strongswan.git
13 years agocharon.keep_alive = 0 disables the sending of NAT keep alives
Andreas Steffen [Wed, 3 Sep 2008 19:00:08 +0000 (19:00 -0000)]
charon.keep_alive = 0 disables the sending of NAT keep alives

13 years agoconfigure NAT keep alive interval using the charon.keep_alive key
Andreas Steffen [Wed, 3 Sep 2008 18:49:06 +0000 (18:49 -0000)]
configure NAT keep alive interval using the charon.keep_alive key

13 years agotypos
Tobias Brunner [Wed, 3 Sep 2008 07:44:46 +0000 (07:44 -0000)]
typos

13 years agohandle INFORMATIONAL exchanges with NATD payloads in mobike task
Martin Willi [Tue, 2 Sep 2008 14:02:40 +0000 (14:02 -0000)]
handle INFORMATIONAL exchanges with NATD payloads in mobike task

13 years agolibstrongswan agent plugin to use ssh-agent for RSA signatures
Martin Willi [Tue, 2 Sep 2008 11:04:26 +0000 (11:04 -0000)]
libstrongswan agent plugin to use ssh-agent for RSA signatures

13 years agoported openac to credential factory changes
Martin Willi [Tue, 2 Sep 2008 11:01:05 +0000 (11:01 -0000)]
ported openac to credential factory changes

13 years agorefactored credential builder
Martin Willi [Tue, 2 Sep 2008 11:00:13 +0000 (11:00 -0000)]
refactored credential builder
allow enumeration of matching builders
try a second builder if the first one fails
builder clones resources internally on demand
caller frees added resources on failure and success
stricter handling of non-supported build parts

13 years agoOIDs used by strongSwan
Andreas Steffen [Mon, 1 Sep 2008 11:38:03 +0000 (11:38 -0000)]
OIDs used by strongSwan

13 years agoadded thread_analysis tool
Andreas Steffen [Mon, 1 Sep 2008 11:19:07 +0000 (11:19 -0000)]
added thread_analysis tool

13 years agouse libcap for capability dropping
Martin Willi [Fri, 29 Aug 2008 09:24:14 +0000 (09:24 -0000)]
use libcap for capability dropping
optional, must be enabled --with-capabilities=libcap
will be extended to support --with-capabilities=libcap2

13 years agostreamlined ipsec listalgs output
Andreas Steffen [Fri, 29 Aug 2008 05:35:09 +0000 (05:35 -0000)]
streamlined ipsec listalgs output

13 years agocapability API to allow plugin-controlled capability set
Martin Willi [Thu, 28 Aug 2008 16:27:48 +0000 (16:27 -0000)]
capability API to allow plugin-controlled capability set

13 years agocosmetics
Martin Willi [Thu, 28 Aug 2008 11:15:01 +0000 (11:15 -0000)]
cosmetics

13 years agocreating default IKE proposals dynamically using algorithm enumeration API
Martin Willi [Thu, 28 Aug 2008 11:07:57 +0000 (11:07 -0000)]
creating default IKE proposals dynamically using algorithm enumeration API

13 years agoseparated sha1_prf implementation from sha1_hasher
Martin Willi [Thu, 28 Aug 2008 10:57:24 +0000 (10:57 -0000)]
separated sha1_prf implementation from sha1_hasher

13 years agocrypto_factory algorithm enumeration API
Martin Willi [Thu, 28 Aug 2008 09:24:42 +0000 (09:24 -0000)]
crypto_factory algorithm enumeration API
implementation of "ipsec listalgs"

13 years ago * allow to load templates from arbitrary places
Tobias Brunner [Thu, 28 Aug 2008 08:05:07 +0000 (08:05 -0000)]
 * allow to load templates from arbitrary places
 * changed implementation of guest?/iface?

13 years agomkdir_p: utility function to create a directory and all required parent directories
Tobias Brunner [Thu, 28 Aug 2008 07:47:55 +0000 (07:47 -0000)]
mkdir_p: utility function to create a directory and all required parent directories

13 years agobuild scripts for ubuntu NetworkManager packages
Martin Willi [Wed, 27 Aug 2008 13:51:05 +0000 (13:51 -0000)]
build scripts for ubuntu NetworkManager packages

13 years agocheck user account validity after PAM authentication
Martin Willi [Wed, 27 Aug 2008 13:48:54 +0000 (13:48 -0000)]
check user account validity after PAM authentication

