strongswan.git
11 years agodisconnecting interfaces properly on bridge destruction
Martin Willi [Sat, 5 Jul 2008 09:32:55 +0000 (09:32 -0000)]
disconnecting interfaces properly on bridge destruction

11 years agothrowing proper exeptions on errors, correct return values
Martin Willi [Fri, 4 Jul 2008 16:42:54 +0000 (16:42 -0000)]
throwing proper exeptions on errors, correct return values
mixin enumerable in classes/objects with .each

11 years agoprototype of irdumm - interactive ruby shell for dumm
Martin Willi [Fri, 4 Jul 2008 14:21:41 +0000 (14:21 -0000)]
prototype of irdumm - interactive ruby shell for dumm

11 years agosome stability improvements
Martin Willi [Fri, 4 Jul 2008 06:58:04 +0000 (06:58 -0000)]
some stability improvements

11 years agoreset version to 4.2.5
Andreas Steffen [Thu, 3 Jul 2008 16:43:18 +0000 (16:43 -0000)]
reset version to 4.2.5

11 years agoupdate NEWS with ip pool add-ons and fixes
Andreas Steffen [Thu, 3 Jul 2008 16:42:45 +0000 (16:42 -0000)]
update NEWS with ip pool add-ons and fixes

11 years agoipsec statusall displays dpd options
Andreas Steffen [Wed, 2 Jul 2008 10:48:57 +0000 (10:48 -0000)]
ipsec statusall displays dpd options

11 years agochanged medcli settings keys
Martin Willi [Wed, 2 Jul 2008 09:02:38 +0000 (09:02 -0000)]
changed medcli settings keys

11 years agosql plugin supports a list of pools to fall back, specified by e.g. rightsourceip...
Martin Willi [Wed, 2 Jul 2008 08:31:48 +0000 (08:31 -0000)]
sql plugin supports a list of pools to fall back, specified by e.g. rightsourceip=%pool1,pool2

11 years agousing token enumerator to parser plugin list
Martin Willi [Wed, 2 Jul 2008 08:19:43 +0000 (08:19 -0000)]
using token enumerator to parser plugin list

11 years agofixed another compiler warning
Martin Willi [Wed, 2 Jul 2008 08:16:43 +0000 (08:16 -0000)]
fixed another compiler warning

11 years agoimplementation of a simple "token enumerator"
Martin Willi [Wed, 2 Jul 2008 08:09:07 +0000 (08:09 -0000)]
implementation of a simple "token enumerator"

11 years agofixed compiler warning
Martin Willi [Wed, 2 Jul 2008 08:05:51 +0000 (08:05 -0000)]
fixed compiler warning
updated svn:ignore property

11 years agocheck if parsing of ipsec update was successful
Andreas Steffen [Wed, 2 Jul 2008 05:51:49 +0000 (05:51 -0000)]
check if parsing of ipsec update was successful

11 years agoadded simple ikev2/ip-two-pools scenario
Andreas Steffen [Tue, 1 Jul 2008 20:38:30 +0000 (20:38 -0000)]
added simple ikev2/ip-two-pools scenario

11 years agoadded ikev2/ip-two-pools-db scenario
Andreas Steffen [Tue, 1 Jul 2008 15:16:28 +0000 (15:16 -0000)]
added ikev2/ip-two-pools-db scenario

11 years agofixed medsrv database uri key
Martin Willi [Tue, 1 Jul 2008 13:57:47 +0000 (13:57 -0000)]
fixed medsrv database uri key

11 years agorenamed STROKE_DOWNSRCIP to STROKE_DOWN_SRCIP
Andreas Steffen [Tue, 1 Jul 2008 13:47:26 +0000 (13:47 -0000)]
renamed STROKE_DOWNSRCIP to STROKE_DOWN_SRCIP

11 years agoadded a "ipsec down-srcip <start> [<end>]" command to terminate IKE_SAs by remote...
Martin Willi [Tue, 1 Jul 2008 12:48:56 +0000 (12:48 -0000)]
added a "ipsec down-srcip <start> [<end>]" command to terminate IKE_SAs by remote virtual ip

11 years agologging peer addresses in peer_cfg lookup
Martin Willi [Tue, 1 Jul 2008 11:10:37 +0000 (11:10 -0000)]
logging peer addresses in peer_cfg lookup

