strongswan.git
5 years agoconf: Only install config snippets for enabled components
Tobias Brunner [Fri, 7 Feb 2014 13:46:25 +0000 (14:46 +0100)]
conf: Only install config snippets for enabled components

5 years agoconf: Document options of other programs
Tobias Brunner [Fri, 7 Feb 2014 15:20:39 +0000 (16:20 +0100)]
conf: Document options of other programs

5 years agoconf: Document options of plugins in libpts
Tobias Brunner [Fri, 7 Feb 2014 13:44:19 +0000 (14:44 +0100)]
conf: Document options of plugins in libpts

5 years agolibpts: Move settings to <ns>.plugins with fallback to libimcv
Tobias Brunner [Fri, 7 Feb 2014 13:42:37 +0000 (14:42 +0100)]
libpts: Move settings to <ns>.plugins with fallback to libimcv

5 years agoconf: Document libimcv options
Tobias Brunner [Fri, 7 Feb 2014 13:20:53 +0000 (14:20 +0100)]
conf: Document libimcv options

5 years agolibimcv: Move settings to <ns>.imcv and <ns>.plugins with fallback
Tobias Brunner [Fri, 7 Feb 2014 13:19:06 +0000 (14:19 +0100)]
libimcv: Move settings to <ns>.imcv and <ns>.plugins with fallback

5 years agoconf: Document libtnccs options
Tobias Brunner [Fri, 7 Feb 2014 12:49:28 +0000 (13:49 +0100)]
conf: Document libtnccs options

5 years agolibtnccs: Move settings to <ns>.tnc and <ns>.plugins with fallback
Tobias Brunner [Fri, 7 Feb 2014 12:43:01 +0000 (13:43 +0100)]
libtnccs: Move settings to <ns>.tnc and <ns>.plugins with fallback

5 years agoattr: Silently skip over load option
Tobias Brunner [Fri, 7 Feb 2014 12:18:50 +0000 (13:18 +0100)]
attr: Silently skip over load option

5 years agoPrevent 'make distcheck' from complaining about config files we leave in /etc
Tobias Brunner [Thu, 6 Feb 2014 18:21:54 +0000 (19:21 +0100)]
Prevent 'make distcheck' from complaining about config files we leave in /etc

5 years agoconf: Create automatically generated config snippets in build dir
Tobias Brunner [Wed, 29 Jan 2014 13:03:16 +0000 (14:03 +0100)]
conf: Create automatically generated config snippets in build dir

5 years agoconf: Install config snippets in /usr/share/strongswan/templates/config too
Tobias Brunner [Thu, 6 Feb 2014 17:03:23 +0000 (18:03 +0100)]
conf: Install config snippets in /usr/share/strongswan/templates/config too

5 years agoconf: Only install config snippets if they don't exist yet
Tobias Brunner [Thu, 6 Feb 2014 16:53:57 +0000 (17:53 +0100)]
conf: Only install config snippets if they don't exist yet

5 years agoconf: Move load-tester options to plugin specific file
Tobias Brunner [Thu, 6 Feb 2014 15:00:20 +0000 (16:00 +0100)]
conf: Move load-tester options to plugin specific file

5 years agoconf: Options of all plugins documented
Tobias Brunner [Mon, 3 Feb 2014 17:43:10 +0000 (18:43 +0100)]
conf: Options of all plugins documented

Some options are still missing descriptions though.

5 years agoconf: Add logger example config
Tobias Brunner [Mon, 3 Feb 2014 10:36:49 +0000 (11:36 +0100)]
conf: Add logger example config

5 years agoconf: Converted charon options
Tobias Brunner [Wed, 29 Jan 2014 14:02:31 +0000 (15:02 +0100)]
conf: Converted charon options

5 years agoconf: Split strongswan.conf(5) man page and use generated snippet
Tobias Brunner [Wed, 29 Jan 2014 12:59:34 +0000 (13:59 +0100)]
conf: Split strongswan.conf(5) man page and use generated snippet

5 years agoconf: Generate groff snippet for configuration options
Tobias Brunner [Wed, 29 Jan 2014 12:24:16 +0000 (13:24 +0100)]
conf: Generate groff snippet for configuration options

5 years agoconf: Generate strongswan.conf(5) man page in different directory
Tobias Brunner [Wed, 29 Jan 2014 12:05:07 +0000 (13:05 +0100)]
conf: Generate strongswan.conf(5) man page in different directory

5 years agoconf: Generate and install config sippets for option descriptions
Tobias Brunner [Thu, 23 Jan 2014 15:44:12 +0000 (16:44 +0100)]
conf: Generate and install config sippets for option descriptions

The strongswan.d directory is also created relative to the configured
location of strongswan.conf.