13 years agoversion bump to 4.2.7
Andreas Steffen [Wed, 27 Aug 2008 12:01:57 +0000 (12:01 -0000)]
version bump to 4.2.7

13 years agoadditional NEWS for 4.2.6 4.2.6
Martin Willi [Wed, 27 Aug 2008 08:39:09 +0000 (08:39 -0000)]
additional NEWS for 4.2.6

13 years ago * guest#running?
Tobias Brunner [Wed, 27 Aug 2008 07:35:20 +0000 (07:35 -0000)]
 * guest#running?
 * guest?, iface? (also Guest.include? resp. guest.include?)
 * easy accessors for guests and ifaces (Guest.sun instead of Guest["sun"] and guest.eth0 instead of guest["eth0"])
 * if a block is given for iface#add or iface#del then the change is only temporary while executing the block and gets reverted afterwards

13 years agomy changes for the 4.2.6 release
Andreas Steffen [Wed, 27 Aug 2008 07:19:40 +0000 (07:19 -0000)]
my changes for the 4.2.6 release

13 years agoadded ikev2/rw-eap-aka-identity scenario
Andreas Steffen [Tue, 26 Aug 2008 20:02:58 +0000 (20:02 -0000)]
added ikev2/rw-eap-aka-identity scenario

13 years agocosmetics
Andreas Steffen [Tue, 26 Aug 2008 19:54:47 +0000 (19:54 -0000)]
cosmetics

13 years agoipsec statusall lists eap_type and eap_identity
Andreas Steffen [Tue, 26 Aug 2008 19:45:44 +0000 (19:45 -0000)]
ipsec statusall lists eap_type and eap_identity

13 years agoenable-eap-identity in UML scenarios
Andreas Steffen [Tue, 26 Aug 2008 19:17:14 +0000 (19:17 -0000)]
enable-eap-identity in UML scenarios

13 years agousing strongSwan, not NetworkManager version number
Martin Willi [Tue, 26 Aug 2008 14:27:53 +0000 (14:27 -0000)]
using strongSwan, not NetworkManager version number

13 years agofixing charon path for now for ubuntu package
Martin Willi [Tue, 26 Aug 2008 14:27:12 +0000 (14:27 -0000)]
fixing charon path for now for ubuntu package

13 years agoadded ikev2/multi-level-ca-cr-init and ikev2/multi-level-ca-cr-resp scenarios
Andreas Steffen [Tue, 26 Aug 2008 05:34:33 +0000 (05:34 -0000)]
added ikev2/multi-level-ca-cr-init and ikev2/multi-level-ca-cr-resp scenarios

13 years agocompleted support of AUTHZ_CA_CERT and AUTHZ_CA_CERT_NAME attributes
Andreas Steffen [Tue, 26 Aug 2008 05:15:34 +0000 (05:15 -0000)]
completed support of AUTHZ_CA_CERT and AUTHZ_CA_CERT_NAME attributes

13 years agoadapted sql/rw-eap-aka-rsa scenario to new EAP identity type
Andreas Steffen [Mon, 25 Aug 2008 13:52:26 +0000 (13:52 -0000)]
adapted sql/rw-eap-aka-rsa scenario to new EAP identity type

13 years agolist CA restrictions in ipsec statusall
Andreas Steffen [Mon, 25 Aug 2008 12:35:18 +0000 (12:35 -0000)]
list CA restrictions in ipsec statusall

13 years agoadded NM gnome plugin to distribution
Martin Willi [Mon, 25 Aug 2008 08:21:51 +0000 (08:21 -0000)]
added NM gnome plugin to distribution

13 years agoremoved generated Makefile.in.in from svn
Martin Willi [Mon, 25 Aug 2008 08:15:57 +0000 (08:15 -0000)]
removed generated Makefile.in.in from svn

13 years agoenforce DN of configured gateway certificate
Martin Willi [Mon, 25 Aug 2008 07:50:21 +0000 (07:50 -0000)]
enforce DN of configured gateway certificate

13 years agonew EAP-Identity handling uses ID_EAP in plugins
Martin Willi [Mon, 25 Aug 2008 07:49:48 +0000 (07:49 -0000)]
new EAP-Identity handling uses ID_EAP in plugins

13 years agodisabled PSK option until we have a way to enforce strong secrets
Martin Willi [Mon, 25 Aug 2008 07:48:11 +0000 (07:48 -0000)]
disabled PSK option until we have a way to enforce strong secrets

