strongswan.git
9 years agoIf a changed route has no src, try to find it via interface.
Tobias Brunner [Tue, 5 Oct 2010 16:41:06 +0000 (18:41 +0200)]
If a changed route has no src, try to find it via interface.

9 years agoGet source address from interface if the route does not provide one.
Tobias Brunner [Tue, 5 Oct 2010 07:36:31 +0000 (09:36 +0200)]
Get source address from interface if the route does not provide one.

9 years agoDo not update hosts based on retransmitted messages.
Tobias Brunner [Tue, 7 Sep 2010 09:52:16 +0000 (11:52 +0200)]
Do not update hosts based on retransmitted messages.

9 years agoDo not update remote host if we are behind a NAT.
Tobias Brunner [Tue, 7 Sep 2010 09:31:01 +0000 (11:31 +0200)]
Do not update remote host if we are behind a NAT.

9 years agoscenarios without RADIUS server can use default iptables script
Andreas Steffen [Mon, 11 Oct 2010 15:04:53 +0000 (17:04 +0200)]
scenarios without RADIUS server can use default iptables script

9 years agofixed some evaltest.dat files
Andreas Steffen [Mon, 11 Oct 2010 14:57:53 +0000 (16:57 +0200)]
fixed some evaltest.dat files

9 years agoadded ikev2/rw-eap-tnc-block scenario
Andreas Steffen [Mon, 11 Oct 2010 14:55:21 +0000 (16:55 +0200)]
added ikev2/rw-eap-tnc-block scenario

9 years agoadded eap-radius-filter_id option to strongswan.conf
Andreas Steffen [Mon, 11 Oct 2010 10:20:45 +0000 (12:20 +0200)]
added eap-radius-filter_id option to strongswan.conf

9 years agoupdated keyexchange entry in ipsec.conf.5 man page
Andreas Steffen [Mon, 11 Oct 2010 04:23:57 +0000 (06:23 +0200)]
updated keyexchange entry in ipsec.conf.5 man page

9 years agoupdated strongswan.conf
Andreas Steffen [Mon, 11 Oct 2010 04:12:26 +0000 (06:12 +0200)]
updated strongswan.conf

9 years agoexplicit ikev1 key exchange for ikev1/esp-alg-null scenario
Andreas Steffen [Sat, 9 Oct 2010 20:07:51 +0000 (22:07 +0200)]
explicit ikev1 key exchange for ikev1/esp-alg-null scenario

9 years agofixed typo
Andreas Steffen [Sat, 9 Oct 2010 20:05:26 +0000 (22:05 +0200)]
fixed typo

9 years ago*** HISTORICAL MOMENT: IKEv2 becomes the default! ***
Andreas Steffen [Sat, 9 Oct 2010 18:46:55 +0000 (20:46 +0200)]
*** HISTORICAL MOMENT: IKEv2 becomes the default! ***

9 years agodefine explicit IKEv1 key exchange mode II
Andreas Steffen [Sat, 9 Oct 2010 18:04:00 +0000 (20:04 +0200)]
define explicit IKEv1 key exchange mode II

9 years agouse DBG_TNC for TNC debugging output
Andreas Steffen [Sat, 9 Oct 2010 14:01:19 +0000 (16:01 +0200)]
use DBG_TNC for TNC debugging output

9 years agochanged filter attribute from access to allow
Andreas Steffen [Fri, 8 Oct 2010 23:01:19 +0000 (01:01 +0200)]
changed filter attribute from access to allow

9 years agoadded ikev2/rw-eap-tnc scenario
Andreas Steffen [Fri, 8 Oct 2010 22:59:31 +0000 (00:59 +0200)]
added ikev2/rw-eap-tnc scenario

9 years agoTNCCS debug cosmetics
Andreas Steffen [Fri, 8 Oct 2010 22:58:12 +0000 (00:58 +0200)]
TNCCS debug cosmetics

9 years agorevert to standard TNCC/TNCS Initialization function
Andreas Steffen [Fri, 8 Oct 2010 22:35:45 +0000 (00:35 +0200)]
revert to standard TNCC/TNCS Initialization function

