strongswan.git
21 months agoike-init: Reuse the DH group of the previous IKE_SA when rekeying
Tobias Brunner [Fri, 2 Feb 2018 09:29:35 +0000 (10:29 +0100)]
ike-init: Reuse the DH group of the previous IKE_SA when rekeying

21 months agoike-init: Move creation of DH instance after INVALID_KE_PAYLOAD to build_i()
Tobias Brunner [Fri, 2 Feb 2018 09:26:36 +0000 (10:26 +0100)]
ike-init: Move creation of DH instance after INVALID_KE_PAYLOAD to build_i()

This way we get proper error handling if the DH group the peer requested
is not actually supported for some reason (otherwise we'd just retry to
initiate with the configured group and get back another notify).

21 months agochild-cfg: Strip DH groups from both compared proposals
Tobias Brunner [Mon, 22 Jan 2018 13:33:40 +0000 (14:33 +0100)]
child-cfg: Strip DH groups from both compared proposals

This fixes two issues, one is a bug if a DH group is configured for the
local ESP proposals and charon.prefer_configured_proposals is disabled.
This would cause the DH groups to get stripped not from the configured but
from the supplied proposal, which usually already has them stripped.  So
the proposals wouldn't match.  We'd have to always strip them from the local
proposal.  Since there are apparently implementations that, incorrectly, don't
remove the DH groups in the IKE_AUTH exchange (e.g. WatchGuard XTM25
appliances) we just strip them from both proposals.  It's a bit more lenient
that way and we don't have to complicate the code to only clone and strip the
local proposal, which would depend on a flag.

References #2503.

21 months agoike: Don't handle roam events if no IKE config is available
Tobias Brunner [Wed, 20 Dec 2017 11:32:52 +0000 (12:32 +0100)]
ike: Don't handle roam events if no IKE config is available

IKE_SAs newly created via HA_IKE_ADD message don't have any IKE or peer
config assigned yet (this happens later with an HA_IKE_UPDATE message).
And because the state is initially set to IKE_CONNECTING the roam() method
does not immediately return, as it later would for passive HA SAs. This
might cause the check for explicitly configured local addresses to crash
the daemon with a segmentation fault.

Fixes #2500.

21 months agocharon-tkm: Update to latest Anet version
Adrian-Ken Rueegsegger [Tue, 6 Feb 2018 17:46:27 +0000 (18:46 +0100)]
charon-tkm: Update to latest Anet version

21 months agoandroid: New release after changing cert sending policy
Tobias Brunner [Thu, 8 Feb 2018 11:26:11 +0000 (12:26 +0100)]
android: New release after changing cert sending policy

21 months agoandroid: Always send the client certificate
Tobias Brunner [Thu, 8 Feb 2018 11:15:36 +0000 (12:15 +0100)]
android: Always send the client certificate

In scenarios where the server accepts client certificates from dozens or
even hundreds of CAs it might be necessary to omit certificate request
payloads from the IKE_SA_INIT response to avoid fragmentation.

As it is rarely the case in road-warrior scenarios that the server
already has the client certificate installed it should not be a problem
to always send it.

21 months agoauth-cfg: Classify key strengths as multi value rules
Tobias Brunner [Tue, 23 Jan 2018 11:01:02 +0000 (12:01 +0100)]
auth-cfg: Classify key strengths as multi value rules

If that's not the case only the last value added would be considered
not all the keys of a trust chain.

Fixes #2515.

21 months agocharon-nm: Remove unused variable
Tobias Brunner [Mon, 5 Feb 2018 14:11:03 +0000 (15:11 +0100)]
charon-nm: Remove unused variable

21 months agoVersion bump to 5.6.2dr4 5.6.2dr4
Andreas Steffen [Sat, 3 Feb 2018 10:05:21 +0000 (11:05 +0100)]
Version bump to 5.6.2dr4

21 months agotesting: Ignore IP-in-IP SAs created with IPComp SAs that remain in the kernel
Tobias Brunner [Thu, 1 Feb 2018 16:10:19 +0000 (17:10 +0100)]
testing: Ignore IP-in-IP SAs created with IPComp SAs that remain in the kernel

The kernel creates such SAs to handle uncompressed small packets.  They
are implicitly created and deleted with IPComp SAs.  The problem is that
when we delete an IPComp SA only that state is deleted and removed from
the SA lists immediately, the IP-in-IP state is not removed until the IPComp
state is eventually destroyed.  This could take a while if there are still
references to it around.  So the IP-in-IP states will keep getting reported
by ip xfrm state until that happens (we also can't flush or explicitly delete
such kernel-created states).