11 years agoadded host match prio to debugging output
Martin Willi [Tue, 1 Jul 2008 11:01:27 +0000 (11:01 -0000)]
added host match prio to debugging output

11 years agopeer_cfg lookup takes peer addresses into account
Martin Willi [Tue, 1 Jul 2008 09:05:20 +0000 (09:05 -0000)]
peer_cfg lookup takes peer addresses into account

11 years agostrongswan.conf's charon.close_ike_on_child_failure closes IKE_SA if CHILD_SA setup...
Martin Willi [Tue, 1 Jul 2008 07:54:09 +0000 (07:54 -0000)]
strongswan.conf's charon.close_ike_on_child_failure closes IKE_SA if CHILD_SA setup in IKE_AUTH fails

11 years agowhitelisting leaks of ENGINE_load_builtin_engines
Martin Willi [Tue, 1 Jul 2008 07:53:03 +0000 (07:53 -0000)]
whitelisting leaks of ENGINE_load_builtin_engines

11 years agosending INTERNAL_ADDRESS_FAILURE if virtual IP requested but none found
Martin Willi [Tue, 1 Jul 2008 06:36:52 +0000 (06:36 -0000)]
sending INTERNAL_ADDRESS_FAILURE if virtual IP requested but none found

11 years agoshow authentication method in ipsec statusall
Andreas Steffen [Mon, 30 Jun 2008 17:08:47 +0000 (17:08 -0000)]
show authentication method in ipsec statusall

11 years agofixed chunk_increment, fixes reuse of already assigned addresses
Martin Willi [Mon, 30 Jun 2008 12:33:38 +0000 (12:33 -0000)]
fixed chunk_increment, fixes reuse of already assigned addresses

11 years agosqlite plugin requires libsqlite3 => 3.3.1 to share connections
Martin Willi [Mon, 30 Jun 2008 11:06:18 +0000 (11:06 -0000)]
sqlite plugin requires libsqlite3 => 3.3.1 to share connections
use recursive locking if libsqlite3 < 3.5.0

11 years agoadded strongswan.conf option charon.reuse_iksa=no to create each CHILD_SA in a new...
Martin Willi [Mon, 30 Jun 2008 08:45:11 +0000 (08:45 -0000)]
added strongswan.conf option charon.reuse_iksa=no to create each CHILD_SA in a new IKE_SA

11 years agoadded sql/rw-eap-aka-rsa scenario
Andreas Steffen [Mon, 30 Jun 2008 07:24:55 +0000 (07:24 -0000)]
added sql/rw-eap-aka-rsa scenario

11 years agoconfigure plugin path in scripts
Andreas Steffen [Sun, 29 Jun 2008 14:43:50 +0000 (14:43 -0000)]
configure plugin path in scripts

11 years agocreated scripts/Makefile.am
Andreas Steffen [Sun, 29 Jun 2008 13:57:00 +0000 (13:57 -0000)]
created scripts/Makefile.am

11 years agolog received vendor id as a hex value
Andreas Steffen [Fri, 27 Jun 2008 17:11:54 +0000 (17:11 -0000)]
log received vendor id as a hex value

11 years agocorrected vendor_id_payload diagram
Andreas Steffen [Fri, 27 Jun 2008 15:22:27 +0000 (15:22 -0000)]
corrected vendor_id_payload diagram

11 years agocorrected some NEWS entries
Andreas Steffen [Thu, 26 Jun 2008 13:50:54 +0000 (13:50 -0000)]
corrected some NEWS entries

11 years agocorrected description of openssl/ike-alg-ecp-high scenario
Andreas Steffen [Thu, 26 Jun 2008 13:49:48 +0000 (13:49 -0000)]
corrected description of openssl/ike-alg-ecp-high scenario

11 years agoversion bump to 4.2.5
Andreas Steffen [Thu, 26 Jun 2008 09:59:55 +0000 (09:59 -0000)]
version bump to 4.2.5

11 years agocheck migration of ESP sequence numbers in MOBIKE scenarios 4.2.4
Andreas Steffen [Thu, 26 Jun 2008 09:46:23 +0000 (09:46 -0000)]
check migration of ESP sequence numbers in MOBIKE scenarios

11 years agouse ip xfrm with the detailed -s option
Andreas Steffen [Thu, 26 Jun 2008 09:41:22 +0000 (09:41 -0000)]
use ip xfrm with the detailed -s option

