2007 12:21:12 +0000 (12:21 -0000)]
added setsid() to properly detach from console
Martin Willi [Mon, 11 Jun 2007 12:11:41 +0000 (12:11 -0000)]
documentation fixes and updates
Martin Willi [Mon, 11 Jun 2007 10:57:19 +0000 (10:57 -0000)]
introduced callback_job:
simple asynchronous method invocation
use daemons thread pool for all threads
proper cancellation and cleanups
cancellation mechanism to dynamically unload multithreaded code
unified event_queue and scheduler => scheduler
unified job_queue and thread_pool => processor
removed job_type_t, not really needed
fixes here, there and everywhere
Andreas Steffen [Sun, 10 Jun 2007 18:52:14 +0000 (18:52 -0000)]
removed all nexthop statements
Martin Willi [Fri, 8 Jun 2007 07:21:03 +0000 (07:21 -0000)]
disabling leak detective at runtime by setting LEAK_DETECTIVE_DISABLE env var
Andreas Steffen [Fri, 8 Jun 2007 07:11:06 +0000 (07:11 -0000)]
version bumps to linux 2.6.21.3 kernel and strongswan 4.1.4
Andreas Steffen [Fri, 8 Jun 2007 07:10:00 +0000 (07:10 -0000)]
added x as a wildcard for number of tests
Andreas Steffen [Fri, 8 Jun 2007 07:06:10 +0000 (07:06 -0000)]
pass eroutes now need explicit routes
Andreas Steffen [Fri, 8 Jun 2007 07:03:14 +0000 (07:03 -0000)]
no need for left|rightnexthop parameter any more
Andreas Steffen [Fri, 8 Jun 2007 07:01:17 +0000 (07:01 -0000)]
do not delete existing routes with NETKEY
Andreas Steffen [Wed, 6 Jun 2007 13:37:43 +0000 (13:37 -0000)]
_updown inserts routes only if a sourceip is defined
Andreas Steffen [Wed, 6 Jun 2007 13:30:27 +0000 (13:30 -0000)]
insert route only in case of sourceip
Andreas Steffen [Wed, 6 Jun 2007 13:16:48 +0000 (13:16 -0000)]
do not print nexthop in ipsec status[all]
Martin Willi [Wed, 6 Jun 2007 05:55:18 +0000 (05:55 -0000)]
included patch from Rene Mayrhofer to respect DESTDIR in make install
Andreas Steffen [Sat, 26 May 2007 19:07:39 +0000 (19:07 -0000)]
version bump to 4.1.4
Andreas Steffen [Sat, 26 May 2007 19:05:34 +0000 (19:05 -0000)]
version bump to 4.1.4
Andreas Steffen [Fri, 25 May 2007 14:04:39 +0000 (14:04 -0000)]
moved assignment of CERT_UNKNOWN
Andreas Steffen [Fri, 25 May 2007 11:42:00 +0000 (11:42 -0000)]
changed exceeded to reached
Andreas Steffen [Fri, 25 May 2007 11:41:06 +0000 (11:41 -0000)]
log trust pathlen
Andreas Steffen [Fri, 25 May 2007 11:33:49 +0000 (11:33 -0000)]
fixed html output
Andreas Steffen [Fri, 25 May 2007 11:17:16 +0000 (11:17 -0000)]
libfreeswan kernel header problem fixed
Andreas Steffen [Fri, 25 May 2007 11:10:35 +0000 (11:10 -0000)]
included a certificate label in the is_trusted() method
Martin Willi [Fri, 25 May 2007 11:06:03 +0000 (11:06 -0000)]
updated NEWS for 4.1.3
Andreas Steffen [Fri, 25 May 2007 09:29:10 +0000 (09:29 -0000)]
stop dave in posttest.dat
Andreas Steffen [Fri, 25 May 2007 09:23:24 +0000 (09:23 -0000)]
multi-level-ca-strict scenario added
Andreas Steffen [Fri, 25 May 2007 09:22:42 +0000 (09:22 -0000)]
virtual-ip-override scenario added
Andreas Steffen [Fri, 25 May 2007 09:22:08 +0000 (09:22 -0000)]
stop iptables on dave
Andreas Steffen [Fri, 25 May 2007 08:29:35 +0000 (08:29 -0000)]
DBG1 level now shows stepping up through the certifiate hierarchy up to the trust anchor