5 years agoconf: Script to convert option descriptions to man page and config snippets added
Tobias Brunner [Wed, 29 Jan 2014 10:03:02 +0000 (11:03 +0100)]
conf: Script to convert option descriptions to man page and config snippets added

5 years agoconf: Create /etc/strongswan.d directory and include .conf files
Tobias Brunner [Thu, 23 Jan 2014 14:30:34 +0000 (15:30 +0100)]
conf: Create /etc/strongswan.d directory and include .conf files

5 years agoconf: Simplified strongswan.conf template
Tobias Brunner [Thu, 23 Jan 2014 14:26:08 +0000 (15:26 +0100)]
conf: Simplified strongswan.conf template

5 years agoconf: Install strongswan.conf template from a separate directory
Tobias Brunner [Thu, 23 Jan 2014 13:38:03 +0000 (14:38 +0100)]
conf: Install strongswan.conf template from a separate directory

5 years agosettings: Add support to enumerate sections and key/value pairs with fallbacks
Tobias Brunner [Mon, 10 Feb 2014 17:01:50 +0000 (18:01 +0100)]
settings: Add support to enumerate sections and key/value pairs with fallbacks

5 years agosettings: Implement subsections and key/value pairs with sorted arrays
Tobias Brunner [Mon, 10 Feb 2014 14:34:29 +0000 (15:34 +0100)]
settings: Implement subsections and key/value pairs with sorted arrays

Is a bit more memory efficient (also due to lazy instantiation) and
lookups for sections with lots of subsections/keys (e.g. charon.plugins) are
faster.

5 years agoarray: Add fallback for qsort_r using thread-local value
Tobias Brunner [Mon, 27 Jan 2014 12:41:21 +0000 (13:41 +0100)]
array: Add fallback for qsort_r using thread-local value

Cygwin for example does not support qsort_r.

5 years agoplugin-loader: Optionally use load option in each plugin section to load plugins
Tobias Brunner [Wed, 22 Jan 2014 14:29:45 +0000 (15:29 +0100)]
plugin-loader: Optionally use load option in each plugin section to load plugins

This now works because all plugins use the same config namespace.

If <ns>.load_modular is true, the list of plugins to load is determined
via the value of the <ns>.plugins.<name>.load options.

Using includes the following is possible:

charon {
  load_modular = yes
  plugins {
    include strongswan.d/charon/*.conf
  }
}

charon-cmd {
  load_modular = yes
  plugins {
    include strongswan.d/charon-cmd/*.conf
  }
}

Where each .conf file would contain something like:

<name> {
  load = yes
  <option> = <value>
}

To increase the priority of individual plugins load = <priority> can be
used (the default is 1).  For instance, to use openssl instead of the
built-in crypto plugins set in strongswan.d/charon/openssl.conf:

openssl {
  load = 10
}

If two plugins have the same priority their order in the default plugin
list is preserved.  Plugins not found in that list are ordered
alphabetically before other plugins with the same priority.

5 years agoarray: Add array_bsearch function
Tobias Brunner [Mon, 27 Jan 2014 14:02:19 +0000 (15:02 +0100)]
array: Add array_bsearch function

5 years agoarray: Add array_sort function
Tobias Brunner [Fri, 24 Jan 2014 10:58:33 +0000 (11:58 +0100)]
array: Add array_sort function

5 years agolibcharon: Remove unused charon->name
Tobias Brunner [Wed, 22 Jan 2014 14:19:44 +0000 (15:19 +0100)]
libcharon: Remove unused charon->name

5 years agocharon-tkm: Use lib->ns instead of charon->name
Tobias Brunner [Wed, 22 Jan 2014 14:19:24 +0000 (15:19 +0100)]
charon-tkm: Use lib->ns instead of charon->name