In kernels before 4.14 this wasn't really a problem but since
ec30d78c14a8 ("xfrm: add xdst pcpu cache") the kernel seems to keep the
references to the last used SAs around a lot longer.

Also, usually a test scenario following an IPComp scenario will create
and use new SAs and thus the cached SAs will disappear before the kernel
state is checked again.  However, if a following scenario uses different
hosts the states might remain, which caused some unrelated scenarios to
fail before adding this fix.

21 months agotesting: Added Linux 4.14 and 4.15 config files
Andreas Steffen [Wed, 31 Jan 2018 20:32:45 +0000 (21:32 +0100)]
testing: Added Linux 4.14 and 4.15 config files

21 months agogmp: Fix compatibility with older libgmp releases
Tobias Brunner [Tue, 23 Jan 2018 08:51:52 +0000 (09:51 +0100)]
gmp: Fix compatibility with older libgmp releases

Older releases don't have mpz_powm_sec() and mpz_inits() yet.

Fixes #2505.

21 months agorevocation: Skip any zero bytes when comparing serials in CRLs
Tobias Brunner [Wed, 24 Jan 2018 13:42:28 +0000 (14:42 +0100)]
revocation: Skip any zero bytes when comparing serials in CRLs

Depending on the plugins that eventually parse the certificate and CRL,
serials with MSB set (i.e. negative numbers that have a zero byte prefixed
when encoded as ASN.1 INTEGER) might have (x509 plugin) or not have
(openssl plugin) a zero byte prefix when returned by get_serial() or
enumerated from the CRL.  Strip them before doing the comparison or
revocation checking might fail if not both credentials are parsed by the
same plugin (which should be rare and only happen if parsing of either
cert or CRL fails with one of the plugins and there is a fallback to the
implementation provided by the other plugin).

Fixes #2509.

21 months agoeap: Reset errno before calling strtoul() to parse EAP type
Reinhard Pfau [Tue, 23 Jan 2018 09:09:14 +0000 (10:09 +0100)]
eap: Reset errno before calling strtoul() to parse EAP type

Reset errno to 0 before calling strtoul() since it sets errno only on
error cases. So the following test fails even on correct conversions if
errno had a value != 0.

Fixes #2506.

22 months agolibtpmtss: Return after failure
Andreas Steffen [Tue, 9 Jan 2018 15:12:40 +0000 (16:12 +0100)]
libtpmtss: Return after failure

22 months agotravis: Disable NM build until we run on a newer image that provides libnm
Tobias Brunner [Fri, 22 Dec 2017 09:41:12 +0000 (10:41 +0100)]
travis: Disable NM build until we run on a newer image that provides libnm

Ubuntu 16.04 (xenial) might soon be available but it's not yet supported
officially.

22 months agoikev1: Default remote identity to %any for PSK lookup if not configured
Tobias Brunner [Wed, 20 Dec 2017 09:28:31 +0000 (10:28 +0100)]
ikev1: Default remote identity to %any for PSK lookup if not configured

Otherwise, the remote identity is ignored when matching owner identities
of PSKs and this way matching PSKs that explicitly have %any assigned is
improved.

Fixes #2497.

22 months agostroke: Don't ignore %any as owner of shared secrets
Tobias Brunner [Wed, 20 Dec 2017 09:13:39 +0000 (10:13 +0100)]
stroke: Don't ignore %any as owner of shared secrets

If users want to associate secrets with any identity, let 'em. This is
also possible with vici and might help if e.g. the remote identity is
actually %any as that would match a PSK with local IP and %any better
than one with local and different remote IP.

Fixes #2497.

22 months agokernel-netlink: Fix compilation on old kernels not defining IFA_F_NODAD
Tobias Brunner [Mon, 11 Dec 2017 09:35:30 +0000 (10:35 +0100)]
kernel-netlink: Fix compilation on old kernels not defining IFA_F_NODAD

Fixes #2490.

