strongswan.git
9 years agoUpdated Android.mk to latest Makefile.am.
Tobias Brunner [Thu, 21 Oct 2010 13:02:32 +0000 (15:02 +0200)]
Updated Android.mk to latest Makefile.am.

9 years agoAdded missing include for RAND_seed and RAND_status.
Tobias Brunner [Thu, 21 Oct 2010 12:16:09 +0000 (14:16 +0200)]
Added missing include for RAND_seed and RAND_status.

9 years agoSet ownership of all HA ClusterIP control files
Martin Willi [Wed, 20 Oct 2010 10:30:22 +0000 (12:30 +0200)]
Set ownership of all HA ClusterIP control files

9 years agoSet ownership/permissions of HA control socket
Martin Willi [Wed, 20 Oct 2010 10:29:45 +0000 (12:29 +0200)]
Set ownership/permissions of HA control socket

9 years agoChanged some minor stuff in ipsec.conf(5) man page.
Tobias Brunner [Tue, 19 Oct 2010 15:17:15 +0000 (17:17 +0200)]
Changed some minor stuff in ipsec.conf(5) man page.

Also added some "links" to strongswan.conf(5).

9 years agoAdded accepted values to all options in ipsec.conf(5) man page.
Tobias Brunner [Tue, 19 Oct 2010 15:16:07 +0000 (17:16 +0200)]
Added accepted values to all options in ipsec.conf(5) man page.

9 years agoRemoved unsupported options from ipsec.conf(5) man page.
Tobias Brunner [Tue, 19 Oct 2010 15:06:57 +0000 (17:06 +0200)]
Removed unsupported options from ipsec.conf(5) man page.

9 years agoFixed SEE ALSO references in main man pages.
Tobias Brunner [Tue, 19 Oct 2010 08:52:01 +0000 (10:52 +0200)]
Fixed SEE ALSO references in main man pages.

9 years agoAdded notes about expiry and rekey to ipsec.conf(5) man page.
Tobias Brunner [Tue, 19 Oct 2010 08:44:43 +0000 (10:44 +0200)]
Added notes about expiry and rekey to ipsec.conf(5) man page.

9 years agoPrefer the 'server identifier' attribute address to send DHCP requests to
Martin Willi [Mon, 18 Oct 2010 10:31:48 +0000 (12:31 +0200)]
Prefer the 'server identifier' attribute address to send DHCP requests to

9 years agoversion bump to 4.5.0rc2
Andreas Steffen [Sat, 16 Oct 2010 18:47:38 +0000 (20:47 +0200)]
version bump to 4.5.0rc2

9 years agodefine state_story for STATE_UNDEFINED
Andreas Steffen [Sat, 16 Oct 2010 14:15:10 +0000 (16:15 +0200)]
define state_story for STATE_UNDEFINED

9 years agoAdded some NEWS about Maemo, MOBIKE and the kernel interfaces.
Tobias Brunner [Fri, 15 Oct 2010 16:17:09 +0000 (18:17 +0200)]
Added some NEWS about Maemo, MOBIKE and the kernel interfaces.

9 years agoSome Doxygen fixes.
Tobias Brunner [Fri, 15 Oct 2010 16:14:48 +0000 (18:14 +0200)]
Some Doxygen fixes.

9 years agoMissed one unneeded destructor.
Tobias Brunner [Fri, 15 Oct 2010 15:33:57 +0000 (17:33 +0200)]
Missed one unneeded destructor.

9 years agoDeferred instantiation of socket implmentations until registration.
Tobias Brunner [Fri, 15 Oct 2010 15:24:23 +0000 (17:24 +0200)]
Deferred instantiation of socket implmentations until registration.

Instantiating the implementations on plugin load was problematic
in case multiple socket plugins were loaded. Now, the first one
registered is instantiated.

9 years agofix segfault when reading certificate from smartcard
Egbert Koening [Fri, 15 Oct 2010 09:09:24 +0000 (11:09 +0200)]
fix segfault when reading certificate from smartcard

9 years agoAdded some generated files to .gitignore.
Tobias Brunner [Fri, 15 Oct 2010 08:23:32 +0000 (10:23 +0200)]
Added some generated files to .gitignore.