13 years agouse username part of RFC822 IDs for PAM authentication
Martin Willi [Mon, 25 Aug 2008 07:47:16 +0000 (07:47 -0000)]
use username part of RFC822 IDs for PAM authentication

13 years agoported parts of two-sim branch
Martin Willi [Fri, 22 Aug 2008 10:44:51 +0000 (10:44 -0000)]
ported parts of two-sim branch
eap_identity parameter to exchange in eap_identity
some auth_info/peer_cfg refactorings
fixed some bugs, introduced new ones

13 years agorun guests with some niceness
Martin Willi [Fri, 22 Aug 2008 08:37:15 +0000 (08:37 -0000)]
run guests with some niceness

13 years agopool names are unique
Martin Willi [Fri, 22 Aug 2008 07:38:59 +0000 (07:38 -0000)]
pool names are unique

13 years agodo not return IPv6 src addresses for IPv4 destinations
Martin Willi [Thu, 21 Aug 2008 15:17:45 +0000 (15:17 -0000)]
do not return IPv6 src addresses for IPv4 destinations

13 years agofixed EAP-GTC secret lookup
Martin Willi [Thu, 21 Aug 2008 14:40:03 +0000 (14:40 -0000)]
fixed EAP-GTC secret lookup
improved error logging
PAM authentication needs CAP_AUDIT_WRITE capability

13 years agoa (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM
Martin Willi [Thu, 21 Aug 2008 12:10:07 +0000 (12:10 -0000)]
a (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM

13 years agocorrected caption
Andreas Steffen [Thu, 21 Aug 2008 11:58:58 +0000 (11:58 -0000)]
corrected caption

13 years agocharon.process_route = no does not process RTM_NEWROUTE and RTM_DELROUTE events....
Andreas Steffen [Thu, 21 Aug 2008 11:55:16 +0000 (11:55 -0000)]
charon.process_route = no does not process RTM_NEWROUTE and RTM_DELROUTE events. Useful for taking down hundreds of virtual IPs on the same host

13 years agoadded sqlite busy handler: retries on locking conflicts
Martin Willi [Thu, 21 Aug 2008 09:25:06 +0000 (09:25 -0000)]
added sqlite busy handler: retries on locking conflicts

13 years agoavoid too many alloca()s in netlink send, problematic on MIPS
Martin Willi [Thu, 21 Aug 2008 07:55:16 +0000 (07:55 -0000)]
avoid too many alloca()s in netlink send, problematic on MIPS

13 years agosome string fixes
Martin Willi [Wed, 20 Aug 2008 13:59:37 +0000 (13:59 -0000)]
some string fixes

13 years agoadded missing tooltip
Martin Willi [Wed, 20 Aug 2008 12:02:53 +0000 (12:02 -0000)]
added missing tooltip

13 years agohandle DBUS permission problems gracefully
Martin Willi [Wed, 20 Aug 2008 11:44:47 +0000 (11:44 -0000)]
handle DBUS permission problems gracefully

13 years agofixed shared key lookup by ID
Martin Willi [Wed, 20 Aug 2008 08:51:18 +0000 (08:51 -0000)]
fixed shared key lookup by ID
proper auth method selection

13 years agofixed auth-dialog password flush
Martin Willi [Wed, 20 Aug 2008 08:49:47 +0000 (08:49 -0000)]
fixed auth-dialog password flush

13 years agoset version back to 4.2.6
Andreas Steffen [Tue, 19 Aug 2008 18:53:15 +0000 (18:53 -0000)]
set version back to 4.2.6

13 years agofixed libstrongswan integrity test
Andreas Steffen [Tue, 19 Aug 2008 18:51:30 +0000 (18:51 -0000)]
fixed libstrongswan integrity test

13 years agocertificate based gateway authentication
Martin Willi [Tue, 19 Aug 2008 15:19:45 +0000 (15:19 -0000)]
certificate based gateway authentication
prototype PSK user authentication with auth-dialog

13 years agoupdated nm plugin to NetworkManager API changes
Martin Willi [Mon, 18 Aug 2008 11:59:19 +0000 (11:59 -0000)]
updated nm plugin to NetworkManager API changes

13 years agoroam jobs for routing table changes not fired for virtual IP routes
Martin Willi [Mon, 18 Aug 2008 11:07:26 +0000 (11:07 -0000)]
roam jobs for routing table changes not fired for virtual IP routes

13 years agodo not fire a roam job when virtual IP is deleted
Andreas Steffen [Fri, 15 Aug 2008 19:15:52 +0000 (19:15 -0000)]
do not fire a roam job when virtual IP is deleted