5 years agolibcharon: Use lib->ns instead of charon->name
Tobias Brunner [Wed, 22 Jan 2014 14:18:58 +0000 (15:18 +0100)]
libcharon: Use lib->ns instead of charon->name

5 years agolibhydra: Remove unused hydra->daemon
Tobias Brunner [Wed, 22 Jan 2014 13:39:41 +0000 (14:39 +0100)]
libhydra: Remove unused hydra->daemon

5 years agolibhydra: Use lib->ns instead of hydra->daemon
Tobias Brunner [Wed, 22 Jan 2014 13:35:41 +0000 (14:35 +0100)]
libhydra: Use lib->ns instead of hydra->daemon

5 years agolibtls: Move settings to <ns>.tls with fallback to libtls
Tobias Brunner [Tue, 28 Jan 2014 16:26:50 +0000 (17:26 +0100)]
libtls: Move settings to <ns>.tls with fallback to libtls

5 years agoattr-sql: Use namespace for attr-sql config, with fallback
Tobias Brunner [Tue, 28 Jan 2014 15:58:34 +0000 (16:58 +0100)]
attr-sql: Use namespace for attr-sql config, with fallback

5 years agolib: All settings use configured namespace
Tobias Brunner [Tue, 28 Jan 2014 15:38:06 +0000 (16:38 +0100)]
lib: All settings use configured namespace

5 years agolib: Add default config fallback for configured namespace
Tobias Brunner [Tue, 28 Jan 2014 15:36:50 +0000 (16:36 +0100)]
lib: Add default config fallback for configured namespace

All settings in the configured global namespace fall back to libstrongswan.

5 years agounit-tests: Test how settings_t handles some invalid data
Tobias Brunner [Tue, 28 Jan 2014 14:52:09 +0000 (15:52 +0100)]
unit-tests: Test how settings_t handles some invalid data

5 years agosettings: Add method that allows to define fallback sections for other sections
Tobias Brunner [Tue, 28 Jan 2014 14:20:27 +0000 (15:20 +0100)]
settings: Add method that allows to define fallback sections for other sections

The fallbacks are currently only used for single value lookups.
Enumerators are not affected by them.

5 years agosettings: Make print_key() not rely on null-terminated beginning of key buffer
Tobias Brunner [Tue, 28 Jan 2014 13:17:58 +0000 (14:17 +0100)]
settings: Make print_key() not rely on null-terminated beginning of key buffer

The key to print (e.g. until the next .) still has to be
null-terminated.

5 years agounit-tests: Add tests for includes and file loading in settings_t
Tobias Brunner [Tue, 28 Jan 2014 11:03:52 +0000 (12:03 +0100)]
unit-tests: Add tests for includes and file loading in settings_t

5 years agosettings: Allow empty strings in section key
Tobias Brunner [Tue, 28 Jan 2014 10:38:01 +0000 (11:38 +0100)]
settings: Allow empty strings in section key

5 years agounit-tests: Add tests for enumerators in settings_t
Tobias Brunner [Tue, 28 Jan 2014 09:36:05 +0000 (10:36 +0100)]
unit-tests: Add tests for enumerators in settings_t

5 years agounit-tests: Add tests for setters in settings_t
Tobias Brunner [Tue, 28 Jan 2014 08:29:14 +0000 (09:29 +0100)]
unit-tests: Add tests for setters in settings_t

5 years agounit-tests: Add basic tests for settings_t
Tobias Brunner [Tue, 28 Jan 2014 08:03:38 +0000 (09:03 +0100)]
unit-tests: Add basic tests for settings_t

5 years agolib: Add global config namespace
Tobias Brunner [Wed, 22 Jan 2014 10:50:39 +0000 (11:50 +0100)]
lib: Add global config namespace

5 years agopool: Typo in Makefile fixed
Tobias Brunner [Wed, 12 Feb 2014 13:34:09 +0000 (14:34 +0100)]
pool: Typo in Makefile fixed

5 years agoMerge branch 'sql-install'
Tobias Brunner [Wed, 12 Feb 2014 13:23:32 +0000 (14:23 +0100)]
Merge branch 'sql-install'

SQL schemas and example data (IMV) are now part of the distribution and
installed in $prefix/share/strongswan.  This way no extra copy is needed
for the test suite and distributions can easily pack those files together
with the plugins.