9 years agoAdded NEWS about multiple RADIUS servers, LED plugin
Martin Willi [Fri, 15 Oct 2010 08:13:35 +0000 (10:13 +0200)]
Added NEWS about multiple RADIUS servers, LED plugin

9 years agoFixed IKEv2 RFC number in NEWS
Martin Willi [Fri, 15 Oct 2010 08:00:55 +0000 (10:00 +0200)]
Fixed IKEv2 RFC number in NEWS

9 years agoIKEv2 is now the default key exchange protocol
Andreas Steffen [Thu, 14 Oct 2010 19:28:05 +0000 (21:28 +0200)]
IKEv2 is now the default key exchange protocol

9 years agoadded TNC support to NEWS
Andreas Steffen [Thu, 14 Oct 2010 19:20:27 +0000 (21:20 +0200)]
added TNC support to NEWS

9 years agodo not send certificate requests in EAP-ONLY scenarios
Andreas Steffen [Thu, 14 Oct 2010 19:10:03 +0000 (21:10 +0200)]
do not send certificate requests in EAP-ONLY scenarios

9 years agosuport certificate-based client authentication with EAP-TTLS
Andreas Steffen [Thu, 14 Oct 2010 19:00:26 +0000 (21:00 +0200)]
suport certificate-based client authentication with EAP-TTLS

9 years agoadded ikev2/rw-eap-tnc-ls scenario
Andreas Steffen [Thu, 14 Oct 2010 18:55:21 +0000 (20:55 +0200)]
added ikev2/rw-eap-tnc-ls scenario

9 years agoMoved sources of the NetworkManager plugin to src/frontends.
Tobias Brunner [Thu, 14 Oct 2010 15:45:19 +0000 (17:45 +0200)]
Moved sources of the NetworkManager plugin to src/frontends.

9 years agoMaemo: Added a basic debian package for charon.
Tobias Brunner [Thu, 14 Oct 2010 15:33:42 +0000 (17:33 +0200)]
Maemo: Added a basic debian package for charon.

9 years agoAvoid recursive loop if no socket implementations are loaded.
Tobias Brunner [Thu, 14 Oct 2010 15:10:13 +0000 (17:10 +0200)]
Avoid recursive loop if no socket implementations are loaded.

9 years agoMaemo: Added a widget to "unselect" a certificate.
Tobias Brunner [Thu, 14 Oct 2010 15:01:08 +0000 (17:01 +0200)]
Maemo: Added a widget to "unselect" a certificate.

9 years agoAvoid duplicate certificates in mem_cred_t.
Tobias Brunner [Thu, 14 Oct 2010 13:25:57 +0000 (15:25 +0200)]
Avoid duplicate certificates in mem_cred_t.

9 years agoMaemo: Load CA certificates from system directories.
Tobias Brunner [Thu, 14 Oct 2010 13:00:19 +0000 (15:00 +0200)]
Maemo: Load CA certificates from system directories.

9 years agoMaemo: OK is default response in password dialog.
Tobias Brunner [Thu, 30 Sep 2010 13:22:59 +0000 (15:22 +0200)]
Maemo: OK is default response in password dialog.

9 years agoMaemo: Handle status changes from charon.
Tobias Brunner [Thu, 30 Sep 2010 11:50:28 +0000 (13:50 +0200)]
Maemo: Handle status changes from charon.

Use synchronous invocation for "Connect" again.

9 years agoMaemo: Track the status of the current SA and send changes to the frontend.
Tobias Brunner [Thu, 30 Sep 2010 11:46:50 +0000 (13:46 +0200)]
Maemo: Track the status of the current SA and send changes to the frontend.

9 years agoMaemo: Properly unregister the RPC callbacks.
Tobias Brunner [Thu, 30 Sep 2010 11:43:58 +0000 (13:43 +0200)]
Maemo: Properly unregister the RPC callbacks.

9 years agoMaemo: Plugin implements the listener_t interface.
Tobias Brunner [Fri, 24 Sep 2010 14:45:33 +0000 (16:45 +0200)]
Maemo: Plugin implements the listener_t interface.