22 months agoMerge branch 'testing-route-based'
Tobias Brunner [Fri, 22 Dec 2017 09:23:46 +0000 (10:23 +0100)]
Merge branch 'testing-route-based'

This adds several route-based VPN scenarios (using VTI or GRE interfaces).

It also fixes several swanctl --list-sas checks in other scenarios.

Closes strongswan/strongswan#84.

22 months agotesting: Fix swanctl --list-sas checks in some scenarios
Tobias Brunner [Wed, 6 Dec 2017 11:57:06 +0000 (12:57 +0100)]
testing: Fix swanctl --list-sas checks in some scenarios

::YES was missing (or written as ::YES]) rendering those checks void.
Turns out some of them actually were wrong.

22 months agotesting: Add route-based/net2net-gre scenario
Tobias Brunner [Wed, 6 Dec 2017 11:54:35 +0000 (12:54 +0100)]
testing: Add route-based/net2net-gre scenario

22 months agotesting: Enable GRE support in 4.13 config
Tobias Brunner [Wed, 6 Dec 2017 11:14:11 +0000 (12:14 +0100)]
testing: Enable GRE support in 4.13 config

Also enables IPv6 support for VTI devices.

22 months agotesting: Add route-based/net2net-vti scenario
Robin McCorkell [Sun, 3 Dec 2017 13:42:57 +0000 (13:42 +0000)]
testing: Add route-based/net2net-vti scenario

22 months agotesting: Added route-based/rw-shared-vti-ip6-in-ip4 scenario
Robin McCorkell [Wed, 29 Nov 2017 12:39:24 +0000 (12:39 +0000)]
testing: Added route-based/rw-shared-vti-ip6-in-ip4 scenario

22 months agotesting: Added route-based/rw-shared-vti scenario
Robin McCorkell [Wed, 29 Nov 2017 11:55:49 +0000 (11:55 +0000)]
testing: Added route-based/rw-shared-vti scenario

22 months agotesting: Enable VTI module in kernel config
Robin McCorkell [Wed, 29 Nov 2017 11:31:13 +0000 (11:31 +0000)]
testing: Enable VTI module in kernel config

22 months agotesting: Override user environment PATH in chroot
Robin McCorkell [Mon, 27 Nov 2017 16:46:22 +0000 (16:46 +0000)]
testing: Override user environment PATH in chroot

chroot will capture the user environment's PATH variable, which may be
wrong (e.g. not include /bin:/sbin, as it is on Arch). We should set a
known-working PATH variable in the chroot.

22 months agokernel-pfkey: Fix extended replay configuration on FreeBSD 11.1
Tobias Brunner [Mon, 4 Dec 2017 09:01:14 +0000 (10:01 +0100)]
kernel-pfkey: Fix extended replay configuration on FreeBSD 11.1

Fixes: 88a8fba1c76e ("kernel-pfkey: Support anti-replay windows > 2k")
Fixes #2501.

22 months agoswanctl: Allow dots in authority/shared secret/pool names
Tobias Brunner [Thu, 30 Nov 2017 08:09:39 +0000 (09:09 +0100)]
swanctl: Allow dots in authority/shared secret/pool names

Use argument evaluation provided by settings_t instead of using strings
to enumerate key/values.

If section names contain dots the latter causes the names to get split
and interpreted as non-existing sections and subsections.

This currently doesn't work for connections and their subsections due to
the recursion.

22 months agovici: Document NTLM secrets in README.md
Tobias Brunner [Wed, 29 Nov 2017 13:33:21 +0000 (14:33 +0100)]
vici: Document NTLM secrets in README.md

Fixes #2481.

22 months agovici: Accept XAUTH as shared key type too
Tobias Brunner [Wed, 29 Nov 2017 13:21:56 +0000 (14:21 +0100)]
vici: Accept XAUTH as shared key type too

Fixes #2481.

22 months agocharon-nm: Port to libnm
Lubomir Rintel [Thu, 30 Nov 2017 12:02:02 +0000 (13:02 +0100)]
charon-nm: Port to libnm

libnm-glib is deprecated for several years and reaching the end of its
life. Let's switch to the more up-to-date library.

Closes strongswan/strongswan#85.