5 years agopool: Install SQL schemas from src/pool
Tobias Brunner [Wed, 12 Feb 2014 13:21:26 +0000 (14:21 +0100)]
pool: Install SQL schemas from src/pool

This allows us to install the schemas if either the attr-sql or sql
plugin is enabled, since both use the same schema (at least in parts).

5 years agosql: Set default values for some fields in addresses table
Tobias Brunner [Tue, 11 Feb 2014 19:50:32 +0000 (20:50 +0100)]
sql: Set default values for some fields in addresses table

5 years agotesting: Use installed PTS SQL schema and data instead of local copy
Tobias Brunner [Fri, 7 Feb 2014 17:03:02 +0000 (18:03 +0100)]
testing: Use installed PTS SQL schema and data instead of local copy

5 years agotesting: Use installed SQL schema instead of local copy
Tobias Brunner [Fri, 7 Feb 2014 16:58:41 +0000 (17:58 +0100)]
testing: Use installed SQL schema instead of local copy

5 years agolibimcv: Install SQL files in /usr/share/strongswan/templates/database
Tobias Brunner [Fri, 7 Feb 2014 16:48:16 +0000 (17:48 +0100)]
libimcv: Install SQL files in /usr/share/strongswan/templates/database

5 years agosql: Install SQL schemas in /usr/share/strongswan/templates/database
Tobias Brunner [Fri, 7 Feb 2014 16:43:50 +0000 (17:43 +0100)]
sql: Install SQL schemas in /usr/share/strongswan/templates/database

5 years agosql: Remove unused cred.sql snippet
Tobias Brunner [Fri, 7 Feb 2014 16:45:32 +0000 (17:45 +0100)]
sql: Remove unused cred.sql snippet

5 years agoasn1: Support dates before 1970-01-01 (i.e. when time_t gets negative)
Tobias Brunner [Wed, 5 Feb 2014 17:06:15 +0000 (18:06 +0100)]
asn1: Support dates before 1970-01-01 (i.e. when time_t gets negative)

On x86 we allow "overflows" around 1969/1970 but not for other dates.

Fixes #509.

5 years agoasn1: Add additional validation for parsed ASN.1 date/time values
Tobias Brunner [Wed, 5 Feb 2014 16:55:58 +0000 (17:55 +0100)]
asn1: Add additional validation for parsed ASN.1 date/time values

5 years agoikev1: Fix config switching due to failed authentication during Aggressive mode
Tobias Brunner [Fri, 7 Feb 2014 09:04:22 +0000 (10:04 +0100)]
ikev1: Fix config switching due to failed authentication during Aggressive mode

The encoded ID payload gets destroyed by the authenticator, which caused
a segmentation fault after the switch.

Fixes #501.

5 years agokernel-pfroute: Don't cache route entries if installation fails
Tobias Brunner [Fri, 7 Feb 2014 10:37:58 +0000 (11:37 +0100)]
kernel-pfroute: Don't cache route entries if installation fails

5 years agokernel-netlink: Don't cache route entries if installation fails
Tobias Brunner [Fri, 7 Feb 2014 10:37:30 +0000 (11:37 +0100)]
kernel-netlink: Don't cache route entries if installation fails

Fixes #500.

5 years agoidentification: Fix printing of empty RDNs on FreeBSD
Tobias Brunner [Mon, 27 Jan 2014 12:50:28 +0000 (13:50 +0100)]
identification: Fix printing of empty RDNs on FreeBSD

On FreeBSD (null) is printed for NULL even if the precision is 0.

5 years agotests: Fix test for printing NULL on FreeBSD
Tobias Brunner [Mon, 27 Jan 2014 12:50:06 +0000 (13:50 +0100)]
tests: Fix test for printing NULL on FreeBSD

5 years agoFixed description of ikev1/rw-ntru-psk scenario
Andreas Steffen [Wed, 12 Feb 2014 12:21:46 +0000 (13:21 +0100)]
Fixed description of ikev1/rw-ntru-psk scenario

5 years agoUpdated test kvm tests to Linux 3.13 kernel
Andreas Steffen [Wed, 12 Feb 2014 12:16:09 +0000 (13:16 +0100)]
Updated test kvm tests to Linux 3.13 kernel

5 years agoAdded ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios
Andreas Steffen [Wed, 12 Feb 2014 12:14:23 +0000 (13:14 +0100)]
Added ikev1/net2net-ntru-cert and ikev1/rw-ntru-psk scenarios

