strongswan.git
10 years agofixed description of ikev2/net2net-same-nets scenario
Andreas Steffen [Tue, 27 Jul 2010 18:49:48 +0000 (20:49 +0200)]
fixed description of ikev2/net2net-same-nets scenario

10 years agoReserving does not work, as our pools do not support acquiring arbitrary addresses
Martin Willi [Tue, 27 Jul 2010 10:05:39 +0000 (12:05 +0200)]
Reserving does not work, as our pools do not support acquiring arbitrary addresses

This reverts commit d1384080b3ba74f366eaf8b5f027babca3f5d607.

10 years agoMem pool does not support multiple leases for an identity
Martin Willi [Tue, 27 Jul 2010 07:54:27 +0000 (09:54 +0200)]
Mem pool does not support multiple leases for an identity

10 years agoFlush any remaining cache state if an IKE_SA goes down
Martin Willi [Tue, 27 Jul 2010 07:18:06 +0000 (09:18 +0200)]
Flush any remaining cache state if an IKE_SA goes down

10 years agoAdded NEWS related to HA functionality
Martin Willi [Mon, 26 Jul 2010 13:17:19 +0000 (15:17 +0200)]
Added NEWS related to HA functionality

10 years agoSynchronize EAP-Identity of remote peer
Martin Willi [Mon, 26 Jul 2010 13:10:54 +0000 (15:10 +0200)]
Synchronize EAP-Identity of remote peer

10 years agoReserve virtual IP of passive IKE_SAs in the local pool
Martin Willi [Mon, 26 Jul 2010 13:01:24 +0000 (15:01 +0200)]
Reserve virtual IP of passive IKE_SAs in the local pool

10 years agoAdded strongswan.conf options for HA heartbeat
Martin Willi [Mon, 26 Jul 2010 12:30:19 +0000 (14:30 +0200)]
Added strongswan.conf options for HA heartbeat

10 years agoLog CHILD_SA segment responsibility
Martin Willi [Mon, 26 Jul 2010 11:49:35 +0000 (13:49 +0200)]
Log CHILD_SA segment responsibility

10 years agoPass initiator parameter to distinguish between original and exchange initiator
Martin Willi [Mon, 26 Jul 2010 10:07:38 +0000 (12:07 +0200)]
Pass initiator parameter to distinguish between original and exchange initiator

10 years agoPass the CREATE_CHILD_SA initiator flag to the child_keys parameter
Martin Willi [Mon, 26 Jul 2010 10:05:04 +0000 (12:05 +0200)]
Pass the CREATE_CHILD_SA initiator flag to the child_keys parameter

10 years agoUse a sync message cache to resynchronize IKE_SAs without rekeying
Martin Willi [Thu, 22 Jul 2010 16:54:35 +0000 (18:54 +0200)]
Use a sync message cache to resynchronize IKE_SAs without rekeying

10 years agoLog received HA message types
Martin Willi [Thu, 22 Jul 2010 13:56:11 +0000 (15:56 +0200)]
Log received HA message types

10 years agoAdd enum names for HA message types
Martin Willi [Thu, 22 Jul 2010 13:55:08 +0000 (15:55 +0200)]
Add enum names for HA message types

10 years agoDelay resynchronization request until starter has loaded the configurations
Martin Willi [Thu, 22 Jul 2010 13:52:18 +0000 (13:52 +0000)]
Delay resynchronization request until starter has loaded the configurations

10 years agoReplaces in_segment() by a more generic get_segment() function
Martin Willi [Thu, 22 Jul 2010 12:38:05 +0000 (14:38 +0200)]
Replaces in_segment() by a more generic get_segment() function

10 years agoUse distinct message types for HA message ID updates
Martin Willi [Thu, 22 Jul 2010 11:20:18 +0000 (13:20 +0200)]
Use distinct message types for HA message ID updates

10 years agoMigrated ha plugin to INIT/METHOD macros
Martin Willi [Thu, 22 Jul 2010 09:42:22 +0000 (11:42 +0200)]
Migrated ha plugin to INIT/METHOD macros

10 years agoadded net2net-same-nets
Andreas Steffen [Sun, 25 Jul 2010 09:56:33 +0000 (11:56 +0200)]
added net2net-same-nets

10 years agoAdded NEWS for the eap-simaka-sql plugin
Martin Willi [Fri, 23 Jul 2010 14:02:28 +0000 (16:02 +0200)]
Added NEWS for the eap-simaka-sql plugin