9 years agoMaemo: Extracted most plugin code to a separate class, so we can use that as listener.
Tobias Brunner [Fri, 24 Sep 2010 14:37:18 +0000 (16:37 +0200)]
Maemo: Extracted most plugin code to a separate class, so we can use that as listener.

9 years agoMaemo: Initiate consumes a child_sa reference, so get an additional one.
Tobias Brunner [Fri, 24 Sep 2010 14:27:02 +0000 (16:27 +0200)]
Maemo: Initiate consumes a child_sa reference, so get an additional one.

9 years agoMaemo: Basic functionality added to notify the applet about status updates.
Tobias Brunner [Fri, 24 Sep 2010 14:15:04 +0000 (16:15 +0200)]
Maemo: Basic functionality added to notify the applet about status updates.

9 years agoMaemo: Clear the credentials before each connection attempt.
Tobias Brunner [Fri, 24 Sep 2010 12:37:11 +0000 (14:37 +0200)]
Maemo: Clear the credentials before each connection attempt.

9 years agoAdded function to clear all credentials from mem_cred_t.
Tobias Brunner [Fri, 24 Sep 2010 12:33:39 +0000 (14:33 +0200)]
Added function to clear all credentials from mem_cred_t.

9 years agoMaemo: Do not store the password in the config file, ask the user for it on demand.
Tobias Brunner [Fri, 24 Sep 2010 11:27:44 +0000 (13:27 +0200)]
Maemo: Do not store the password in the config file, ask the user for it on demand.

9 years agoMaemo: Debianized the status applet.
Tobias Brunner [Tue, 21 Sep 2010 15:16:10 +0000 (17:16 +0200)]
Maemo: Debianized the status applet.

9 years agoMaemo: Added basic connect/disconnect functionality to frontend.
Tobias Brunner [Tue, 21 Sep 2010 13:35:27 +0000 (15:35 +0200)]
Maemo: Added basic connect/disconnect functionality to frontend.

9 years agoMaemo: Listen for a special "Start" D-BUS call.
Tobias Brunner [Tue, 21 Sep 2010 13:36:50 +0000 (15:36 +0200)]
Maemo: Listen for a special "Start" D-BUS call.

This call is made on the system D-BUS so that charon is started as root.

9 years agoMaemo: Added support for connection initiation and shutdown.
Tobias Brunner [Mon, 20 Sep 2010 16:48:56 +0000 (18:48 +0200)]
Maemo: Added support for connection initiation and shutdown.

9 years agoFixed possible segmentation fault.
Tobias Brunner [Tue, 21 Sep 2010 12:32:14 +0000 (14:32 +0200)]
Fixed possible segmentation fault.

9 years agoMaemo: Do not unref the dialog.
Tobias Brunner [Mon, 20 Sep 2010 16:45:19 +0000 (18:45 +0200)]
Maemo: Do not unref the dialog.

9 years agoMaemo: Improved icon loading in status applet.
Tobias Brunner [Mon, 20 Sep 2010 16:42:40 +0000 (18:42 +0200)]
Maemo: Improved icon loading in status applet.

9 years agoMaemo: Register the status applet with libosso.
Tobias Brunner [Mon, 20 Sep 2010 16:30:34 +0000 (18:30 +0200)]
Maemo: Register the status applet with libosso.

9 years agoMaemo: Register with libosso and init Glib main loop.
Tobias Brunner [Mon, 20 Sep 2010 15:35:28 +0000 (17:35 +0200)]
Maemo: Register with libosso and init Glib main loop.

9 years agoMaemo: Register charon as D-BUS system service.
Tobias Brunner [Mon, 20 Sep 2010 14:03:04 +0000 (16:03 +0200)]
Maemo: Register charon as D-BUS system service.

In order to be able to access this service via libosso, charon is
started with the run-standalone.sh script, which sets up the required
environment.

9 years agoMaemo: Changed the input mode of several text boxes.
Tobias Brunner [Fri, 17 Sep 2010 15:45:09 +0000 (17:45 +0200)]
Maemo: Changed the input mode of several text boxes.