5 years agotesting: Add ssh script to distribution
Tobias Brunner [Wed, 12 Feb 2014 09:53:17 +0000 (10:53 +0100)]
testing: Add ssh script to distribution

5 years agounit-tests: added asn1_parser tests
Andreas Steffen [Mon, 10 Feb 2014 20:28:54 +0000 (21:28 +0100)]
unit-tests: added asn1_parser tests

5 years agounit-tests: added some more ASN.1 length tests
Andreas Steffen [Mon, 10 Feb 2014 15:05:55 +0000 (16:05 +0100)]
unit-tests: added some more ASN.1 length tests

5 years agoleak_detective: Assign return value of realloc to buf
Thomas Egerer [Mon, 10 Feb 2014 16:14:24 +0000 (17:14 +0100)]
leak_detective: Assign return value of realloc to buf

If realloc return a pointer value different from the value to be
reallocated, a double free can occur in this context.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
5 years agordrand: Provide get_features() regardless of RDRAND availability
Martin Willi [Mon, 10 Feb 2014 10:21:09 +0000 (11:21 +0100)]
rdrand: Provide get_features() regardless of RDRAND availability

As having no get_features() raises a deprecated warning, we return no features
instead.

5 years agordrand: Move RDRAND detection log to level 2
Martin Willi [Mon, 10 Feb 2014 10:07:50 +0000 (11:07 +0100)]
rdrand: Move RDRAND detection log to level 2

When having RDRAND support, these log messages might be confusing when using
pki or other tools.

5 years agoupdown: Return an empty DNS server enumerator if no IKE_SA available
Martin Willi [Thu, 6 Feb 2014 15:38:39 +0000 (16:38 +0100)]
updown: Return an empty DNS server enumerator if no IKE_SA available

The one existing caller does not handle a NULL return and always expects
an enumerator; and returning FALSE does not make sense anyway.

5 years agoMerge branch 'cmd-proposals'
Martin Willi [Thu, 6 Feb 2014 14:58:41 +0000 (15:58 +0100)]
Merge branch 'cmd-proposals'

Introduce --ike/esp/ah-proposal options to offer custom proposals, and requests
an IPv6 virtual IP if an IPv6 --remote-ts is given.

Fixes #508.

5 years agocharon-cmd: Request an IPv6 virtual IP if an IPv6 remote subnet given
Martin Willi [Tue, 4 Feb 2014 15:40:25 +0000 (16:40 +0100)]
charon-cmd: Request an IPv6 virtual IP if an IPv6 remote subnet given

5 years agocharon-cmd: Document new proposal options in manpage
Martin Willi [Tue, 4 Feb 2014 10:37:52 +0000 (11:37 +0100)]
charon-cmd: Document new proposal options in manpage

5 years agocharon-cmd: Add --esp/--ah-proposal options to specify CHILD_SA proposals
Martin Willi [Tue, 4 Feb 2014 10:29:28 +0000 (11:29 +0100)]
charon-cmd: Add --esp/--ah-proposal options to specify CHILD_SA proposals

5 years agocharon-cmd: Add an --ike-proposal option to specify non-default IKE proposals
Martin Willi [Tue, 4 Feb 2014 10:17:37 +0000 (11:17 +0100)]
charon-cmd: Add an --ike-proposal option to specify non-default IKE proposals

5 years agocharon-cmd: Block SIGUSR1 on worker threads
Martin Willi [Tue, 4 Feb 2014 10:14:27 +0000 (11:14 +0100)]
charon-cmd: Block SIGUSR1 on worker threads

To properly shut down charon-cmd with leak reports, only the main thread
should catch SIGUSR1 to shut down the application. Work threads should ignore
SIGUSR1 to avoid any hard application termination.

