Martin Willi [Wed, 27 Aug 2008 08:39:09 +0000 (08:39 -0000)]
additional NEWS for 4.2.6
Tobias Brunner [Wed, 27 Aug 2008 07:35:20 +0000 (07:35 -0000)]
* guest#running?
* guest?, iface? (also Guest.include? resp. guest.include?)
* easy accessors for guests and ifaces (Guest.sun instead of Guest["sun"] and guest.eth0 instead of guest["eth0"])
* if a block is given for iface#add or iface#del then the change is only temporary while executing the block and gets reverted afterwards
Andreas Steffen [Wed, 27 Aug 2008 07:19:40 +0000 (07:19 -0000)]
my changes for the 4.2.6 release
Andreas Steffen [Tue, 26 Aug 2008 20:02:58 +0000 (20:02 -0000)]
added ikev2/rw-eap-aka-identity scenario
Andreas Steffen [Tue, 26 Aug 2008 19:54:47 +0000 (19:54 -0000)]
cosmetics
Andreas Steffen [Tue, 26 Aug 2008 19:45:44 +0000 (19:45 -0000)]
ipsec statusall lists eap_type and eap_identity
Andreas Steffen [Tue, 26 Aug 2008 19:17:14 +0000 (19:17 -0000)]
enable-eap-identity in UML scenarios
Martin Willi [Tue, 26 Aug 2008 14:27:53 +0000 (14:27 -0000)]
using strongSwan, not NetworkManager version number
Martin Willi [Tue, 26 Aug 2008 14:27:12 +0000 (14:27 -0000)]
fixing charon path for now for ubuntu package
Andreas Steffen [Tue, 26 Aug 2008 05:34:33 +0000 (05:34 -0000)]
added ikev2/multi-level-ca-cr-init and ikev2/multi-level-ca-cr-resp scenarios
Andreas Steffen [Tue, 26 Aug 2008 05:15:34 +0000 (05:15 -0000)]
completed support of AUTHZ_CA_CERT and AUTHZ_CA_CERT_NAME attributes
Andreas Steffen [Mon, 25 Aug 2008 13:52:26 +0000 (13:52 -0000)]
adapted sql/rw-eap-aka-rsa scenario to new EAP identity type
Andreas Steffen [Mon, 25 Aug 2008 12:35:18 +0000 (12:35 -0000)]
list CA restrictions in ipsec statusall
Martin Willi [Mon, 25 Aug 2008 08:21:51 +0000 (08:21 -0000)]
added NM gnome plugin to distribution
Martin Willi [Mon, 25 Aug 2008 08:15:57 +0000 (08:15 -0000)]
removed generated Makefile.in.in from svn
Martin Willi [Mon, 25 Aug 2008 07:50:21 +0000 (07:50 -0000)]
enforce DN of configured gateway certificate
Martin Willi [Mon, 25 Aug 2008 07:49:48 +0000 (07:49 -0000)]
new EAP-Identity handling uses ID_EAP in plugins
Martin Willi [Mon, 25 Aug 2008 07:48:11 +0000 (07:48 -0000)]
disabled PSK option until we have a way to enforce strong secrets
Martin Willi [Mon, 25 Aug 2008 07:47:16 +0000 (07:47 -0000)]
use username part of RFC822 IDs for PAM authentication
Martin Willi [Fri, 22 Aug 2008 10:44:51 +0000 (10:44 -0000)]
ported parts of two-sim branch
eap_identity parameter to exchange in eap_identity
some auth_info/peer_cfg refactorings
fixed some bugs, introduced new ones
Martin Willi [Fri, 22 Aug 2008 08:37:15 +0000 (08:37 -0000)]
run guests with some niceness
Martin Willi [Fri, 22 Aug 2008 07:38:59 +0000 (07:38 -0000)]
pool names are unique
Martin Willi [Thu, 21 Aug 2008 15:17:45 +0000 (15:17 -0000)]
do not return IPv6 src addresses for IPv4 destinations
Martin Willi [Thu, 21 Aug 2008 14:40:03 +0000 (14:40 -0000)]
fixed EAP-GTC secret lookup
improved error logging