9 years agoMaemo: Ensure that the settings directory exists.
Tobias Brunner [Fri, 17 Sep 2010 15:44:38 +0000 (17:44 +0200)]
Maemo: Ensure that the settings directory exists.

9 years agoFixed a subtle SIGSEGV.
Tobias Brunner [Fri, 17 Sep 2010 15:23:54 +0000 (17:23 +0200)]
Fixed a subtle SIGSEGV.

9 years agoStub plugin for Maemo specific extensions added.
Tobias Brunner [Mon, 20 Sep 2010 15:36:42 +0000 (17:36 +0200)]
Stub plugin for Maemo specific extensions added.

9 years agoDialog to initiate or terminate connections added.
Tobias Brunner [Fri, 4 Jun 2010 13:02:55 +0000 (15:02 +0200)]
Dialog to initiate or terminate connections added.

9 years agoEnable dynamic registration of StrongswanConnection(s) type.
Tobias Brunner [Fri, 4 Jun 2010 12:41:45 +0000 (14:41 +0200)]
Enable dynamic registration of StrongswanConnection(s) type.

Because status menu plugins get loaded and unloaded dynamically by the
Hildon Desktop, we have to register our Types dynamically.

9 years agoInitial version of the Hildon Desktop status menu plugin.
Tobias Brunner [Fri, 4 Jun 2010 12:40:24 +0000 (14:40 +0200)]
Initial version of the Hildon Desktop status menu plugin.

9 years agoAdding, editing and deleting connections is now possible in the settings plugin.
Tobias Brunner [Fri, 4 Jun 2010 12:18:47 +0000 (14:18 +0200)]
Adding, editing and deleting connections is now possible in the settings plugin.

9 years agoAdding a dialog to the settings plugin that lists all connections.
Tobias Brunner [Fri, 4 Jun 2010 12:15:37 +0000 (14:15 +0200)]
Adding a dialog to the settings plugin that lists all connections.

9 years agoHelper methods added to StrongSwanConnections to easily show connections in a list...
Tobias Brunner [Fri, 4 Jun 2010 12:11:24 +0000 (14:11 +0200)]
Helper methods added to StrongSwanConnections to easily show connections in a list widget.

9 years agoManagement class for connection settings added, connections are stored in a simple...
Tobias Brunner [Fri, 17 Sep 2010 15:43:00 +0000 (17:43 +0200)]
Management class for connection settings added, connections are stored in a simple GKeyFile.

9 years agoSimple GObject based class for connection settings added.
Tobias Brunner [Fri, 4 Jun 2010 11:56:39 +0000 (13:56 +0200)]
Simple GObject based class for connection settings added.

9 years agoAdding a stub plugin for the Hildon control panel.
Tobias Brunner [Fri, 4 Jun 2010 11:48:58 +0000 (13:48 +0200)]
Adding a stub plugin for the Hildon control panel.

9 years agoAdding autotools framework for the maemo frontend.
Tobias Brunner [Fri, 4 Jun 2010 11:41:01 +0000 (13:41 +0200)]
Adding autotools framework for the maemo frontend.

9 years agoDefine explicit IKEv1 keyexchange mode V
Andreas Steffen [Thu, 14 Oct 2010 14:13:52 +0000 (16:13 +0200)]
Define explicit IKEv1 keyexchange mode V

9 years agoincrease eap-tls max_message_count in fragments scenario
Andreas Steffen [Thu, 14 Oct 2010 14:09:34 +0000 (16:09 +0200)]
increase eap-tls max_message_count in fragments scenario

9 years agoAdded ssh_config to distribution.
Tobias Brunner [Thu, 14 Oct 2010 13:57:34 +0000 (15:57 +0200)]
Added ssh_config to distribution.

9 years agoversion bump to 4.5.0rc1
Andreas Steffen [Thu, 14 Oct 2010 13:50:42 +0000 (15:50 +0200)]
version bump to 4.5.0rc1

9 years agotesting: Reduce testing runtime by reusing SSH sessions.
Tobias Brunner [Thu, 14 Oct 2010 12:01:26 +0000 (14:01 +0200)]
testing: Reduce testing runtime by reusing SSH sessions.