22 months agotravis: Disable warning that causes a false positive in Xcode 8.3+
Tobias Brunner [Fri, 8 Dec 2017 08:59:13 +0000 (09:59 +0100)]
travis: Disable warning that causes a false positive in Xcode 8.3+

Xcode 8.3, to which there recently was a switch, spits out a warning for
the potentially unaligned access to ip6_plen in ip-packet.c, which we
explicitly read via untoh16() hence the access to that pointer is not
actually unaligned.  It seems the compiler is not able to determine that
there is no unaligned access even though the function is defined in the
header and marked inline.

23 months agoVersion bump to 5.6.2dr3 5.6.2dr3
Andreas Steffen [Wed, 13 Dec 2017 07:54:54 +0000 (08:54 +0100)]
Version bump to 5.6.2dr3

23 months agotpm_extendpcr: Extend digests into a TPM PCR
Andreas Steffen [Tue, 12 Dec 2017 16:42:08 +0000 (17:42 +0100)]
tpm_extendpcr: Extend digests into a TPM PCR

23 months agoVersion bump to 5.6.2dr2 5.6.2dr2
Andreas Steffen [Sun, 10 Dec 2017 20:42:02 +0000 (21:42 +0100)]
Version bump to 5.6.2dr2

23 months agoasn1: Added tlsfeature OID
Andreas Steffen [Mon, 4 Dec 2017 09:23:57 +0000 (10:23 +0100)]
asn1: Added tlsfeature OID

23 months agopki: Extend pki --print with --keyid parameter
Andreas Steffen [Sun, 10 Dec 2017 18:31:10 +0000 (19:31 +0100)]
pki: Extend pki --print with --keyid parameter

23 months agoimc-os: Derive device ID from private key bound to smartcard or TPM
Andreas Steffen [Sun, 10 Dec 2017 10:51:03 +0000 (11:51 +0100)]
imc-os: Derive device ID from private key bound to smartcard or TPM

23 months agoipsec-types: Don't mask the mark value if it is one of the 'unique' values
Eyal Birger [Thu, 30 Nov 2017 08:47:01 +0000 (10:47 +0200)]
ipsec-types: Don't mask the mark value if it is one of the 'unique' values

Support for mark=%unique/%unique-dir is implemented by using designated
magic mark values.

Use of masks is orthogonal to the 'unique' feature, as it is useful to be
able to designate portions of the packet mark for other purposes, while
still using different marks for different connections.

When these magic values are masked, their magic meaning is lost.

Perform masking only on explicit mark values.

Closes strongswan/strongswan#87.

23 months agonm: Allow disabling libnm-glib
Lubomir Rintel [Thu, 30 Nov 2017 12:24:37 +0000 (13:24 +0100)]
nm: Allow disabling libnm-glib

The distros are eventually going to drop it, allow omitting it.

Closes strongswan/strongswan#86.

23 months agoVersion bump to 5.6.2dr1 5.6.2dr1
Andreas Steffen [Tue, 5 Dec 2017 21:23:43 +0000 (22:23 +0100)]
Version bump to 5.6.2dr1

23 months agopt-tls-client: Load certificates via handle from smartcard or TPM
Andreas Steffen [Tue, 5 Dec 2017 19:41:43 +0000 (20:41 +0100)]
pt-tls-client: Load certificates via handle from smartcard or TPM

23 months agolibtpmtss: Load X.509 certificates from TPM 2.0 NV RAM
Andreas Steffen [Tue, 5 Dec 2017 16:08:55 +0000 (17:08 +0100)]
libtpmtss: Load X.509 certificates from TPM 2.0 NV RAM

23 months agolibtpmtss: Extend TPM 2.0 capability info
Andreas Steffen [Mon, 4 Dec 2017 16:46:23 +0000 (17:46 +0100)]
libtpmtss: Extend TPM 2.0 capability info

23 months agoMerge branch 'android-proposals'
Tobias Brunner [Tue, 28 Nov 2017 15:23:41 +0000 (16:23 +0100)]
Merge branch 'android-proposals'

Makes IKE and ESP proposals configurable.