5 years agoDocument ipsec attest --session command
Andreas Steffen [Wed, 5 Feb 2014 11:06:46 +0000 (12:06 +0100)]
Document ipsec attest --session command

5 years agoAllow output of session time in UTC
Andreas Steffen [Wed, 5 Feb 2014 11:06:22 +0000 (12:06 +0100)]
Allow output of session time in UTC

5 years agoAdded missing semicolon in SQL statements
Andreas Steffen [Wed, 5 Feb 2014 09:15:56 +0000 (10:15 +0100)]
Added missing semicolon in SQL statements

5 years agoAdded Android 4.3.1 to products database table
Andreas Steffen [Tue, 4 Feb 2014 18:49:34 +0000 (19:49 +0100)]
Added Android 4.3.1 to products database table

5 years agoAdded new Android versions to PTS database
Andreas Steffen [Tue, 4 Feb 2014 05:59:01 +0000 (06:59 +0100)]
Added new Android versions to PTS database

5 years agotesting: Fetch the FreeRADIUS tarball from the "old" directory
Martin Willi [Fri, 31 Jan 2014 16:51:45 +0000 (17:51 +0100)]
testing: Fetch the FreeRADIUS tarball from the "old" directory

Fixes #483.

5 years agounit-tests: Add some test cases for HTTP GET/POST fetches
Martin Willi [Thu, 30 Jan 2014 17:05:46 +0000 (18:05 +0100)]
unit-tests: Add some test cases for HTTP GET/POST fetches

5 years agounit-tests: Fix test_runner_run() apidoc
Martin Willi [Wed, 29 Jan 2014 12:36:56 +0000 (13:36 +0100)]
unit-tests: Fix test_runner_run() apidoc

5 years agopki: Declare correct section in pki --issue man page
Tobias Brunner [Fri, 24 Jan 2014 15:16:08 +0000 (16:16 +0100)]
pki: Declare correct section in pki --issue man page

5 years agoNEWS: Add unit testing improvements
Martin Willi [Fri, 24 Jan 2014 12:18:45 +0000 (13:18 +0100)]
NEWS: Add unit testing improvements

5 years agoike: Restart inactivity counter after doing a CHILD_SA rekey
Martin Willi [Thu, 7 Nov 2013 08:21:02 +0000 (09:21 +0100)]
ike: Restart inactivity counter after doing a CHILD_SA rekey

When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity
job is queued for a time unrelated to the rekey time, so it might happen
that the inactivity job gets executed just after rekeying. If this happens,
inactivity is detected even if we had traffic on the rekeyed CHILD_SA just
before rekeying.

This change implies that inactivity checks can't handle inactivity timeouts
for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter
than the rekey time to have any effect.

5 years agochild-sa: Add a getter for CHILD_SA install time
Martin Willi [Thu, 7 Nov 2013 08:20:40 +0000 (09:20 +0100)]
child-sa: Add a getter for CHILD_SA install time

5 years agoMerge branch 'pam-session'
Martin Willi [Thu, 23 Jan 2014 15:14:46 +0000 (16:14 +0100)]
Merge branch 'pam-session'

Add support for PAM session management in xauth-pam.

5 years agoNEWS: Introduce PAM session management
Martin Willi [Thu, 23 Jan 2014 15:11:54 +0000 (16:11 +0100)]
NEWS: Introduce PAM session management

5 years agoman: Document xauth-pam session option
Martin Willi [Wed, 22 Jan 2014 13:31:22 +0000 (14:31 +0100)]
man: Document xauth-pam session option

5 years agoxauth-pam: Open/close a PAM session for each connected client
Andrea Bonomi [Tue, 21 Jan 2014 08:54:20 +0000 (09:54 +0100)]
xauth-pam: Open/close a PAM session for each connected client

Signed-off-by: Andrea Bonomi <a.bonomi@endian.com>
5 years agoxauth-pam: Sanitize XAuth attributes before passing them to PAM
Martin Willi [Wed, 22 Jan 2014 13:01:01 +0000 (14:01 +0100)]
xauth-pam: Sanitize XAuth attributes before passing them to PAM

5 years agoMerge branch 'vendor-ids'
Martin Willi [Thu, 23 Jan 2014 15:04:48 +0000 (16:04 +0100)]
Merge branch 'vendor-ids'

Refactors IKEv2 vendor ID handling, and introduces some IDs seen when talking
to Cisco devices.

5 years agoikev2: Add Cisco FRAGMENTATION vendor ID
Martin Willi [Fri, 17 Jan 2014 11:00:13 +0000 (12:00 +0100)]
ikev2: Add Cisco FRAGMENTATION vendor ID

Courtesy of C.J. Adams-Collier, ZeroLag Communications, Inc.