By using the ControlMaster and ControlPath options, existing SSH sessions
are reused (a session to each host is opened at the beginning of a test
run).  Also, RC4 is used as encryption algorithm to further improve the
performance.  These changes reduce the runtime by over 20%.

9 years agoDefine explicit IKEv1 keyexchange mode IV.
Tobias Brunner [Thu, 14 Oct 2010 11:55:04 +0000 (13:55 +0200)]
Define explicit IKEv1 keyexchange mode IV.

9 years agopluto: Install inbound policies together with outbound policies.
Tobias Brunner [Thu, 14 Oct 2010 11:47:08 +0000 (13:47 +0200)]
pluto: Install inbound policies together with outbound policies.

This avoids an error message when uninstalling the policies and charon
did it already like this.

9 years agodefine explicit IKEv1 keyexchange mode III
Andreas Steffen [Thu, 14 Oct 2010 05:34:13 +0000 (07:34 +0200)]
define explicit IKEv1 keyexchange mode III

9 years agofixed ikev2/rw-eap-ttls-radius scenario
Andreas Steffen [Thu, 14 Oct 2010 05:26:10 +0000 (07:26 +0200)]
fixed ikev2/rw-eap-ttls-radius scenario

9 years agofixed ikev2/rw-eap-tnc-radius-block scenario
Andreas Steffen [Thu, 14 Oct 2010 05:22:39 +0000 (07:22 +0200)]
fixed ikev2/rw-eap-tnc-radius-block scenario

9 years agofixed ikev2/rw-eap-tnc scenario
Andreas Steffen [Thu, 14 Oct 2010 05:08:33 +0000 (07:08 +0200)]
fixed ikev2/rw-eap-tnc scenario

9 years agofixed ikev2/rw-eap-sim-radius scenario
Andreas Steffen [Thu, 14 Oct 2010 05:01:06 +0000 (07:01 +0200)]
fixed ikev2/rw-eap-sim-radius scenario

9 years agofixed ikev2/rw-eap-sim-only-radius scenario
Andreas Steffen [Thu, 14 Oct 2010 04:55:06 +0000 (06:55 +0200)]
fixed ikev2/rw-eap-sim-only-radius scenario

9 years agofixed ikev2/mult-auth-rsa-eap-sim-id
Andreas Steffen [Thu, 14 Oct 2010 04:41:26 +0000 (06:41 +0200)]
fixed ikev2/mult-auth-rsa-eap-sim-id

9 years agoignore : separator characters in chunk_from_hex()
Andreas Steffen [Tue, 12 Oct 2010 17:12:40 +0000 (19:12 +0200)]
ignore : separator characters in chunk_from_hex()

9 years agoStore the exit code of executed commands in Dumm::Guest.execstatus.
Tobias Brunner [Tue, 12 Oct 2010 13:15:17 +0000 (15:15 +0200)]
Store the exit code of executed commands in Dumm::Guest.execstatus.

Also, no exception is risen for failed exec calls, anymore.

9 years agoMap the guests to a ruby hash to avoid creating new ruby objects on each call of...
Tobias Brunner [Thu, 24 Sep 2009 16:39:12 +0000 (18:39 +0200)]
Map the guests to a ruby hash to avoid creating new ruby objects on each call of Guest.each or Guest[].

9 years agoExposed the mutli-overlay functionality in the ruby bindings.
Tobias Brunner [Thu, 2 Jul 2009 15:11:28 +0000 (17:11 +0200)]
Exposed the mutli-overlay functionality in the ruby bindings.

Overlays can be added to individual guests (which overlays exactly the
supplied directory) or to all guests (which overlays a subdirectory
with the guest's name to each guest).

The template functionality is provided as before.

9 years agoAdded support for multiple overlays to the main library.
Tobias Brunner [Thu, 2 Jul 2009 15:01:14 +0000 (17:01 +0200)]
Added support for multiple overlays to the main library.

Also implemented the template functionality using the new overlay functions.

