strongswan.git
12 years agolist CA restrictions in ipsec statusall
Andreas Steffen [Mon, 25 Aug 2008 12:35:18 +0000 (12:35 -0000)]
list CA restrictions in ipsec statusall

12 years agoadded NM gnome plugin to distribution
Martin Willi [Mon, 25 Aug 2008 08:21:51 +0000 (08:21 -0000)]
added NM gnome plugin to distribution

12 years agoremoved generated Makefile.in.in from svn
Martin Willi [Mon, 25 Aug 2008 08:15:57 +0000 (08:15 -0000)]
removed generated Makefile.in.in from svn

12 years agoenforce DN of configured gateway certificate
Martin Willi [Mon, 25 Aug 2008 07:50:21 +0000 (07:50 -0000)]
enforce DN of configured gateway certificate

12 years agonew EAP-Identity handling uses ID_EAP in plugins
Martin Willi [Mon, 25 Aug 2008 07:49:48 +0000 (07:49 -0000)]
new EAP-Identity handling uses ID_EAP in plugins

12 years agodisabled PSK option until we have a way to enforce strong secrets
Martin Willi [Mon, 25 Aug 2008 07:48:11 +0000 (07:48 -0000)]
disabled PSK option until we have a way to enforce strong secrets

12 years agouse username part of RFC822 IDs for PAM authentication
Martin Willi [Mon, 25 Aug 2008 07:47:16 +0000 (07:47 -0000)]
use username part of RFC822 IDs for PAM authentication

12 years agoported parts of two-sim branch
Martin Willi [Fri, 22 Aug 2008 10:44:51 +0000 (10:44 -0000)]
ported parts of two-sim branch
eap_identity parameter to exchange in eap_identity
some auth_info/peer_cfg refactorings
fixed some bugs, introduced new ones

12 years agorun guests with some niceness
Martin Willi [Fri, 22 Aug 2008 08:37:15 +0000 (08:37 -0000)]
run guests with some niceness

12 years agopool names are unique
Martin Willi [Fri, 22 Aug 2008 07:38:59 +0000 (07:38 -0000)]
pool names are unique

12 years agodo not return IPv6 src addresses for IPv4 destinations
Martin Willi [Thu, 21 Aug 2008 15:17:45 +0000 (15:17 -0000)]
do not return IPv6 src addresses for IPv4 destinations

12 years agofixed EAP-GTC secret lookup
Martin Willi [Thu, 21 Aug 2008 14:40:03 +0000 (14:40 -0000)]
fixed EAP-GTC secret lookup
improved error logging
PAM authentication needs CAP_AUDIT_WRITE capability

12 years agoa (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM
Martin Willi [Thu, 21 Aug 2008 12:10:07 +0000 (12:10 -0000)]
a (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM

12 years agocorrected caption
Andreas Steffen [Thu, 21 Aug 2008 11:58:58 +0000 (11:58 -0000)]
corrected caption

12 years agocharon.process_route = no does not process RTM_NEWROUTE and RTM_DELROUTE events....
Andreas Steffen [Thu, 21 Aug 2008 11:55:16 +0000 (11:55 -0000)]
charon.process_route = no does not process RTM_NEWROUTE and RTM_DELROUTE events. Useful for taking down hundreds of virtual IPs on the same host

12 years agoadded sqlite busy handler: retries on locking conflicts
Martin Willi [Thu, 21 Aug 2008 09:25:06 +0000 (09:25 -0000)]
added sqlite busy handler: retries on locking conflicts

12 years agoavoid too many alloca()s in netlink send, problematic on MIPS
Martin Willi [Thu, 21 Aug 2008 07:55:16 +0000 (07:55 -0000)]
avoid too many alloca()s in netlink send, problematic on MIPS

12 years agosome string fixes
Martin Willi [Wed, 20 Aug 2008 13:59:37 +0000 (13:59 -0000)]
some string fixes

12 years agoadded missing tooltip
Martin Willi [Wed, 20 Aug 2008 12:02:53 +0000 (12:02 -0000)]
added missing tooltip

12 years agohandle DBUS permission problems gracefully
Martin Willi [Wed, 20 Aug 2008 11:44:47 +0000 (11:44 -0000)]
handle DBUS permission problems gracefully