23 months agoandroid: Remove modp1024 from the ESP proposals
Tobias Brunner [Tue, 28 Nov 2017 15:19:08 +0000 (16:19 +0100)]
android: Remove modp1024 from the ESP proposals

23 months agotesting: Explicitly deliver all test results as text/plain
Tobias Brunner [Tue, 28 Nov 2017 15:16:18 +0000 (16:16 +0100)]
testing: Explicitly deliver all test results as text/plain

23 months agoVersion bump to 5.6.1 5.6.1
Andreas Steffen [Fri, 17 Nov 2017 21:42:28 +0000 (22:42 +0100)]
Version bump to 5.6.1

23 months agotesting: Added swanctl/rw-cert-pss scenario
Andreas Steffen [Fri, 17 Nov 2017 21:42:07 +0000 (22:42 +0100)]
testing: Added swanctl/rw-cert-pss scenario

23 months agoandroid: New release after adding configurable proposals
Tobias Brunner [Fri, 17 Nov 2017 17:07:09 +0000 (18:07 +0100)]
android: New release after adding configurable proposals

23 months agoandroid: Validate proposal strings when importing profiles
Tobias Brunner [Fri, 17 Nov 2017 16:45:52 +0000 (17:45 +0100)]
android: Validate proposal strings when importing profiles

23 months agoandroid: Validate proposal strings in the GUI
Tobias Brunner [Fri, 17 Nov 2017 16:40:52 +0000 (17:40 +0100)]
android: Validate proposal strings in the GUI

23 months agoandroid: Add utility JNI function to validate proposal strings
Tobias Brunner [Fri, 17 Nov 2017 16:26:51 +0000 (17:26 +0100)]
android: Add utility JNI function to validate proposal strings

23 months agoproposal: Move proposal_t from libcharon to libstrongswan
Tobias Brunner [Fri, 17 Nov 2017 16:15:14 +0000 (17:15 +0100)]
proposal: Move proposal_t from libcharon to libstrongswan

This allows us to use it without having to initialize libcharon, which
was required for the logging (we probably could have included debug.h
instead of daemon.h to workaround that but this seems more correct).

23 months agoandroid: Load JNI libraries in Application class
Tobias Brunner [Fri, 17 Nov 2017 15:41:52 +0000 (16:41 +0100)]
android: Load JNI libraries in Application class

This way they are also loaded when we don't use CharonVpnService.

23 months agoandroid: Make IKE/ESP proposals configurable in the GUI
Tobias Brunner [Tue, 14 Nov 2017 10:18:13 +0000 (11:18 +0100)]
android: Make IKE/ESP proposals configurable in the GUI

23 months agoandroid: Import IKE/ESP proposals
Tobias Brunner [Tue, 14 Nov 2017 09:23:09 +0000 (10:23 +0100)]
android: Import IKE/ESP proposals

We currently don't validate them here, only when used later will they
get parsed (which includes some checks).

23 months agoandroid: Use optional custom proposals for IKE and ESP
Tobias Brunner [Tue, 14 Nov 2017 08:49:24 +0000 (09:49 +0100)]
android: Use optional custom proposals for IKE and ESP

If the proposal is invalid we fall back to the defaults.

23 months agoandroid: Add properties for IKE and ESP proposals
Tobias Brunner [Tue, 14 Nov 2017 09:18:59 +0000 (10:18 +0100)]
android: Add properties for IKE and ESP proposals

23 months agoandroid: Free settings string passed via JNI
Tobias Brunner [Fri, 10 Nov 2017 17:14:26 +0000 (18:14 +0100)]
android: Free settings string passed via JNI

23 months agoNEWS: Added some news for 5.6.1
Tobias Brunner [Fri, 17 Nov 2017 08:30:02 +0000 (09:30 +0100)]
NEWS: Added some news for 5.6.1

23 months agohashers: Change names of SHA2 hash algorithms
Tobias Brunner [Fri, 17 Nov 2017 08:31:19 +0000 (09:31 +0100)]
hashers: Change names of SHA2 hash algorithms

Keep the lower case names as they are as we use them internally (parsing
and e.g. in OpenSSL as identifier).

23 months agoikev2: Add hash algorithm used for RSASSA-PSS signature to log message
Tobias Brunner [Wed, 8 Nov 2017 17:08:08 +0000 (18:08 +0100)]
ikev2: Add hash algorithm used for RSASSA-PSS signature to log message

23 months agohasher: Add uppercase short names for hash algorithms
Tobias Brunner [Thu, 16 Nov 2017 16:13:36 +0000 (17:13 +0100)]
hasher: Add uppercase short names for hash algorithms

23 months agotesting: Configure logging via syslog in strongswan.conf
Tobias Brunner [Fri, 10 Nov 2017 15:12:29 +0000 (16:12 +0100)]
testing: Configure logging via syslog in strongswan.conf

Globally configure logging in strongswan.conf.testing and replace all
charondebug statements with strongswan.conf settings.