PAM authentication needs CAP_AUDIT_WRITE capability
Martin Willi [Thu, 21 Aug 2008 12:10:07 +0000 (12:10 -0000)]
a (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM
Andreas Steffen [Thu, 21 Aug 2008 11:58:58 +0000 (11:58 -0000)]
corrected caption
Andreas Steffen [Thu, 21 Aug 2008 11:55:16 +0000 (11:55 -0000)]
charon.process_route = no does not process RTM_NEWROUTE and RTM_DELROUTE events. Useful for taking down hundreds of virtual IPs on the same host
Martin Willi [Thu, 21 Aug 2008 09:25:06 +0000 (09:25 -0000)]
added sqlite busy handler: retries on locking conflicts
Martin Willi [Thu, 21 Aug 2008 07:55:16 +0000 (07:55 -0000)]
avoid too many alloca()s in netlink send, problematic on MIPS
Martin Willi [Wed, 20 Aug 2008 13:59:37 +0000 (13:59 -0000)]
some string fixes
Martin Willi [Wed, 20 Aug 2008 12:02:53 +0000 (12:02 -0000)]
added missing tooltip
Martin Willi [Wed, 20 Aug 2008 11:44:47 +0000 (11:44 -0000)]
handle DBUS permission problems gracefully
Martin Willi [Wed, 20 Aug 2008 08:51:18 +0000 (08:51 -0000)]
fixed shared key lookup by ID
proper auth method selection
Martin Willi [Wed, 20 Aug 2008 08:49:47 +0000 (08:49 -0000)]
fixed auth-dialog password flush
Andreas Steffen [Tue, 19 Aug 2008 18:53:15 +0000 (18:53 -0000)]
set version back to 4.2.6
Andreas Steffen [Tue, 19 Aug 2008 18:51:30 +0000 (18:51 -0000)]
fixed libstrongswan integrity test
Martin Willi [Tue, 19 Aug 2008 15:19:45 +0000 (15:19 -0000)]
certificate based gateway authentication
prototype PSK user authentication with auth-dialog
Martin Willi [Mon, 18 Aug 2008 11:59:19 +0000 (11:59 -0000)]
updated nm plugin to NetworkManager API changes
Martin Willi [Mon, 18 Aug 2008 11:07:26 +0000 (11:07 -0000)]
roam jobs for routing table changes not fired for virtual IP routes
Andreas Steffen [Fri, 15 Aug 2008 19:15:52 +0000 (19:15 -0000)]
do not fire a roam job when virtual IP is deleted
Andreas Steffen [Mon, 11 Aug 2008 19:04:48 +0000 (19:04 -0000)]
temporary workaround to prevent roam jobs due to virtual IP installations
Andreas Steffen [Mon, 11 Aug 2008 18:40:22 +0000 (18:40 -0000)]
corrected typo
Tobias Brunner [Thu, 7 Aug 2008 14:56:54 +0000 (14:56 -0000)]
* ruby extension extracted from irdumm
* guests do not shutdown anymore on SIGINT in irb
Andreas Steffen [Wed, 6 Aug 2008 20:40:14 +0000 (20:40 -0000)]
added ipv6/net2net-ip6-in-ip6-ikev2 scenario
Andreas Steffen [Wed, 6 Aug 2008 20:35:42 +0000 (20:35 -0000)]
add additional scenario diagrams
Tobias Brunner [Wed, 6 Aug 2008 07:31:26 +0000 (07:31 -0000)]
added missing cleanup on failure
Andreas Steffen [Tue, 5 Aug 2008 09:05:57 +0000 (09:05 -0000)]
initiator sends contents of rightca= if present as a certificate request without searching for further CA certificates
Andreas Steffen [Sun, 3 Aug 2008 18:01:21 +0000 (18:01 -0000)]
fixed improper TAILQ fix which caused pluto to segfault
Andreas Steffen [Fri, 1 Aug 2008 12:59:08 +0000 (12:59 -0000)]
corrected caption
Andreas Steffen [Fri, 1 Aug 2008 12:04:35 +0000 (12:04 -0000)]