12 years agofixed shared key lookup by ID
Martin Willi [Wed, 20 Aug 2008 08:51:18 +0000 (08:51 -0000)]
fixed shared key lookup by ID
proper auth method selection

12 years agofixed auth-dialog password flush
Martin Willi [Wed, 20 Aug 2008 08:49:47 +0000 (08:49 -0000)]
fixed auth-dialog password flush

12 years agoset version back to 4.2.6
Andreas Steffen [Tue, 19 Aug 2008 18:53:15 +0000 (18:53 -0000)]
set version back to 4.2.6

12 years agofixed libstrongswan integrity test
Andreas Steffen [Tue, 19 Aug 2008 18:51:30 +0000 (18:51 -0000)]
fixed libstrongswan integrity test

12 years agocertificate based gateway authentication
Martin Willi [Tue, 19 Aug 2008 15:19:45 +0000 (15:19 -0000)]
certificate based gateway authentication
prototype PSK user authentication with auth-dialog

12 years agoupdated nm plugin to NetworkManager API changes
Martin Willi [Mon, 18 Aug 2008 11:59:19 +0000 (11:59 -0000)]
updated nm plugin to NetworkManager API changes

12 years agoroam jobs for routing table changes not fired for virtual IP routes
Martin Willi [Mon, 18 Aug 2008 11:07:26 +0000 (11:07 -0000)]
roam jobs for routing table changes not fired for virtual IP routes

12 years agodo not fire a roam job when virtual IP is deleted
Andreas Steffen [Fri, 15 Aug 2008 19:15:52 +0000 (19:15 -0000)]
do not fire a roam job when virtual IP is deleted

12 years agotemporary workaround to prevent roam jobs due to virtual IP installations
Andreas Steffen [Mon, 11 Aug 2008 19:04:48 +0000 (19:04 -0000)]
temporary workaround to prevent roam jobs due to virtual IP installations

12 years agocorrected typo
Andreas Steffen [Mon, 11 Aug 2008 18:40:22 +0000 (18:40 -0000)]
corrected typo

12 years ago * ruby extension extracted from irdumm
Tobias Brunner [Thu, 7 Aug 2008 14:56:54 +0000 (14:56 -0000)]
 * ruby extension extracted from irdumm
 * guests do not shutdown anymore on SIGINT in irb

12 years agoadded ipv6/net2net-ip6-in-ip6-ikev2 scenario
Andreas Steffen [Wed, 6 Aug 2008 20:40:14 +0000 (20:40 -0000)]
added ipv6/net2net-ip6-in-ip6-ikev2 scenario

12 years agoadd additional scenario diagrams
Andreas Steffen [Wed, 6 Aug 2008 20:35:42 +0000 (20:35 -0000)]
add additional scenario diagrams

12 years agoadded missing cleanup on failure
Tobias Brunner [Wed, 6 Aug 2008 07:31:26 +0000 (07:31 -0000)]
added missing cleanup on failure

12 years agoinitiator sends contents of rightca= if present as a certificate request without...
Andreas Steffen [Tue, 5 Aug 2008 09:05:57 +0000 (09:05 -0000)]
initiator sends contents of rightca= if present as a certificate request without searching for further CA certificates

12 years agofixed improper TAILQ fix which caused pluto to segfault
Andreas Steffen [Sun, 3 Aug 2008 18:01:21 +0000 (18:01 -0000)]
fixed improper TAILQ fix which caused pluto to segfault

12 years agocorrected caption
Andreas Steffen [Fri, 1 Aug 2008 12:59:08 +0000 (12:59 -0000)]
corrected caption

12 years agoRedhat/Fedora requires var/lock/subsys/ipsec for runlevel changes
Andreas Steffen [Fri, 1 Aug 2008 12:04:35 +0000 (12:04 -0000)]
Redhat/Fedora requires var/lock/subsys/ipsec for runlevel changes

12 years agoipsec starter gives the charon daemon 8s to terminate gracefully before killing the...
Andreas Steffen [Fri, 1 Aug 2008 10:35:59 +0000 (10:35 -0000)]
ipsec starter gives the charon daemon 8s to terminate gracefully before killing the process brutally

12 years agofixed the close_peerlog() bug causing ipsec pluto --help to segfault
Andreas Steffen [Fri, 1 Aug 2008 10:12:33 +0000 (10:12 -0000)]
fixed the close_peerlog() bug causing ipsec pluto --help to segfault