13 years agotemporary workaround to prevent roam jobs due to virtual IP installations
Andreas Steffen [Mon, 11 Aug 2008 19:04:48 +0000 (19:04 -0000)]
temporary workaround to prevent roam jobs due to virtual IP installations

13 years agocorrected typo
Andreas Steffen [Mon, 11 Aug 2008 18:40:22 +0000 (18:40 -0000)]
corrected typo

13 years ago * ruby extension extracted from irdumm
Tobias Brunner [Thu, 7 Aug 2008 14:56:54 +0000 (14:56 -0000)]
 * ruby extension extracted from irdumm
 * guests do not shutdown anymore on SIGINT in irb

13 years agoadded ipv6/net2net-ip6-in-ip6-ikev2 scenario
Andreas Steffen [Wed, 6 Aug 2008 20:40:14 +0000 (20:40 -0000)]
added ipv6/net2net-ip6-in-ip6-ikev2 scenario

13 years agoadd additional scenario diagrams
Andreas Steffen [Wed, 6 Aug 2008 20:35:42 +0000 (20:35 -0000)]
add additional scenario diagrams

13 years agoadded missing cleanup on failure
Tobias Brunner [Wed, 6 Aug 2008 07:31:26 +0000 (07:31 -0000)]
added missing cleanup on failure

13 years agoinitiator sends contents of rightca= if present as a certificate request without...
Andreas Steffen [Tue, 5 Aug 2008 09:05:57 +0000 (09:05 -0000)]
initiator sends contents of rightca= if present as a certificate request without searching for further CA certificates

13 years agofixed improper TAILQ fix which caused pluto to segfault
Andreas Steffen [Sun, 3 Aug 2008 18:01:21 +0000 (18:01 -0000)]
fixed improper TAILQ fix which caused pluto to segfault

13 years agocorrected caption
Andreas Steffen [Fri, 1 Aug 2008 12:59:08 +0000 (12:59 -0000)]
corrected caption

13 years agoRedhat/Fedora requires var/lock/subsys/ipsec for runlevel changes
Andreas Steffen [Fri, 1 Aug 2008 12:04:35 +0000 (12:04 -0000)]
Redhat/Fedora requires var/lock/subsys/ipsec for runlevel changes

13 years agoipsec starter gives the charon daemon 8s to terminate gracefully before killing the...
Andreas Steffen [Fri, 1 Aug 2008 10:35:59 +0000 (10:35 -0000)]
ipsec starter gives the charon daemon 8s to terminate gracefully before killing the process brutally

13 years agofixed the close_peerlog() bug causing ipsec pluto --help to segfault
Andreas Steffen [Fri, 1 Aug 2008 10:12:33 +0000 (10:12 -0000)]
fixed the close_peerlog() bug causing ipsec pluto --help to segfault

13 years agoconfiguration plugin for NetworkManager
Martin Willi [Thu, 31 Jul 2008 15:07:52 +0000 (15:07 -0000)]
configuration plugin for NetworkManager

13 years agoadded options for virtual IP, UDP encapsulation, IPComp
Martin Willi [Thu, 31 Jul 2008 14:32:11 +0000 (14:32 -0000)]
added options for virtual IP, UDP encapsulation, IPComp
proper handling of libstrongswan/glib TRUE/FALSE conflict

13 years agoexec on a guest now returns the return value of the executed process
Tobias Brunner [Thu, 31 Jul 2008 12:59:59 +0000 (12:59 -0000)]
exec on a guest now returns the return value of the executed process

13 years agoreimplemented dbus plugin for NetworkManager 0.7, renamed to nm
Martin Willi [Thu, 31 Jul 2008 11:16:14 +0000 (11:16 -0000)]
reimplemented dbus plugin for NetworkManager 0.7, renamed to nm

13 years agorecreating FIFO if it exists
Martin Willi [Thu, 31 Jul 2008 09:04:54 +0000 (09:04 -0000)]
recreating FIFO if it exists

13 years agofixed usage typo
Martin Willi [Thu, 31 Jul 2008 09:01:56 +0000 (09:01 -0000)]
fixed usage typo

13 years agoincreased stroke socket backlog to 10
Martin Willi [Wed, 30 Jul 2008 14:17:05 +0000 (14:17 -0000)]
increased stroke socket backlog to 10