23 months agotesting: Disable logging via journal in charon-systemd
Tobias Brunner [Wed, 15 Nov 2017 16:11:34 +0000 (17:11 +0100)]
testing: Disable logging via journal in charon-systemd

This avoids duplicate log messages as we already log via syslog to get
daemon.log.

23 months agotesting: Globally define logging via syslog for charon-systemd
Tobias Brunner [Fri, 10 Nov 2017 14:53:52 +0000 (15:53 +0100)]
testing: Globally define logging via syslog for charon-systemd

We could make the same change for charon (actually setting it for charon
in strongswan.conf.testing would work for charon-systemd too), however,
there are dozens of test cases that currently set charondebug in
ipsec.conf.

23 months agox509: Initialize signature params when parsing attribute certificates
Tobias Brunner [Wed, 15 Nov 2017 13:41:56 +0000 (14:41 +0100)]
x509: Initialize signature params when parsing attribute certificates

23 months agosw-collector: Unmap history file on failure to instantiate extractor
Tobias Brunner [Wed, 15 Nov 2017 13:40:10 +0000 (14:40 +0100)]
sw-collector: Unmap history file on failure to instantiate extractor

23 months agocharon: Explicitly check return value of fileno()
Tobias Brunner [Wed, 15 Nov 2017 13:35:42 +0000 (14:35 +0100)]
charon: Explicitly check return value of fileno()

This is mainly for Coverity because fchown() can't take a negative
value, which the -1 check implies is possible.

23 months agopkcs8: Add explicit comment for RSASSA-PSS fall-through
Tobias Brunner [Wed, 15 Nov 2017 13:33:05 +0000 (14:33 +0100)]
pkcs8: Add explicit comment for RSASSA-PSS fall-through

23 months agoThe pacman tool got replaced by the sec-updater tool
Tobias Brunner [Wed, 15 Nov 2017 11:18:17 +0000 (12:18 +0100)]
The pacman tool got replaced by the sec-updater tool

23 months agosec-updater: Fix typo in documentation
Tobias Brunner [Wed, 15 Nov 2017 11:10:33 +0000 (12:10 +0100)]
sec-updater: Fix typo in documentation

23 months agoFixed some typos, courtesy of codespell
Tobias Brunner [Wed, 15 Nov 2017 09:21:13 +0000 (10:21 +0100)]
Fixed some typos, courtesy of codespell

2 years agoswanctl: Add check for conflicting short options
Tobias Brunner [Mon, 13 Nov 2017 09:09:05 +0000 (10:09 +0100)]
swanctl: Add check for conflicting short options

2 years agoswanctl: Properly register --counters commmand
Tobias Brunner [Mon, 13 Nov 2017 08:45:14 +0000 (09:45 +0100)]
swanctl: Properly register --counters commmand

Use C instead of c, which is already used for --load-conns.

2 years agotesting: Do not remove all swanctl subdirectories
Andreas Steffen [Sat, 11 Nov 2017 18:23:01 +0000 (19:23 +0100)]
testing: Do not remove all swanctl subdirectories

2 years agoVersion bump to 5.6.1rc1 5.6.1rc1
Andreas Steffen [Sat, 11 Nov 2017 17:25:17 +0000 (18:25 +0100)]
Version bump to 5.6.1rc1

2 years agoMerge branch 'swanctl-testing'
Andreas Steffen [Sat, 11 Nov 2017 15:42:38 +0000 (16:42 +0100)]
Merge branch 'swanctl-testing'

2 years agolibimcv: Updated imv database
Andreas Steffen [Sat, 11 Nov 2017 15:39:30 +0000 (16:39 +0100)]
libimcv: Updated imv database

2 years agotesting: Converterd tnc to systemd
Andreas Steffen [Sat, 11 Nov 2017 15:36:43 +0000 (16:36 +0100)]
testing: Converterd tnc to systemd