12 years agoconfiguration plugin for NetworkManager
Martin Willi [Thu, 31 Jul 2008 15:07:52 +0000 (15:07 -0000)]
configuration plugin for NetworkManager

12 years agoadded options for virtual IP, UDP encapsulation, IPComp
Martin Willi [Thu, 31 Jul 2008 14:32:11 +0000 (14:32 -0000)]
added options for virtual IP, UDP encapsulation, IPComp
proper handling of libstrongswan/glib TRUE/FALSE conflict

12 years agoexec on a guest now returns the return value of the executed process
Tobias Brunner [Thu, 31 Jul 2008 12:59:59 +0000 (12:59 -0000)]
exec on a guest now returns the return value of the executed process

12 years agoreimplemented dbus plugin for NetworkManager 0.7, renamed to nm
Martin Willi [Thu, 31 Jul 2008 11:16:14 +0000 (11:16 -0000)]
reimplemented dbus plugin for NetworkManager 0.7, renamed to nm

12 years agorecreating FIFO if it exists
Martin Willi [Thu, 31 Jul 2008 09:04:54 +0000 (09:04 -0000)]
recreating FIFO if it exists

12 years agofixed usage typo
Martin Willi [Thu, 31 Jul 2008 09:01:56 +0000 (09:01 -0000)]
fixed usage typo

12 years agoincreased stroke socket backlog to 10
Martin Willi [Wed, 30 Jul 2008 14:17:05 +0000 (14:17 -0000)]
increased stroke socket backlog to 10

12 years agousing a entry cache for duplicate checks, avoids deadlocks
Martin Willi [Wed, 30 Jul 2008 14:15:08 +0000 (14:15 -0000)]
using a entry cache for duplicate checks, avoids deadlocks

12 years agouse condvar broadcasts to signal threads waiting for an IP, there might be more than one
Martin Willi [Wed, 30 Jul 2008 13:19:12 +0000 (13:19 -0000)]
use condvar broadcasts to signal threads waiting for an IP, there might be more than one

12 years agothe list of addresses on the interface of a guest is not cached anymore, but queried...
Tobias Brunner [Wed, 30 Jul 2008 13:15:18 +0000 (13:15 -0000)]
the list of addresses on the interface of a guest is not cached anymore, but queried directly from the interface

12 years ago* Guest#exec uses the new exec_str function
Tobias Brunner [Wed, 30 Jul 2008 13:01:04 +0000 (13:01 -0000)]
* Guest#exec uses the new exec_str function
* tab completion in irdumm enabled

12 years agoadded an extended exec function to guests that allows to get the output of the comman...
Tobias Brunner [Wed, 30 Jul 2008 12:58:45 +0000 (12:58 -0000)]
added an extended exec function to guests that allows to get the output of the command as string or by line.

12 years agousing shared read locks in credential set enumerators to avoid deadlocks
Martin Willi [Wed, 30 Jul 2008 11:38:44 +0000 (11:38 -0000)]
using shared read locks in credential set enumerators to avoid deadlocks

12 years agoadded strongswan.conf option "charon.dos_protection" to disable cookies/aggressivenes...
Martin Willi [Wed, 30 Jul 2008 08:27:08 +0000 (08:27 -0000)]
added strongswan.conf option "charon.dos_protection" to disable cookies/aggressiveness check

12 years agoadded keyid2sql helper script
Andreas Steffen [Tue, 29 Jul 2008 19:46:39 +0000 (19:46 -0000)]
added keyid2sql helper script

12 years agostarter now waits for a maximum of 10s instead of 1s for charon before restarting...
Andreas Steffen [Tue, 29 Jul 2008 19:44:54 +0000 (19:44 -0000)]
starter now waits for a maximum of 10s instead of 1s for charon before restarting the daemon

12 years agodemoted IKE state change output to debug level 2
Andreas Steffen [Mon, 28 Jul 2008 14:01:45 +0000 (14:01 -0000)]
demoted IKE state change output to debug level 2

12 years agoignore AUTH_LIFETIME value if reauthentication has already been scheduled earlier
Andreas Steffen [Mon, 28 Jul 2008 13:53:04 +0000 (13:53 -0000)]
ignore AUTH_LIFETIME value if reauthentication has already been scheduled earlier

12 years agoswitched xterm console title
Martin Willi [Mon, 28 Jul 2008 13:10:34 +0000 (13:10 -0000)]
switched xterm console title