10 years agoNEWS cosmetics
Andreas Steffen [Wed, 21 Jul 2010 19:43:43 +0000 (21:43 +0200)]
NEWS cosmetics

10 years agoMultiple RADIUS server NEWS
Martin Willi [Wed, 21 Jul 2010 15:27:06 +0000 (17:27 +0200)]
Multiple RADIUS server NEWS

10 years agoImplemented support for multiple RADIUS servers
Martin Willi [Wed, 21 Jul 2010 15:06:00 +0000 (17:06 +0200)]
Implemented support for multiple RADIUS servers

10 years agoMigrated eap-radius plugin to INIT/METHOD macros
Martin Willi [Wed, 21 Jul 2010 07:15:32 +0000 (09:15 +0200)]
Migrated eap-radius plugin to INIT/METHOD macros

10 years agoAdded log statement if peer requests EAP, but current config does not allow it
Martin Willi [Wed, 21 Jul 2010 12:55:51 +0000 (14:55 +0200)]
Added log statement if peer requests EAP, but current config does not allow it

10 years agoremove the private updown scripts after use
Andreas Steffen [Sat, 17 Jul 2010 21:25:15 +0000 (23:25 +0200)]
remove the private updown scripts after use

10 years agominor fixes in the ikev2/rw-mark-in-out scenarios
Andreas Steffen [Sat, 17 Jul 2010 15:36:04 +0000 (17:36 +0200)]
minor fixes in the ikev2/rw-mark-in-out scenarios

10 years agoupdated NEWS
Andreas Steffen [Sat, 17 Jul 2010 15:25:01 +0000 (17:25 +0200)]
updated NEWS

10 years agosome reformulations
Andreas Steffen [Sat, 17 Jul 2010 15:19:26 +0000 (17:19 +0200)]
some reformulations

10 years agothe ikev2/nat-two-rw-mark and ikev2/rw-mark-in-out scenarios use the PLUTO_MARK_IN...
Andreas Steffen [Sat, 17 Jul 2010 14:32:47 +0000 (16:32 +0200)]
the ikev2/nat-two-rw-mark and ikev2/rw-mark-in-out scenarios use the PLUTO_MARK_IN and PLUTO_ESP_ENC variables in the mark_update script

10 years agodocumented the new PLUTO environment variables available in the updown script
Andreas Steffen [Sat, 17 Jul 2010 11:41:40 +0000 (13:41 +0200)]
documented the new PLUTO environment variables available in the updown script

10 years agoin a ESP_IN_UDP situation make UDP port available in the updown script
Andreas Steffen [Sat, 17 Jul 2010 11:27:19 +0000 (13:27 +0200)]
in a ESP_IN_UDP situation make UDP port available in the updown script

10 years agofix html error in scenario description
Andreas Steffen [Sat, 17 Jul 2010 11:09:28 +0000 (13:09 +0200)]
fix html error in scenario description

10 years agomake xfrm marks available in the updown scripts
Andreas Steffen [Sat, 17 Jul 2010 11:08:50 +0000 (13:08 +0200)]
make xfrm marks available in the updown scripts

10 years agocheck for mark changes in ipsec update
Andreas Steffen [Sat, 17 Jul 2010 07:13:48 +0000 (09:13 +0200)]
check for mark changes in ipsec update

10 years agoall x509 based sql scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 21:19:52 +0000 (23:19 +0200)]
all x509 based sql scenarios require the revocation plugin

10 years agoall x509 based pfkey scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 21:17:37 +0000 (23:17 +0200)]
all x509 based pfkey scenarios require the revocation plugin

10 years agoall x509 based p2pnat scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 21:07:12 +0000 (23:07 +0200)]
all x509 based p2pnat scenarios require the revocation plugin

10 years agoall x509 based ipv6/*-ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 21:02:17 +0000 (23:02 +0200)]
all x509 based ipv6/*-ikev2 scenarios require the revocation plugin

10 years agoall x509 based ike scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 20:40:20 +0000 (22:40 +0200)]
all x509 based ike scenarios require the revocation plugin

10 years agoall x509 based openssl-ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 20:33:05 +0000 (22:33 +0200)]
all x509 based openssl-ikev2 scenarios require the revocation plugin

10 years agoall x509 based gcrypt-ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 20:03:16 +0000 (22:03 +0200)]
all x509 based gcrypt-ikev2 scenarios require the revocation plugin