2 years agotesting: Converted sql to systemd
Andreas Steffen [Sat, 11 Nov 2017 06:18:51 +0000 (07:18 +0100)]
testing: Converted sql to systemd

2 years agotesting: Converted swanctl to systemd
Andreas Steffen [Fri, 10 Nov 2017 16:21:40 +0000 (17:21 +0100)]
testing: Converted swanctl to systemd

2 years agotesting: Added legacy ipv6-stroke scenarios
Andreas Steffen [Sun, 29 Oct 2017 19:39:10 +0000 (20:39 +0100)]
testing: Added legacy ipv6-stroke scenarios

2 years agotesting: Converted ipv6/rw-ip6-in-ip4-ikev2 to swanctl
Andreas Steffen [Fri, 10 Nov 2017 12:50:24 +0000 (13:50 +0100)]
testing: Converted ipv6/rw-ip6-in-ip4-ikev2 to swanctl

2 years agotesting: Converted ipv6/rw-ip6-in-ip4-ikev1 to swanctl
Andreas Steffen [Fri, 10 Nov 2017 12:42:29 +0000 (13:42 +0100)]
testing: Converted ipv6/rw-ip6-in-ip4-ikev1 to swanctl

2 years agotesting: Converted ipv6/net2net-ip6-in-ip4-ikev2 to swanctl
Andreas Steffen [Fri, 10 Nov 2017 11:39:36 +0000 (12:39 +0100)]
testing: Converted ipv6/net2net-ip6-in-ip4-ikev2 to swanctl

2 years agotesting: Converted ipv6/net2net-ip6-in-ip4-ikev1 to swanctl
Andreas Steffen [Fri, 10 Nov 2017 11:28:24 +0000 (12:28 +0100)]
testing: Converted ipv6/net2net-ip6-in-ip4-ikev1 to swanctl

2 years agotesting: Converted ipv6/rw-rfc3779-ikev2 to swanctl
Andreas Steffen [Fri, 10 Nov 2017 10:28:28 +0000 (11:28 +0100)]
testing: Converted ipv6/rw-rfc3779-ikev2 to swanctl

2 years agotesting: Converted ipv6/rw-compress-ikev2 to swanctl
Andreas Steffen [Thu, 9 Nov 2017 16:49:03 +0000 (17:49 +0100)]
testing: Converted ipv6/rw-compress-ikev2 to swanctl

2 years agotesting: Converted ipv6/rw-psk-ikev2 to swanctl
Andreas Steffen [Sun, 29 Oct 2017 19:23:03 +0000 (20:23 +0100)]
testing: Converted ipv6/rw-psk-ikev2 to swanctl

2 years agotesting: Converted ipv6/rw-psk-ikev1 to swanctl
Andreas Steffen [Sun, 29 Oct 2017 18:53:45 +0000 (19:53 +0100)]
testing: Converted ipv6/rw-psk-ikev1 to swanctl

2 years agotesting: Converted ipv6/rw-ikev2 to swanctl
Andreas Steffen [Sun, 29 Oct 2017 15:52:51 +0000 (16:52 +0100)]
testing: Converted ipv6/rw-ikev2 to swanctl

2 years agotesting: Converted ipv6/rw-ikev1 to swanctl
Andreas Steffen [Sun, 29 Oct 2017 15:48:19 +0000 (16:48 +0100)]
testing: Converted ipv6/rw-ikev1 to swanctl

2 years agotesting: Converted ipv6/net2net-rfc3779-ikev2 to swanctl
Andreas Steffen [Sun, 29 Oct 2017 14:38:45 +0000 (15:38 +0100)]
testing: Converted ipv6/net2net-rfc3779-ikev2 to swanctl

2 years agotesting: Converted ipv6/net2net-ip4-in-ip6-ikev2 to swanctl
Andreas Steffen [Sun, 29 Oct 2017 11:17:29 +0000 (12:17 +0100)]
testing: Converted ipv6/net2net-ip4-in-ip6-ikev2 to swanctl

2 years agotesting: Converted ipv6/net2net-ip4-in-ip6-ikev1 to swanctl
Andreas Steffen [Sun, 29 Oct 2017 10:29:09 +0000 (11:29 +0100)]
testing: Converted ipv6/net2net-ip4-in-ip6-ikev1 to swanctl