12 years agousing gnome-terminal in irdumm
Martin Willi [Mon, 28 Jul 2008 12:37:01 +0000 (12:37 -0000)]
using gnome-terminal in irdumm

12 years agoversion bump to 4.2.6
Andreas Steffen [Mon, 28 Jul 2008 09:14:07 +0000 (09:14 -0000)]
version bump to 4.2.6

12 years agouse XFRM_MSG_UPDPOLICY for existing policies only
Martin Willi [Mon, 28 Jul 2008 08:29:04 +0000 (08:29 -0000)]
use XFRM_MSG_UPDPOLICY for existing policies only

12 years agoupdated UML INSTALL information 4.2.5
Andreas Steffen [Fri, 25 Jul 2008 10:30:53 +0000 (10:30 -0000)]
updated UML INSTALL information

12 years agoadapted UML scenarios to improved virtual IP address pool
Andreas Steffen [Fri, 25 Jul 2008 10:18:23 +0000 (10:18 -0000)]
adapted UML scenarios to improved virtual IP address pool

12 years agoSQLite database template with improved address pool management
Andreas Steffen [Fri, 25 Jul 2008 08:02:53 +0000 (08:02 -0000)]
SQLite database template with improved address pool management

12 years agoadded changes for the 4.2.5 release
Andreas Steffen [Fri, 25 Jul 2008 08:00:04 +0000 (08:00 -0000)]
added changes for the 4.2.5 release

12 years agoadded tests.h to distribution
Martin Willi [Thu, 24 Jul 2008 12:48:36 +0000 (12:48 -0000)]
added tests.h to distribution

12 years agofixed UCI thread cancellation on ARM
Martin Willi [Thu, 24 Jul 2008 08:52:12 +0000 (08:52 -0000)]
fixed UCI thread cancellation on ARM

12 years agoadded option charon.plugins.sql.lease_history to disable lease history logging
Martin Willi [Thu, 24 Jul 2008 08:28:45 +0000 (08:28 -0000)]
added option charon.plugins.sql.lease_history to disable lease history logging

12 years agofixed statistic calcuation for static leases
Martin Willi [Thu, 24 Jul 2008 08:21:55 +0000 (08:21 -0000)]
fixed statistic calcuation for static leases

12 years agocompleted IKE_SA logging at the AUDIT level
Andreas Steffen [Wed, 23 Jul 2008 18:46:34 +0000 (18:46 -0000)]
completed IKE_SA logging at the AUDIT level

12 years agofixed pool statistics
Martin Willi [Wed, 23 Jul 2008 13:56:07 +0000 (13:56 -0000)]
fixed pool statistics

12 years agoIKE_SA rekeying inherits other_host from old IKE_SA
Andreas Steffen [Wed, 23 Jul 2008 07:44:26 +0000 (07:44 -0000)]
IKE_SA rekeying inherits other_host from old IKE_SA

12 years agocosmetics
Andreas Steffen [Wed, 23 Jul 2008 06:38:24 +0000 (06:38 -0000)]
cosmetics

12 years agostart default strongSwan UML topology
Andreas Steffen [Tue, 22 Jul 2008 17:21:01 +0000 (17:21 -0000)]
start default strongSwan UML topology

12 years agosome more changes to IKE_SA and CHILD_SA logging
Andreas Steffen [Tue, 22 Jul 2008 17:10:10 +0000 (17:10 -0000)]
some more changes to IKE_SA and CHILD_SA logging

12 years agoexperimental and untested reimplementation of sql based IP pool
Martin Willi [Tue, 22 Jul 2008 14:56:15 +0000 (14:56 -0000)]
experimental and untested reimplementation of sql based IP pool
uses address preallocation and separate address/lease tables for linear lookup time

12 years agocosmetics
Andreas Steffen [Tue, 22 Jul 2008 12:13:48 +0000 (12:13 -0000)]
cosmetics

12 years agoipsec status lists IPCOMP CPIs
Andreas Steffen [Tue, 22 Jul 2008 12:03:58 +0000 (12:03 -0000)]
ipsec status lists IPCOMP CPIs

12 years agoown CPI was not deleted due to copy-and-paste error
Andreas Steffen [Tue, 22 Jul 2008 10:53:56 +0000 (10:53 -0000)]
own CPI was not deleted due to copy-and-paste error