10 years agoall x509 based ikev2 scenarios require the revocation plugin
Andreas Steffen [Thu, 15 Jul 2010 19:39:01 +0000 (21:39 +0200)]
all x509 based ikev2 scenarios require the revocation plugin

10 years agoikev2/net2net-psk-dscp does not need certificate support
Andreas Steffen [Thu, 15 Jul 2010 19:37:45 +0000 (21:37 +0200)]
ikev2/net2net-psk-dscp does not need certificate support

10 years agoadd revocation plugin to ikev2/rw-cert scenario
Andreas Steffen [Thu, 15 Jul 2010 18:03:04 +0000 (20:03 +0200)]
add revocation plugin to ikev2/rw-cert scenario

10 years agoWarn about manual plugin load directives for pluto/charon with --disable-load-warning...
Andreas Steffen [Thu, 15 Jul 2010 04:29:26 +0000 (06:29 +0200)]
Warn about manual plugin load directives for pluto/charon with --disable-load-warning compile option

10 years agoRevert "Warn about manual plugin load directives for pluto/charon"
Martin Willi [Wed, 14 Jul 2010 05:15:56 +0000 (07:15 +0200)]
Revert "Warn about manual plugin load directives for pluto/charon"

This reverts commit 5c46726d0d91db5b1fc4ea53326e73443133f22d.

10 years agoactivate --enable-addrblock configure option in UML scenarios
Andreas Steffen [Tue, 13 Jul 2010 19:04:20 +0000 (21:04 +0200)]
activate --enable-addrblock configure option in UML scenarios

10 years agoWarn about manual plugin load directives for pluto/charon
Martin Willi [Tue, 13 Jul 2010 12:43:45 +0000 (14:43 +0200)]
Warn about manual plugin load directives for pluto/charon

10 years agoRemove plugin load directives from default strongswan.conf
Martin Willi [Tue, 13 Jul 2010 12:28:11 +0000 (14:28 +0200)]
Remove plugin load directives from default strongswan.conf

10 years agoAdded NEWS about --signcrl and PEM support in pki utility
Martin Willi [Tue, 13 Jul 2010 12:18:19 +0000 (14:18 +0200)]
Added NEWS about --signcrl and PEM support in pki utility

10 years agoAdded pki PEM encoding support for certificates, CRLs and PKCS10 requests
Martin Willi [Tue, 13 Jul 2010 12:14:39 +0000 (14:14 +0200)]
Added pki PEM encoding support for certificates, CRLs and PKCS10 requests

10 years agoAdded support for Certificate, CRL and PKCS10 encoding to PEM plugin
Martin Willi [Tue, 13 Jul 2010 11:53:33 +0000 (13:53 +0200)]
Added support for Certificate, CRL and PKCS10 encoding to PEM plugin

10 years agoSupport different encoding types in certificate.get_encoding()
Martin Willi [Tue, 13 Jul 2010 11:34:04 +0000 (13:34 +0200)]
Support different encoding types in certificate.get_encoding()

10 years agoRenamed key_encod{ing,der}_t and constants, prepare for generic credential encoding
Martin Willi [Tue, 13 Jul 2010 09:28:04 +0000 (11:28 +0200)]
Renamed key_encod{ing,der}_t and constants, prepare for generic credential encoding

10 years agoMoved keys/key_encoding.[ch] to cred_encoding.[ch]
Martin Willi [Tue, 13 Jul 2010 09:01:08 +0000 (11:01 +0200)]
Moved keys/key_encoding.[ch] to cred_encoding.[ch]

10 years agoFixed doxygen group of cert_validator interface
Martin Willi [Tue, 13 Jul 2010 08:42:02 +0000 (10:42 +0200)]
Fixed doxygen group of cert_validator interface

10 years agoAdded NEWS for revocation/addrblock plugin
Martin Willi [Tue, 13 Jul 2010 07:34:57 +0000 (09:34 +0200)]
Added NEWS for revocation/addrblock plugin

10 years agoAdded addrblock plugin to RFC3779 test cases
Martin Willi [Tue, 13 Jul 2010 07:29:57 +0000 (09:29 +0200)]
Added addrblock plugin to RFC3779 test cases

10 years agoAdded revocation plugin to ikev2 crl/ocsp test cases
Martin Willi [Tue, 13 Jul 2010 07:28:44 +0000 (09:28 +0200)]
Added revocation plugin to ikev2 crl/ocsp test cases