11 years agoike/kernel protocol identifier conversion functions
Martin Willi [Thu, 26 Jun 2008 08:59:39 +0000 (08:59 -0000)]
ike/kernel protocol identifier conversion functions

11 years agomention ESP sequence number updates
Andreas Steffen [Thu, 26 Jun 2008 08:44:59 +0000 (08:44 -0000)]
mention ESP sequence number updates

11 years agofixed ifndef typo for MYSQL_DATA_TRUNCATED check
Martin Willi [Thu, 26 Jun 2008 07:31:52 +0000 (07:31 -0000)]
fixed ifndef typo for MYSQL_DATA_TRUNCATED check

11 years agofixed plugin loader destruction
Martin Willi [Wed, 25 Jun 2008 14:53:49 +0000 (14:53 -0000)]
fixed plugin loader destruction

11 years agoenabling support for hardware accelerators in OpenSSL
Tobias Brunner [Wed, 25 Jun 2008 12:39:32 +0000 (12:39 -0000)]
enabling support for hardware accelerators in OpenSSL

11 years agoflushing task_manager on shutdown while IKE_SA is usable
Martin Willi [Wed, 25 Jun 2008 11:40:50 +0000 (11:40 -0000)]
flushing task_manager on shutdown while IKE_SA is usable

11 years agoupdated NEWS for the imminent 4.2.4 release
Andreas Steffen [Wed, 25 Jun 2008 08:41:16 +0000 (08:41 -0000)]
updated NEWS for the imminent 4.2.4 release

11 years agomerging the ESP sequence numbers of an SA in update_sa (fixing #52)
Tobias Brunner [Tue, 24 Jun 2008 15:35:09 +0000 (15:35 -0000)]
merging the ESP sequence numbers of an SA in update_sa (fixing #52)

11 years agoreintroducing MYSQL_DATA_TRUNCATED if supported on that mysql version
Martin Willi [Tue, 24 Jun 2008 14:30:14 +0000 (14:30 -0000)]
reintroducing MYSQL_DATA_TRUNCATED if supported on that mysql version

11 years agoupdated location of auth_class_t
Martin Willi [Tue, 24 Jun 2008 13:36:10 +0000 (13:36 -0000)]
updated location of auth_class_t

11 years agoenumerating loaded plugins in "ipsec statusall"
Martin Willi [Tue, 24 Jun 2008 12:49:04 +0000 (12:49 -0000)]
enumerating loaded plugins in "ipsec statusall"

11 years agochanged ipsec.secrets keyword EC to ECDSA
Tobias Brunner [Tue, 24 Jun 2008 06:57:47 +0000 (06:57 -0000)]
changed ipsec.secrets keyword EC to ECDSA

11 years agocosmetics
Andreas Steffen [Mon, 23 Jun 2008 09:08:49 +0000 (09:08 -0000)]
cosmetics

11 years agofixed "double-close" of stroke fd resulting in "bad fd" errors if multiple threads...
Martin Willi [Mon, 23 Jun 2008 08:53:37 +0000 (08:53 -0000)]
fixed "double-close" of stroke fd resulting in "bad fd" errors if multiple threads are active

11 years agofixed medsrv mysql scheme
Martin Willi [Mon, 23 Jun 2008 08:30:57 +0000 (08:30 -0000)]
fixed medsrv mysql scheme

11 years agoresolving hosts before route
Martin Willi [Mon, 23 Jun 2008 08:30:35 +0000 (08:30 -0000)]
resolving hosts before route

11 years agoset version to 4.2.4
Andreas Steffen [Sun, 22 Jun 2008 18:08:37 +0000 (18:08 -0000)]
set version to 4.2.4

11 years agogenerate CRL for strongSwan EC Root CA
Andreas Steffen [Sun, 22 Jun 2008 17:56:42 +0000 (17:56 -0000)]
generate CRL for strongSwan EC Root CA

11 years agosupport of ECDSA signatures for all certificate types
Andreas Steffen [Sun, 22 Jun 2008 17:41:07 +0000 (17:41 -0000)]
support of ECDSA signatures for all certificate types

11 years agoadded openssl/ecdsa-certs scenario
Andreas Steffen [Sun, 22 Jun 2008 16:54:45 +0000 (16:54 -0000)]
added openssl/ecdsa-certs scenario