Redhat/Fedora requires var/lock/subsys/ipsec for runlevel changes
Andreas Steffen [Fri, 1 Aug 2008 10:35:59 +0000 (10:35 -0000)]
ipsec starter gives the charon daemon 8s to terminate gracefully before killing the process brutally
Andreas Steffen [Fri, 1 Aug 2008 10:12:33 +0000 (10:12 -0000)]
fixed the close_peerlog() bug causing ipsec pluto --help to segfault
Martin Willi [Thu, 31 Jul 2008 15:07:52 +0000 (15:07 -0000)]
configuration plugin for NetworkManager
Martin Willi [Thu, 31 Jul 2008 14:32:11 +0000 (14:32 -0000)]
added options for virtual IP, UDP encapsulation, IPComp
proper handling of libstrongswan/glib TRUE/FALSE conflict
Tobias Brunner [Thu, 31 Jul 2008 12:59:59 +0000 (12:59 -0000)]
exec on a guest now returns the return value of the executed process
Martin Willi [Thu, 31 Jul 2008 11:16:14 +0000 (11:16 -0000)]
reimplemented dbus plugin for NetworkManager 0.7, renamed to nm
Martin Willi [Thu, 31 Jul 2008 09:04:54 +0000 (09:04 -0000)]
recreating FIFO if it exists
Martin Willi [Thu, 31 Jul 2008 09:01:56 +0000 (09:01 -0000)]
fixed usage typo
Martin Willi [Wed, 30 Jul 2008 14:17:05 +0000 (14:17 -0000)]
increased stroke socket backlog to 10
Martin Willi [Wed, 30 Jul 2008 14:15:08 +0000 (14:15 -0000)]
using a entry cache for duplicate checks, avoids deadlocks
Martin Willi [Wed, 30 Jul 2008 13:19:12 +0000 (13:19 -0000)]
use condvar broadcasts to signal threads waiting for an IP, there might be more than one
Tobias Brunner [Wed, 30 Jul 2008 13:15:18 +0000 (13:15 -0000)]
the list of addresses on the interface of a guest is not cached anymore, but queried directly from the interface
Tobias Brunner [Wed, 30 Jul 2008 13:01:04 +0000 (13:01 -0000)]
* Guest#exec uses the new exec_str function
* tab completion in irdumm enabled
Tobias Brunner [Wed, 30 Jul 2008 12:58:45 +0000 (12:58 -0000)]
added an extended exec function to guests that allows to get the output of the command as string or by line.
Martin Willi [Wed, 30 Jul 2008 11:38:44 +0000 (11:38 -0000)]
using shared read locks in credential set enumerators to avoid deadlocks
Martin Willi [Wed, 30 Jul 2008 08:27:08 +0000 (08:27 -0000)]
added strongswan.conf option "charon.dos_protection" to disable cookies/aggressiveness check
Andreas Steffen [Tue, 29 Jul 2008 19:46:39 +0000 (19:46 -0000)]
added keyid2sql helper script
Andreas Steffen [Tue, 29 Jul 2008 19:44:54 +0000 (19:44 -0000)]
starter now waits for a maximum of 10s instead of 1s for charon before restarting the daemon
Andreas Steffen [Mon, 28 Jul 2008 14:01:45 +0000 (14:01 -0000)]
demoted IKE state change output to debug level 2
Andreas Steffen [Mon, 28 Jul 2008 13:53:04 +0000 (13:53 -0000)]
ignore AUTH_LIFETIME value if reauthentication has already been scheduled earlier
Martin Willi [Mon, 28 Jul 2008 13:10:34 +0000 (13:10 -0000)]
switched xterm console title
Martin Willi [Mon, 28 Jul 2008 12:37:01 +0000 (12:37 -0000)]
using gnome-terminal in irdumm
Andreas Steffen [Mon, 28 Jul 2008 09:14:07 +0000 (09:14 -0000)]