9 years agoimplemented TNC isolation via group memberships
Andreas Steffen [Fri, 8 Oct 2010 22:34:53 +0000 (00:34 +0200)]
implemented TNC isolation via group memberships

9 years agoimplemented a makeshift non-scalable send buffer
Andreas Steffen [Fri, 8 Oct 2010 20:24:30 +0000 (22:24 +0200)]
implemented a makeshift non-scalable send buffer

9 years agoimc/imv cosmetics
Andreas Steffen [Fri, 8 Oct 2010 04:40:03 +0000 (06:40 +0200)]
imc/imv cosmetics

9 years agofixed notation
Andreas Steffen [Thu, 7 Oct 2010 21:34:37 +0000 (23:34 +0200)]
fixed notation

9 years agocreated tnc-imc and tnc-imv plugins
Andreas Steffen [Thu, 7 Oct 2010 21:31:23 +0000 (23:31 +0200)]
created tnc-imc and tnc-imv plugins

9 years agodeactivate start_phase2_tnc flag after start
Andreas Steffen [Thu, 7 Oct 2010 13:42:00 +0000 (15:42 +0200)]
deactivate start_phase2_tnc flag after start

9 years agoadded server side support for EAP-TNC
Andreas Steffen [Thu, 7 Oct 2010 13:02:36 +0000 (15:02 +0200)]
added server side support for EAP-TNC

9 years agoShow result of RADIUS authentication along with EAP identity
Martin Willi [Thu, 7 Oct 2010 09:13:48 +0000 (11:13 +0200)]
Show result of RADIUS authentication along with EAP identity

9 years agoadded --debug-tls to charon usage() function
Andreas Steffen [Thu, 7 Oct 2010 07:34:56 +0000 (09:34 +0200)]
added --debug-tls to charon usage() function

9 years agodefine explicit IKEv1 key exchange mode
Andreas Steffen [Thu, 7 Oct 2010 05:31:44 +0000 (07:31 +0200)]
define explicit IKEv1 key exchange mode

9 years agohost venus is used in ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Wed, 6 Oct 2010 08:38:18 +0000 (10:38 +0200)]
host venus is used in ikev2/rw-eap-tnc-radius scenario

9 years agoadded ikev2/rw-eap-tnc-radius-block scenario
Andreas Steffen [Wed, 6 Oct 2010 08:32:50 +0000 (10:32 +0200)]
added ikev2/rw-eap-tnc-radius-block scenario

9 years agoadded tnccs-11 plugin options to strongswan.conf
Andreas Steffen [Wed, 6 Oct 2010 05:53:50 +0000 (07:53 +0200)]
added tnccs-11 plugin options to strongswan.conf

9 years agoversion bump to 4.5.0dr5
Andreas Steffen [Wed, 6 Oct 2010 05:07:14 +0000 (07:07 +0200)]
version bump to 4.5.0dr5

9 years agoconfigure tnc_config path and preferred_language via strongswan.conf
Andreas Steffen [Tue, 5 Oct 2010 20:09:07 +0000 (22:09 +0200)]
configure tnc_config path and preferred_language via strongswan.conf

9 years agocreated hull for TNCCS 2.0 plugin
Andreas Steffen [Tue, 5 Oct 2010 19:15:24 +0000 (21:15 +0200)]
created hull for TNCCS 2.0 plugin

9 years agouse group membership to implement access/isolate redirection in filter-based TNC...
Andreas Steffen [Tue, 5 Oct 2010 18:40:36 +0000 (20:40 +0200)]
use group membership to implement access/isolate redirection in filter-based TNC scenario

9 years agofinal version of ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Tue, 5 Oct 2010 18:38:34 +0000 (20:38 +0200)]
final version of ikev2/rw-eap-tnc-radius scenario

9 years agofixed typo in image path
Andreas Steffen [Tue, 5 Oct 2010 07:09:58 +0000 (09:09 +0200)]
fixed typo in image path

9 years agomoved CHILD_SA selection out of attribute loop
Andreas Steffen [Tue, 5 Oct 2010 06:02:07 +0000 (08:02 +0200)]
moved CHILD_SA selection out of attribute loop

9 years agoreceive name of preferred CHILD_SA via RADIUS Filter-Id attribute
Andreas Steffen [Tue, 5 Oct 2010 05:58:07 +0000 (07:58 +0200)]
receive name of preferred CHILD_SA via RADIUS Filter-Id attribute