11 years agoadded strongSwan EC Root CA
Andreas Steffen [Sun, 22 Jun 2008 16:41:00 +0000 (16:41 -0000)]
added strongSwan EC Root CA

11 years agoremove ikev2/nat-pf scenario
Andreas Steffen [Sun, 22 Jun 2008 11:41:49 +0000 (11:41 -0000)]
remove ikev2/nat-pf scenario

11 years agocheck for selected IKE proposal
Andreas Steffen [Sun, 22 Jun 2008 11:26:37 +0000 (11:26 -0000)]
check for selected IKE proposal

11 years agodisplay selected IKE proposal in ipsec statusall
Andreas Steffen [Sun, 22 Jun 2008 11:24:33 +0000 (11:24 -0000)]
display selected IKE proposal in ipsec statusall

11 years agoremoved ikev2/nat-double-snat scenario
Andreas Steffen [Sat, 21 Jun 2008 13:45:54 +0000 (13:45 -0000)]
removed ikev2/nat-double-snat scenario

11 years agoused ipsec pool --leases --filter option in evaltest.dat
Andreas Steffen [Sat, 21 Jun 2008 13:31:54 +0000 (13:31 -0000)]
used ipsec pool --leases --filter option in evaltest.dat

11 years agoadapted evaltest.dat to modified RSA signature debug output
Andreas Steffen [Sat, 21 Jun 2008 13:30:24 +0000 (13:30 -0000)]
adapted evaltest.dat to modified RSA signature debug output

11 years agoadded strongswan.conf with plugin list
Andreas Steffen [Sat, 21 Jun 2008 13:24:49 +0000 (13:24 -0000)]
added strongswan.conf with plugin list

11 years agotest ipsec pool --del option
Andreas Steffen [Sat, 21 Jun 2008 13:19:58 +0000 (13:19 -0000)]
test ipsec pool --del option

11 years agoadapted evaltest.dat to modified RSA signature debug output
Andreas Steffen [Sat, 21 Jun 2008 13:19:13 +0000 (13:19 -0000)]
adapted evaltest.dat to modified RSA signature debug output

11 years agopublic key operations using the OpenSSL library require the pubkey plugin
Andreas Steffen [Sat, 21 Jun 2008 13:16:17 +0000 (13:16 -0000)]
public key operations using the OpenSSL library require the pubkey plugin

11 years agoadded missing medsrv script.js to dist
Martin Willi [Fri, 20 Jun 2008 08:47:06 +0000 (08:47 -0000)]
added missing medsrv script.js to dist

11 years agoincluding sys/queue.h to support TAILQ_LAST() macro
Martin Willi [Fri, 20 Jun 2008 08:17:03 +0000 (08:17 -0000)]
including sys/queue.h to support TAILQ_LAST() macro

11 years agoshipping own linux/types.h for introduced __be32 in linux/xfrm.h
Martin Willi [Fri, 20 Jun 2008 08:15:38 +0000 (08:15 -0000)]
shipping own linux/types.h for introduced __be32 in linux/xfrm.h

11 years agocompatibility fix for other shells than bash >= 3.1
Martin Willi [Fri, 20 Jun 2008 07:56:01 +0000 (07:56 -0000)]
compatibility fix for other shells than bash >= 3.1

11 years agoremoved unused MYSQL_DATA_TRUNCATED check for compatibility with older mysql versions
Martin Willi [Fri, 20 Jun 2008 07:37:55 +0000 (07:37 -0000)]
removed unused MYSQL_DATA_TRUNCATED check for compatibility with older mysql versions

11 years agosupport in smp for terminate-by-name
Martin Willi [Fri, 20 Jun 2008 07:14:35 +0000 (07:14 -0000)]
support in smp for terminate-by-name

11 years agofixed identation
Martin Willi [Thu, 19 Jun 2008 11:50:13 +0000 (11:50 -0000)]
fixed identation

11 years agomedcli initiates "active" connections on startup
Martin Willi [Thu, 19 Jun 2008 11:09:48 +0000 (11:09 -0000)]
medcli initiates "active" connections on startup

11 years agomedcli plugin writes connection status to database
Martin Willi [Thu, 19 Jun 2008 08:46:34 +0000 (08:46 -0000)]
medcli plugin writes connection status to database

11 years agofixed UCI default proposals
Martin Willi [Wed, 18 Jun 2008 13:32:23 +0000 (13:32 -0000)]
fixed UCI default proposals