10 years agoMoved X509 ipAddrBlock checking to the addrblock plugin
Martin Willi [Tue, 13 Jul 2010 07:19:39 +0000 (09:19 +0200)]
Moved X509 ipAddrBlock checking to the addrblock plugin

10 years agoAdded a hook to narrow traffic selectors for CHILD_SAs
Martin Willi [Tue, 13 Jul 2010 06:39:19 +0000 (08:39 +0200)]
Added a hook to narrow traffic selectors for CHILD_SAs

10 years agoMoved bus_t to METHOD/INIT macros
Martin Willi [Mon, 12 Jul 2010 14:25:56 +0000 (16:25 +0200)]
Moved bus_t to METHOD/INIT macros

10 years agoMoved addrblock plugin to libcharon
Martin Willi [Mon, 12 Jul 2010 13:57:25 +0000 (15:57 +0200)]
Moved addrblock plugin to libcharon

10 years agoMoved CRL/OCSP checking to a dedicated plugin called revocation
Martin Willi [Mon, 5 Jul 2010 13:26:35 +0000 (15:26 +0200)]
Moved CRL/OCSP checking to a dedicated plugin called revocation

10 years agoMade some useful methods in the credential manager public
Martin Willi [Mon, 5 Jul 2010 13:24:19 +0000 (15:24 +0200)]
Made some useful methods in the credential manager public

10 years agoMoved X509 addrBlock validation to a separate addrblock plugin
Martin Willi [Mon, 5 Jul 2010 12:36:05 +0000 (14:36 +0200)]
Moved X509 addrBlock validation to a separate addrblock plugin

10 years agoAdded a certificate validation hook to the credential manager
Martin Willi [Mon, 5 Jul 2010 12:21:09 +0000 (14:21 +0200)]
Added a certificate validation hook to the credential manager

10 years agoMigrated credential manager to INIT/METHOD macros
Martin Willi [Mon, 5 Jul 2010 10:51:17 +0000 (12:51 +0200)]
Migrated credential manager to INIT/METHOD macros

10 years agoMoved credential manager to libstrongswan
Martin Willi [Mon, 5 Jul 2010 09:54:25 +0000 (11:54 +0200)]
Moved credential manager to libstrongswan

10 years agoMove pathlen constraint checking to X509 specific checks
Martin Willi [Mon, 5 Jul 2010 07:36:30 +0000 (09:36 +0200)]
Move pathlen constraint checking to X509 specific checks

10 years agoCharon uses a generic trunstchain length limit, not only for X509 certificates
Martin Willi [Fri, 2 Jul 2010 08:29:36 +0000 (10:29 +0200)]
Charon uses a generic trunstchain length limit, not only for X509 certificates

10 years agoCombined the OCSP/CRL options to a signle Online check option
Martin Willi [Fri, 2 Jul 2010 07:58:59 +0000 (09:58 +0200)]
Combined the OCSP/CRL options to a signle Online check option

10 years agoadded mark, mark_in, and mark_out to the ipsec.conf.5 man page
Andreas Steffen [Tue, 13 Jul 2010 07:15:53 +0000 (09:15 +0200)]
added mark, mark_in, and mark_out to the ipsec.conf.5 man page

10 years agowe need some ordering
Andreas Steffen [Mon, 12 Jul 2010 20:44:27 +0000 (22:44 +0200)]
we need some ordering

10 years agochanged ordering of statusattr output
Andreas Steffen [Mon, 12 Jul 2010 20:38:18 +0000 (22:38 +0200)]
changed ordering of statusattr output

10 years agoupdated ikev2/ip-two-pools-db scenario to support pool and identity based dns attributes
Andreas Steffen [Mon, 12 Jul 2010 18:54:40 +0000 (20:54 +0200)]
updated ikev2/ip-two-pools-db scenario to support pool and identity based dns attributes

10 years agofixed alignment of caption
Andreas Steffen [Mon, 12 Jul 2010 18:48:14 +0000 (20:48 +0200)]
fixed alignment of caption

10 years agoupdated SQL templates to support attribute pool and identity parameters
Andreas Steffen [Mon, 12 Jul 2010 18:28:24 +0000 (20:28 +0200)]
updated SQL templates to support attribute pool and identity parameters

10 years agooutput identities correctly
Andreas Steffen [Mon, 12 Jul 2010 18:26:17 +0000 (20:26 +0200)]
output identities correctly

10 years agoadded second example scenario
Andreas Steffen [Mon, 12 Jul 2010 12:22:32 +0000 (14:22 +0200)]
added second example scenario

10 years agoapidoc is actually a directory not a file.
Tobias Brunner [Mon, 12 Jul 2010 13:28:55 +0000 (15:28 +0200)]
apidoc is actually a directory not a file.