9 years agoupdated ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Tue, 5 Oct 2010 05:56:57 +0000 (07:56 +0200)]
updated ikev2/rw-eap-tnc-radius scenario

9 years agoset EAP-TTLS/TNC version also in acknowledgement packets
Andreas Steffen [Mon, 4 Oct 2010 12:39:49 +0000 (14:39 +0200)]
set EAP-TTLS/TNC version also in acknowledgement packets

9 years agoFixed status_t enum names definition
Martin Willi [Mon, 4 Oct 2010 08:47:30 +0000 (10:47 +0200)]
Fixed status_t enum names definition

9 years agoadded configuration files for dummyimc.so IMC
Andreas Steffen [Thu, 30 Sep 2010 22:14:44 +0000 (00:14 +0200)]
added configuration files for dummyimc.so IMC

9 years agoThe TNC@FHH TNC Serve does not like symbolic links
Andreas Steffen [Thu, 30 Sep 2010 21:35:24 +0000 (23:35 +0200)]
The TNC@FHH TNC Serve does not like symbolic links

9 years agoprint XML as plaintext and process recieved TNCCS Batch
Andreas Steffen [Thu, 30 Sep 2010 21:34:00 +0000 (23:34 +0200)]
print XML as plaintext and process recieved TNCCS Batch

9 years agoadded tnc_config files to TNC scenario
Andreas Steffen [Thu, 30 Sep 2010 10:42:18 +0000 (12:42 +0200)]
added tnc_config files to TNC scenario

9 years agostarted use of libtnc library
Andreas Steffen [Wed, 29 Sep 2010 21:24:59 +0000 (23:24 +0200)]
started use of libtnc library

9 years agoNOTIFY error message types include 16383
Andreas Steffen [Wed, 29 Sep 2010 17:01:36 +0000 (19:01 +0200)]
NOTIFY error message types include 16383

9 years agoadded NEWS for 4.5dr3
Andreas Steffen [Wed, 29 Sep 2010 05:14:52 +0000 (07:14 +0200)]
added NEWS for 4.5dr3

9 years agoversion bump to 4.5dr4
Andreas Steffen [Wed, 29 Sep 2010 05:14:33 +0000 (07:14 +0200)]
version bump to 4.5dr4

9 years agoload tnccs-11 plugin in ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Tue, 28 Sep 2010 21:52:59 +0000 (23:52 +0200)]
load tnccs-11 plugin in ikev2/rw-eap-tnc-radius scenario

9 years agomoved TNCCS layer out of eap_tnc plugin
Andreas Steffen [Tue, 28 Sep 2010 21:34:04 +0000 (23:34 +0200)]
moved TNCCS layer out of eap_tnc plugin

9 years agostop gateway after clients in order to check release of virtual IP
Andreas Steffen [Sun, 26 Sep 2010 09:31:39 +0000 (11:31 +0200)]
stop gateway after clients in order to check release of virtual IP

9 years agostop gateway after clients in order to check release of virtual IP
Andreas Steffen [Sun, 26 Sep 2010 08:58:28 +0000 (10:58 +0200)]
stop gateway after clients in order to check release of virtual IP

9 years agostop gateway after clients in order to check release of virtual IP
Andreas Steffen [Sun, 26 Sep 2010 08:35:12 +0000 (10:35 +0200)]
stop gateway after clients in order to check release of virtual IP

9 years agofixed release of virtual IP for XAUTH identities
Andreas Steffen [Sun, 26 Sep 2010 08:16:30 +0000 (10:16 +0200)]
fixed release of virtual IP for XAUTH identities

9 years agoinclude RFC 5998
Andreas Steffen [Mon, 20 Sep 2010 18:03:20 +0000 (20:03 +0200)]
include RFC 5998

9 years agodraft-ietf-ipsecme-eap-mutual will be released as RFC 5998.
Tobias Brunner [Thu, 16 Sep 2010 08:27:49 +0000 (10:27 +0200)]
draft-ietf-ipsecme-eap-mutual will be released as RFC 5998.