11 years agosupport for more config options in UCI plugin
Martin Willi [Wed, 18 Jun 2008 08:50:32 +0000 (08:50 -0000)]
support for more config options in UCI plugin

11 years agofirst simple prototype of a UCI configuration plugin for OpenWRT
Martin Willi [Tue, 17 Jun 2008 14:17:51 +0000 (14:17 -0000)]
first simple prototype of a UCI configuration plugin for OpenWRT

11 years agodo not use self-installed route for IKE if routing table is 0
Martin Willi [Tue, 17 Jun 2008 08:04:12 +0000 (08:04 -0000)]
do not use self-installed route for IKE if routing table is 0

11 years agoscepclient requires libcrypto to build
Martin Willi [Mon, 16 Jun 2008 07:10:48 +0000 (07:10 -0000)]
scepclient requires libcrypto to build

11 years agofixed matches() check for RFC822/FQDN without wildcards
Martin Willi [Fri, 13 Jun 2008 15:10:01 +0000 (15:10 -0000)]
fixed matches() check for RFC822/FQDN without wildcards

11 years agoimplemented identification_t.match() case insensitive for RFC822/FQDN
Martin Willi [Thu, 12 Jun 2008 14:17:37 +0000 (14:17 -0000)]
implemented identification_t.match() case insensitive for RFC822/FQDN

11 years agoadded %P printf handler for poposal_t
Martin Willi [Thu, 12 Jun 2008 11:42:19 +0000 (11:42 -0000)]
added %P printf handler for poposal_t
added some proposal selection debugging code

11 years agoadded mediation server web frontend
Martin Willi [Wed, 11 Jun 2008 14:13:24 +0000 (14:13 -0000)]
added mediation server web frontend
updated charons medsrv plugin to updated database scheme

11 years agopassing controller arguments to filter, not controller itself
Martin Willi [Wed, 11 Jun 2008 14:11:01 +0000 (14:11 -0000)]
passing controller arguments to filter, not controller itself

11 years agoloading PEM encoded public keys
Martin Willi [Wed, 11 Jun 2008 14:10:02 +0000 (14:10 -0000)]
loading PEM encoded public keys

11 years agoreduced default debug hook verbosity
Martin Willi [Wed, 11 Jun 2008 14:09:46 +0000 (14:09 -0000)]
reduced default debug hook verbosity

11 years agofixed compile error of medsrv plugin
Martin Willi [Wed, 11 Jun 2008 07:45:25 +0000 (07:45 -0000)]
fixed compile error of medsrv plugin

11 years agofixed resolving numerical IPv6 addresses in host_create_from_dns()
Martin Willi [Wed, 11 Jun 2008 07:44:23 +0000 (07:44 -0000)]
fixed resolving numerical IPv6 addresses in host_create_from_dns()

11 years agofixed resolving numerical addresses in host_create_from_dns()
Martin Willi [Wed, 11 Jun 2008 07:31:24 +0000 (07:31 -0000)]
fixed resolving numerical addresses in host_create_from_dns()

11 years agomake config_auth_method_t backward compatible to existing sql templates
Andreas Steffen [Tue, 10 Jun 2008 20:31:53 +0000 (20:31 -0000)]
make config_auth_method_t backward compatible to existing sql templates

11 years agofixed compile error in smp plugin
Martin Willi [Tue, 10 Jun 2008 11:29:46 +0000 (11:29 -0000)]
fixed compile error in smp plugin

11 years agorefactoring
Tobias Brunner [Tue, 10 Jun 2008 09:19:18 +0000 (09:19 -0000)]
refactoring

11 years agoECDSA with OpenSSL
Tobias Brunner [Tue, 10 Jun 2008 09:08:27 +0000 (09:08 -0000)]
ECDSA with OpenSSL

11 years agoparsing of subjectPublicKeyInfo of x509 certificates extracted
Tobias Brunner [Tue, 10 Jun 2008 09:00:42 +0000 (09:00 -0000)]
parsing of subjectPublicKeyInfo of x509 certificates extracted

11 years agoadded strongswan.conf option "routing_table" and "routing_table_prio"
Martin Willi [Tue, 10 Jun 2008 07:51:21 +0000 (07:51 -0000)]
added strongswan.conf option "routing_table" and "routing_table_prio"