12 years agoconsistent logging of SPIs and CPIs
Andreas Steffen [Tue, 22 Jul 2008 10:16:45 +0000 (10:16 -0000)]
consistent logging of SPIs and CPIs

12 years agomissing FETCH_END caused SEGFAULT in ikev2/rw-hash-and-url scenario
Andreas Steffen [Tue, 22 Jul 2008 06:24:00 +0000 (06:24 -0000)]
missing FETCH_END caused SEGFAULT in ikev2/rw-hash-and-url scenario

12 years agodisplay protoport in dynamic/32 traffic selectors
Andreas Steffen [Mon, 21 Jul 2008 19:08:03 +0000 (19:08 -0000)]
display protoport in dynamic/32 traffic selectors

12 years agofixed bus args copy on non i386 archs
Martin Willi [Mon, 21 Jul 2008 14:23:43 +0000 (14:23 -0000)]
fixed bus args copy on non i386 archs

12 years agoconsistent logging of IKE and CHILD SAs
Andreas Steffen [Mon, 21 Jul 2008 12:47:59 +0000 (12:47 -0000)]
consistent logging of IKE and CHILD SAs

12 years agopool performance testing
Martin Willi [Mon, 21 Jul 2008 11:17:20 +0000 (11:17 -0000)]
pool performance testing

12 years agoloading unit-tester plugin as the last one
Martin Willi [Mon, 21 Jul 2008 11:16:07 +0000 (11:16 -0000)]
loading unit-tester plugin as the last one

12 years agoreverted bus to non-recursive mutex due instability
Martin Willi [Mon, 21 Jul 2008 11:15:16 +0000 (11:15 -0000)]
reverted bus to non-recursive mutex due instability

12 years agoadded a driver type getter for database implementations
Martin Willi [Mon, 21 Jul 2008 11:13:06 +0000 (11:13 -0000)]
added a driver type getter for database implementations

12 years agointroduced an additional bus->signal parameter for signal specific data
Martin Willi [Fri, 18 Jul 2008 15:51:40 +0000 (15:51 -0000)]
introduced an additional bus->signal parameter for signal specific data
added SIG_IKE/SIG_CHD macros for signal emitting

12 years agoremoved testing app, this is scriptable with irdumm now
Martin Willi [Fri, 18 Jul 2008 12:14:43 +0000 (12:14 -0000)]
removed testing app, this is scriptable with irdumm now

12 years agoallow but filter recursive listener invocation
Martin Willi [Fri, 18 Jul 2008 11:05:01 +0000 (11:05 -0000)]
allow but filter recursive listener invocation

12 years agofixed compiler warning
Martin Willi [Fri, 18 Jul 2008 10:54:49 +0000 (10:54 -0000)]
fixed compiler warning

12 years agoextended UCI plugin by a simple control interface using a fifo
Martin Willi [Fri, 18 Jul 2008 10:34:44 +0000 (10:34 -0000)]
extended UCI plugin by a simple control interface using a fifo

12 years agoeliminated bashisms in _updown scripts
Andreas Steffen [Fri, 18 Jul 2008 10:04:40 +0000 (10:04 -0000)]
eliminated bashisms in _updown scripts

12 years agoavoid heap allocation in bus->signal for performance reasons
Martin Willi [Thu, 17 Jul 2008 11:45:58 +0000 (11:45 -0000)]
avoid heap allocation in bus->signal for performance reasons

12 years agofixed potential segfault in resolve_hosts
Martin Willi [Thu, 17 Jul 2008 11:06:31 +0000 (11:06 -0000)]
fixed potential segfault in resolve_hosts

12 years agoignore IPCOMP acquires, fixes additional CHILD_SA setup with acquired SAs using compr...
Martin Willi [Thu, 17 Jul 2008 08:25:34 +0000 (08:25 -0000)]
ignore IPCOMP acquires, fixes additional CHILD_SA setup with acquired SAs using compression

12 years agodo not distinguish different policy protocols in userland cache
Martin Willi [Wed, 16 Jul 2008 12:33:19 +0000 (12:33 -0000)]
do not distinguish different policy protocols in userland cache

12 years agodo not complain about existing routes
Martin Willi [Wed, 16 Jul 2008 12:30:47 +0000 (12:30 -0000)]
do not complain about existing routes