version bump to 4.2.6
Martin Willi [Mon, 28 Jul 2008 08:29:04 +0000 (08:29 -0000)]
use XFRM_MSG_UPDPOLICY for existing policies only
Andreas Steffen [Fri, 25 Jul 2008 10:30:53 +0000 (10:30 -0000)]
updated UML INSTALL information
Andreas Steffen [Fri, 25 Jul 2008 10:18:23 +0000 (10:18 -0000)]
adapted UML scenarios to improved virtual IP address pool
Andreas Steffen [Fri, 25 Jul 2008 08:02:53 +0000 (08:02 -0000)]
SQLite database template with improved address pool management
Andreas Steffen [Fri, 25 Jul 2008 08:00:04 +0000 (08:00 -0000)]
added changes for the 4.2.5 release
Martin Willi [Thu, 24 Jul 2008 12:48:36 +0000 (12:48 -0000)]
added tests.h to distribution
Martin Willi [Thu, 24 Jul 2008 08:52:12 +0000 (08:52 -0000)]
fixed UCI thread cancellation on ARM
Martin Willi [Thu, 24 Jul 2008 08:28:45 +0000 (08:28 -0000)]
added option charon.plugins.sql.lease_history to disable lease history logging
Martin Willi [Thu, 24 Jul 2008 08:21:55 +0000 (08:21 -0000)]
fixed statistic calcuation for static leases
Andreas Steffen [Wed, 23 Jul 2008 18:46:34 +0000 (18:46 -0000)]
completed IKE_SA logging at the AUDIT level
Martin Willi [Wed, 23 Jul 2008 13:56:07 +0000 (13:56 -0000)]
fixed pool statistics
Andreas Steffen [Wed, 23 Jul 2008 07:44:26 +0000 (07:44 -0000)]
IKE_SA rekeying inherits other_host from old IKE_SA
Andreas Steffen [Wed, 23 Jul 2008 06:38:24 +0000 (06:38 -0000)]
cosmetics
Andreas Steffen [Tue, 22 Jul 2008 17:21:01 +0000 (17:21 -0000)]
start default strongSwan UML topology
Andreas Steffen [Tue, 22 Jul 2008 17:10:10 +0000 (17:10 -0000)]
some more changes to IKE_SA and CHILD_SA logging
Martin Willi [Tue, 22 Jul 2008 14:56:15 +0000 (14:56 -0000)]
experimental and untested reimplementation of sql based IP pool
uses address preallocation and separate address/lease tables for linear lookup time
Andreas Steffen [Tue, 22 Jul 2008 12:13:48 +0000 (12:13 -0000)]
cosmetics
Andreas Steffen [Tue, 22 Jul 2008 12:03:58 +0000 (12:03 -0000)]
ipsec status lists IPCOMP CPIs
Andreas Steffen [Tue, 22 Jul 2008 10:53:56 +0000 (10:53 -0000)]
own CPI was not deleted due to copy-and-paste error
Andreas Steffen [Tue, 22 Jul 2008 10:16:45 +0000 (10:16 -0000)]
consistent logging of SPIs and CPIs
Andreas Steffen [Tue, 22 Jul 2008 06:24:00 +0000 (06:24 -0000)]
missing FETCH_END caused SEGFAULT in ikev2/rw-hash-and-url scenario
Andreas Steffen [Mon, 21 Jul 2008 19:08:03 +0000 (19:08 -0000)]
display protoport in dynamic/32 traffic selectors
Martin Willi [Mon, 21 Jul 2008 14:23:43 +0000 (14:23 -0000)]
fixed bus args copy on non i386 archs
Andreas Steffen [Mon, 21 Jul 2008 12:47:59 +0000 (12:47 -0000)]
consistent logging of IKE and CHILD SAs
Martin Willi [Mon, 21 Jul 2008 11:17:20 +0000 (11:17 -0000)]
pool performance testing
Martin Willi [Mon, 21 Jul 2008 11:16:07 +0000 (11:16 -0000)]
loading unit-tester plugin as the last one
Martin Willi [Mon, 21 Jul 2008 11:15:16 +0000 (11:15 -0000)]
reverted bus to non-recursive mutex due instability