9 years agothe updated IKEv2 RFC 5996 has been released
Andreas Steffen [Wed, 15 Sep 2010 10:55:31 +0000 (12:55 +0200)]
the updated IKEv2 RFC 5996 has been released

9 years agoadded notify messages defined in RFC 5996
Andreas Steffen [Wed, 15 Sep 2010 10:48:58 +0000 (12:48 +0200)]
added notify messages defined in RFC 5996

9 years agoshow validity of OCSP responses
Andreas Steffen [Fri, 10 Sep 2010 20:14:12 +0000 (22:14 +0200)]
show validity of OCSP responses

9 years agoAdded missing options (corrected some default values).
Tobias Brunner [Fri, 10 Sep 2010 09:18:31 +0000 (11:18 +0200)]
Added missing options (corrected some default values).

9 years agoMoved load-tester configuration to a separate section.
Tobias Brunner [Fri, 10 Sep 2010 08:00:02 +0000 (10:00 +0200)]
Moved load-tester configuration to a separate section.

9 years agoAdded information about logger configuration.
Tobias Brunner [Thu, 9 Sep 2010 16:55:26 +0000 (18:55 +0200)]
Added information about logger configuration.

9 years agoMore information about IKEv2 retransmissions added.
Tobias Brunner [Thu, 9 Sep 2010 16:50:24 +0000 (18:50 +0200)]
More information about IKEv2 retransmissions added.

9 years agoAdding most of the strongswan.conf options from the wiki.
Tobias Brunner [Thu, 9 Sep 2010 16:49:04 +0000 (18:49 +0200)]
Adding most of the strongswan.conf options from the wiki.

9 years agoAdded strongswan.conf(5) stub.
Tobias Brunner [Thu, 9 Sep 2010 12:03:22 +0000 (14:03 +0200)]
Added strongswan.conf(5) stub.

9 years agoMoved man pages for config files to a separate directory.
Tobias Brunner [Thu, 9 Sep 2010 11:15:36 +0000 (13:15 +0200)]
Moved man pages for config files to a separate directory.

9 years agoversion bump to 4.5.0dr2
Andreas Steffen [Fri, 10 Sep 2010 05:37:28 +0000 (07:37 +0200)]
version bump to 4.5.0dr2

9 years agofixed memory leak
Andreas Steffen [Thu, 9 Sep 2010 19:38:22 +0000 (21:38 +0200)]
fixed memory leak

9 years agoCompare subject against all key identifiers in has_subject()
Martin Willi [Thu, 9 Sep 2010 15:40:16 +0000 (17:40 +0200)]
Compare subject against all key identifiers in has_subject()

9 years agohas_subject() now resolves ID_KEY_IDs
Andreas Steffen [Thu, 9 Sep 2010 15:14:06 +0000 (17:14 +0200)]
has_subject() now resolves ID_KEY_IDs

9 years agoDo not change cipherspec while we have buffered handshake fragments pending
Martin Willi [Thu, 9 Sep 2010 12:27:41 +0000 (14:27 +0200)]
Do not change cipherspec while we have buffered handshake fragments pending

9 years agoadded ikev1/net2net-same-nets scenario
Andreas Steffen [Thu, 9 Sep 2010 11:37:22 +0000 (13:37 +0200)]
added ikev1/net2net-same-nets scenario

9 years agoConditional exclusion of tls_test script completed.
Tobias Brunner [Thu, 9 Sep 2010 11:19:51 +0000 (13:19 +0200)]
Conditional exclusion of tls_test script completed.

9 years agoFixed typo.
Tobias Brunner [Thu, 9 Sep 2010 11:19:22 +0000 (13:19 +0200)]
Fixed typo.

9 years agodebug output of inbound and outbound TNCCS batches
Andreas Steffen [Thu, 9 Sep 2010 09:14:48 +0000 (11:14 +0200)]
debug output of inbound and outbound TNCCS batches

9 years agosupport non EAP-TTLS conformant RADIUS-type attribute segmentation
Andreas Steffen [Thu, 9 Sep 2010 09:13:48 +0000 (11:13 +0200)]
support non EAP-TTLS conformant RADIUS-type attribute segmentation

9 years agoFixed copy/paste error.
Tobias Brunner [Thu, 9 Sep 2010 08:10:43 +0000 (10:10 +0200)]
Fixed copy/paste error.