10 years agoAdded missing pool parameter in DHCP attribute provider.
Tobias Brunner [Mon, 12 Jul 2010 10:27:49 +0000 (12:27 +0200)]
Added missing pool parameter in DHCP attribute provider.

10 years agoDo not interpret long class attributes (such as from NPS) as group
Martin Willi [Fri, 9 Jul 2010 11:53:43 +0000 (13:53 +0200)]
Do not interpret long class attributes (such as from NPS) as group

10 years agoGroup membership constraint is fulfilled if subject is member in one of the groups
Martin Willi [Fri, 9 Jul 2010 11:51:58 +0000 (13:51 +0200)]
Group membership constraint is fulfilled if subject is member in one of the groups

10 years agoAdded support for named attribute groups
Heiko Hund [Wed, 7 Jul 2010 14:45:36 +0000 (16:45 +0200)]
Added support for named attribute groups

Add the possibility to group attributes by a name and assign these
groups to connections. This allows a more granular configuration of
which client will receive what atrributes.

10 years agotransport reqid, mark_in and mark_out in whack message
Andreas Steffen [Fri, 9 Jul 2010 10:19:39 +0000 (12:19 +0200)]
transport reqid, mark_in and mark_out in whack message

10 years agoadded ikev2/net2net-psk-dscp2 DiffServ scenario
Andreas Steffen [Fri, 9 Jul 2010 09:55:01 +0000 (11:55 +0200)]
added ikev2/net2net-psk-dscp2 DiffServ scenario

10 years agoadded ikev2/nat-two-rw-mark-in-out scenario
Andreas Steffen [Fri, 9 Jul 2010 07:36:03 +0000 (09:36 +0200)]
added ikev2/nat-two-rw-mark-in-out scenario

10 years agosome changes to the ikev2/nat-two-rw-mark scenario
Andreas Steffen [Fri, 9 Jul 2010 07:35:02 +0000 (09:35 +0200)]
some changes to the ikev2/nat-two-rw-mark scenario

10 years agoconfiguration of different marks for inbound and outbound direction
Andreas Steffen [Fri, 9 Jul 2010 07:06:02 +0000 (09:06 +0200)]
configuration of different marks for inbound and outbound direction

10 years agoThe file logger supports a time prefix using a strftime() format specifier
Martin Willi [Thu, 8 Jul 2010 14:11:55 +0000 (16:11 +0200)]
The file logger supports a time prefix using a strftime() format specifier

10 years agoPrint identity to a lease address on the same line for simpler greping
Martin Willi [Thu, 8 Jul 2010 13:46:44 +0000 (15:46 +0200)]
Print identity to a lease address on the same line for simpler greping

10 years agoImplemented missing bypass_socket() method in load-testers faked kernel interface
Martin Willi [Wed, 7 Jul 2010 08:00:39 +0000 (10:00 +0200)]
Implemented missing bypass_socket() method in load-testers faked kernel interface

10 years agoadded req parameter to ipsec.conf man page
Andreas Steffen [Tue, 6 Jul 2010 18:32:15 +0000 (20:32 +0200)]
added req parameter to ipsec.conf man page

10 years agoShow mallinfo() data in statusall, if available
Martin Willi [Tue, 6 Jul 2010 14:26:59 +0000 (16:26 +0200)]
Show mallinfo() data in statusall, if available

10 years agoAvoid relocking while enumerator is alive
Martin Willi [Tue, 6 Jul 2010 13:44:37 +0000 (15:44 +0200)]
Avoid relocking while enumerator is alive

10 years agoAdded missing markt_t in load tester, also migrated to INIT/METHOD macros.
Tobias Brunner [Tue, 6 Jul 2010 07:29:18 +0000 (09:29 +0200)]
Added missing markt_t in load tester, also migrated to INIT/METHOD macros.

10 years agoSome Doxygen fixes.
Tobias Brunner [Mon, 5 Jul 2010 13:04:30 +0000 (15:04 +0200)]
Some Doxygen fixes.

10 years agoFixed typo.
Tobias Brunner [Mon, 5 Jul 2010 12:53:56 +0000 (14:53 +0200)]
Fixed typo.