9 years agoAdded support for multiple overlays to guests (replaces the template functionality).
Tobias Brunner [Thu, 2 Jul 2009 14:41:40 +0000 (16:41 +0200)]
Added support for multiple overlays to guests (replaces the template functionality).

Compared to a template an overlay is an arbitrary directory, not the
parent directory of a directory with the guest's name.

9 years agoAdded support for multiple overlays to the copy-on-write filesystem.
Tobias Brunner [Tue, 12 Oct 2010 13:03:19 +0000 (15:03 +0200)]
Added support for multiple overlays to the copy-on-write filesystem.

9 years agoDo not add additional addresses to MOBIKE path probing messages.
Tobias Brunner [Thu, 7 Oct 2010 08:08:06 +0000 (10:08 +0200)]
Do not add additional addresses to MOBIKE path probing messages.

9 years agoChange behavior of responder during roaming.
Tobias Brunner [Tue, 5 Oct 2010 16:01:41 +0000 (18:01 +0200)]
Change behavior of responder during roaming.

If the current source address is not available anymore, the responder
uses ike_mobike_t.roam, thus, uses multiple address combinations when
trying to notify the initiator.

9 years agoAllow responder to use ike_mobike_t.roam.
Tobias Brunner [Tue, 5 Oct 2010 15:59:48 +0000 (17:59 +0200)]
Allow responder to use ike_mobike_t.roam.

After getting a response the responder updates the IPsec SAs.

9 years agoSend list of additional addresses even if current path is still valid.
Tobias Brunner [Tue, 5 Oct 2010 15:55:32 +0000 (17:55 +0200)]
Send list of additional addresses even if current path is still valid.

9 years agoExtracted path checking in ike_sa_t.roam into separate functions.
Tobias Brunner [Tue, 5 Oct 2010 15:49:50 +0000 (17:49 +0200)]
Extracted path checking in ike_sa_t.roam into separate functions.

9 years agoAdded support for responders to change their address via MOBIKE.
Tobias Brunner [Tue, 5 Oct 2010 14:52:36 +0000 (16:52 +0200)]
Added support for responders to change their address via MOBIKE.

If the original responder updates its list of additional addresses we
check if the remote endpoint changed and update the IPsec SAs if it did,
as we assume the original address became unavailable and the responder
already updated the SAs on its side.

9 years agoExplicitly configure MOBIKE tasks to update the list of additional addresses.
Tobias Brunner [Tue, 5 Oct 2010 14:49:20 +0000 (16:49 +0200)]
Explicitly configure MOBIKE tasks to update the list of additional addresses.

9 years agoImproved check for first IKE_AUTH message in ike_mobike task.
Tobias Brunner [Tue, 5 Oct 2010 14:42:39 +0000 (16:42 +0200)]
Improved check for first IKE_AUTH message in ike_mobike task.

If the original responder initiated a MOBIKE exchange, the previous
check was not always correct.

9 years agoMigrated ike_mobike task to INIT/METHOD macros.
Tobias Brunner [Thu, 7 Oct 2010 12:26:35 +0000 (14:26 +0200)]
Migrated ike_mobike task to INIT/METHOD macros.

9 years agoSimplified apply_port function in mobike task.
Tobias Brunner [Tue, 5 Oct 2010 14:16:21 +0000 (16:16 +0200)]
Simplified apply_port function in mobike task.

9 years agoDo not fire roam events based on local route changes.
Tobias Brunner [Tue, 5 Oct 2010 14:18:35 +0000 (16:18 +0200)]
Do not fire roam events based on local route changes.

These kernel events are triggered on address changes, which is
problematic when deleting virtual IP addresses.

9 years agoIf a changed route has no src, try to find it via interface.
Tobias Brunner [Tue, 5 Oct 2010 16:41:06 +0000 (18:41 +0200)]
If a changed route has no src, try to find it via interface.

9 years agoGet source address from interface if the route does not provide one.
Tobias Brunner [Tue, 5 Oct 2010 07:36:31 +0000 (09:36 +0200)]
Get source address from interface if the route does not provide one.