13 years agousing a entry cache for duplicate checks, avoids deadlocks
Martin Willi [Wed, 30 Jul 2008 14:15:08 +0000 (14:15 -0000)]
using a entry cache for duplicate checks, avoids deadlocks

13 years agouse condvar broadcasts to signal threads waiting for an IP, there might be more than one
Martin Willi [Wed, 30 Jul 2008 13:19:12 +0000 (13:19 -0000)]
use condvar broadcasts to signal threads waiting for an IP, there might be more than one

13 years agothe list of addresses on the interface of a guest is not cached anymore, but queried...
Tobias Brunner [Wed, 30 Jul 2008 13:15:18 +0000 (13:15 -0000)]
the list of addresses on the interface of a guest is not cached anymore, but queried directly from the interface

13 years ago* Guest#exec uses the new exec_str function
Tobias Brunner [Wed, 30 Jul 2008 13:01:04 +0000 (13:01 -0000)]
* Guest#exec uses the new exec_str function
* tab completion in irdumm enabled

13 years agoadded an extended exec function to guests that allows to get the output of the comman...
Tobias Brunner [Wed, 30 Jul 2008 12:58:45 +0000 (12:58 -0000)]
added an extended exec function to guests that allows to get the output of the command as string or by line.

13 years agousing shared read locks in credential set enumerators to avoid deadlocks
Martin Willi [Wed, 30 Jul 2008 11:38:44 +0000 (11:38 -0000)]
using shared read locks in credential set enumerators to avoid deadlocks

13 years agoadded strongswan.conf option "charon.dos_protection" to disable cookies/aggressivenes...
Martin Willi [Wed, 30 Jul 2008 08:27:08 +0000 (08:27 -0000)]
added strongswan.conf option "charon.dos_protection" to disable cookies/aggressiveness check

13 years agoadded keyid2sql helper script
Andreas Steffen [Tue, 29 Jul 2008 19:46:39 +0000 (19:46 -0000)]
added keyid2sql helper script

13 years agostarter now waits for a maximum of 10s instead of 1s for charon before restarting...
Andreas Steffen [Tue, 29 Jul 2008 19:44:54 +0000 (19:44 -0000)]
starter now waits for a maximum of 10s instead of 1s for charon before restarting the daemon

13 years agodemoted IKE state change output to debug level 2
Andreas Steffen [Mon, 28 Jul 2008 14:01:45 +0000 (14:01 -0000)]
demoted IKE state change output to debug level 2

13 years agoignore AUTH_LIFETIME value if reauthentication has already been scheduled earlier
Andreas Steffen [Mon, 28 Jul 2008 13:53:04 +0000 (13:53 -0000)]
ignore AUTH_LIFETIME value if reauthentication has already been scheduled earlier

13 years agoswitched xterm console title
Martin Willi [Mon, 28 Jul 2008 13:10:34 +0000 (13:10 -0000)]
switched xterm console title

13 years agousing gnome-terminal in irdumm
Martin Willi [Mon, 28 Jul 2008 12:37:01 +0000 (12:37 -0000)]
using gnome-terminal in irdumm

13 years agoversion bump to 4.2.6
Andreas Steffen [Mon, 28 Jul 2008 09:14:07 +0000 (09:14 -0000)]
version bump to 4.2.6

13 years agouse XFRM_MSG_UPDPOLICY for existing policies only
Martin Willi [Mon, 28 Jul 2008 08:29:04 +0000 (08:29 -0000)]
use XFRM_MSG_UPDPOLICY for existing policies only

13 years agoupdated UML INSTALL information 4.2.5
Andreas Steffen [Fri, 25 Jul 2008 10:30:53 +0000 (10:30 -0000)]
updated UML INSTALL information

13 years agoadapted UML scenarios to improved virtual IP address pool
Andreas Steffen [Fri, 25 Jul 2008 10:18:23 +0000 (10:18 -0000)]
adapted UML scenarios to improved virtual IP address pool

13 years agoSQLite database template with improved address pool management
Andreas Steffen [Fri, 25 Jul 2008 08:02:53 +0000 (08:02 -0000)]
SQLite database template with improved address pool management

13 years agoadded changes for the 4.2.5 release
Andreas Steffen [Fri, 25 Jul 2008 08:00:04 +0000 (08:00 -0000)]
added changes for the 4.2.5 release

13 years agoadded tests.h to distribution
Martin Willi [Thu, 24 Jul 2008 12:48:36 +0000 (12:48 -0000)]
added tests.h to distribution