9 years agoadded explanatory comments
Andreas Steffen [Thu, 9 Sep 2010 06:57:13 +0000 (08:57 +0200)]
added explanatory comments

9 years agosend well-formed TNCCS-Batch
Andreas Steffen [Wed, 8 Sep 2010 11:44:34 +0000 (13:44 +0200)]
send well-formed TNCCS-Batch

9 years agomax max_message_count configurable and move it into tls_eap_t
Andreas Steffen [Wed, 8 Sep 2010 10:58:40 +0000 (12:58 +0200)]
max max_message_count configurable and move it into tls_eap_t

9 years agohandle TLS_PURPOSE_EAP_TNC
Andreas Steffen [Wed, 8 Sep 2010 10:11:44 +0000 (12:11 +0200)]
handle TLS_PURPOSE_EAP_TNC

9 years agoAdded a simple led plugin to control Linux LEDs based on IKE activity
Martin Willi [Wed, 8 Sep 2010 09:59:00 +0000 (11:59 +0200)]
Added a simple led plugin to control Linux LEDs based on IKE activity

9 years agomoved tls_t existance test into tls_eap_create() again
Andreas Steffen [Wed, 8 Sep 2010 09:09:11 +0000 (11:09 +0200)]
moved tls_t existance test into tls_eap_create() again

9 years agogeneralized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol
Andreas Steffen [Wed, 8 Sep 2010 09:01:47 +0000 (11:01 +0200)]
generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol

9 years agoRead the compression type byte for EC groups, only
Martin Willi [Wed, 8 Sep 2010 08:32:55 +0000 (10:32 +0200)]
Read the compression type byte for EC groups, only

9 years agoadded non-standard SERPENT and TWOFISH support to kernel_netlink plugin
Andreas Steffen [Wed, 8 Sep 2010 05:22:31 +0000 (07:22 +0200)]
added non-standard SERPENT and TWOFISH support to kernel_netlink plugin

9 years agoadded openssl-ikev2/rw-eap-tls-only scenario
Andreas Steffen [Tue, 7 Sep 2010 15:14:32 +0000 (17:14 +0200)]
added openssl-ikev2/rw-eap-tls-only scenario

9 years agoadded qcStatements OID
Andreas Steffen [Tue, 7 Sep 2010 09:17:51 +0000 (11:17 +0200)]
added qcStatements OID

9 years agoFixed typos
Martin Willi [Tue, 7 Sep 2010 08:24:40 +0000 (10:24 +0200)]
Fixed typos

9 years agoBuild tls_test script only if TLS stack is enabled
Martin Willi [Tue, 7 Sep 2010 08:21:44 +0000 (10:21 +0200)]
Build tls_test script only if TLS stack is enabled

9 years agoAdded PKCS#11 NEWS
Martin Willi [Tue, 7 Sep 2010 08:21:25 +0000 (10:21 +0200)]
Added PKCS#11 NEWS

9 years agoAdded (EAP-)TLS NEWS
Martin Willi [Tue, 7 Sep 2010 08:10:36 +0000 (10:10 +0200)]
Added (EAP-)TLS NEWS

9 years agoInclude ec_point_format extension in ClientHello
Martin Willi [Mon, 6 Sep 2010 16:51:38 +0000 (18:51 +0200)]
Include ec_point_format extension in ClientHello

9 years agoAdded TLS specific EC point formats
Martin Willi [Mon, 6 Sep 2010 16:42:43 +0000 (18:42 +0200)]
Added TLS specific EC point formats

9 years agoRenamed ecp_format to ansi_format, as point formats in TLS use different identifiers
Martin Willi [Mon, 6 Sep 2010 16:36:27 +0000 (18:36 +0200)]
Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers

9 years agoEnable the random plugin for scripts
Martin Willi [Mon, 6 Sep 2010 16:11:05 +0000 (18:11 +0200)]
Enable the random plugin for scripts

9 years agoAccept TLS records with zero-length plaintext
Martin Willi [Mon, 6 Sep 2010 15:04:59 +0000 (17:04 +0200)]
Accept TLS records with zero-length plaintext