strongswan.git
10 years agocosmetics
Andreas Steffen [Tue, 22 Dec 2009 08:53:53 +0000 (09:53 +0100)]
cosmetics

10 years agofixed IPv6 bug in calc_range()
Andreas Steffen [Mon, 21 Dec 2009 23:49:23 +0000 (00:49 +0100)]
fixed IPv6 bug in calc_range()

10 years agofixed initialization of netbits
Andreas Steffen [Mon, 21 Dec 2009 22:03:14 +0000 (23:03 +0100)]
fixed initialization of netbits

10 years agofixed distribution list
Andreas Steffen [Mon, 21 Dec 2009 21:28:08 +0000 (22:28 +0100)]
fixed distribution list

10 years agotraffic_selector supports RFC 3779 address range format
Andreas Steffen [Mon, 21 Dec 2009 20:28:45 +0000 (21:28 +0100)]
traffic_selector supports RFC 3779 address range format

10 years agoMigrated identification_t to INIT/METHOD macros
Martin Willi [Mon, 21 Dec 2009 14:23:34 +0000 (15:23 +0100)]
Migrated identification_t to INIT/METHOD macros

10 years agothis->type is set by traffic_selector_create()
Andreas Steffen [Sun, 20 Dec 2009 19:01:18 +0000 (20:01 +0100)]
this->type is set by traffic_selector_create()

10 years agoparse RFC 3779 addressFamily
Andreas Steffen [Sun, 20 Dec 2009 18:26:28 +0000 (19:26 +0100)]
parse RFC 3779 addressFamily

10 years agoplugin name is x509
Andreas Steffen [Sun, 20 Dec 2009 15:01:35 +0000 (16:01 +0100)]
plugin name is x509

10 years agodiscard certificate with unknown critical extensions
Andreas Steffen [Sun, 20 Dec 2009 14:53:39 +0000 (15:53 +0100)]
discard certificate with unknown critical extensions

10 years agouse traffic_selector_t object to represent ipAddrBlocks
Andreas Steffen [Sun, 20 Dec 2009 14:15:02 +0000 (15:15 +0100)]
use traffic_selector_t object to represent ipAddrBlocks

10 years agomoved traffic_selectors from charon to libstrongswan
Andreas Steffen [Sun, 20 Dec 2009 13:57:38 +0000 (14:57 +0100)]
moved traffic_selectors from charon to libstrongswan

10 years agofirewall-enabled ipv6/net2net-ip6-in-ip4-ikev2 scenario
Andreas Steffen [Thu, 17 Dec 2009 18:43:33 +0000 (19:43 +0100)]
firewall-enabled ipv6/net2net-ip6-in-ip4-ikev2 scenario

10 years agofirewall-enabled ipv6/net2net-ip4-in-ip6-ikev2 scenario
Andreas Steffen [Thu, 17 Dec 2009 17:50:45 +0000 (18:50 +0100)]
firewall-enabled ipv6/net2net-ip4-in-ip6-ikev2 scenario

10 years agoparse ipAddrBlocks
Andreas Steffen [Thu, 17 Dec 2009 16:32:26 +0000 (17:32 +0100)]
parse ipAddrBlocks

10 years agofixed updown plugin for mixed IPv4/IPv6 tunnels
Andreas Steffen [Thu, 17 Dec 2009 16:28:11 +0000 (17:28 +0100)]
fixed updown plugin for mixed IPv4/IPv6 tunnels

10 years agoMigrated curl_fetcher to INIT/METHOD macros
Martin Willi [Tue, 8 Dec 2009 15:21:08 +0000 (16:21 +0100)]
Migrated curl_fetcher to INIT/METHOD macros

10 years agoAdded a METHOD() macro to define methods with both public and private signatures
Martin Willi [Tue, 8 Dec 2009 15:12:16 +0000 (16:12 +0100)]
Added a METHOD() macro to define methods with both public and private signatures

10 years agoAdded a INIT() macro to initialize class instances
Martin Willi [Tue, 8 Dec 2009 15:11:37 +0000 (16:11 +0100)]
Added a INIT() macro to initialize class instances

10 years agoFixed BEET mode by installing SAs with negotiated address in traffic selector
Martin Willi [Thu, 17 Dec 2009 09:50:37 +0000 (10:50 +0100)]
Fixed BEET mode by installing SAs with negotiated address in traffic selector

10 years agoadded IKEv1 Camellia support to NEWS
Andreas Steffen [Wed, 16 Dec 2009 20:52:32 +0000 (21:52 +0100)]
added IKEv1 Camellia support to NEWS

10 years agoikev1/ip-pool-db-push scenario tests DNS and NBNS server support
Andreas Steffen [Wed, 16 Dec 2009 20:50:39 +0000 (21:50 +0100)]
ikev1/ip-pool-db-push scenario tests DNS and NBNS server support

10 years agoIKEv1 daemon supports DNS and NBNS server assignment from database
Andreas Steffen [Wed, 16 Dec 2009 20:49:51 +0000 (21:49 +0100)]
IKEv1 daemon supports DNS and NBNS server assignment from database

10 years agoikev1/ip-pool-db scenario tests DNS and NBNS server support
Andreas Steffen [Wed, 16 Dec 2009 20:22:13 +0000 (21:22 +0100)]
ikev1/ip-pool-db scenario tests DNS and NBNS server support

10 years agosql/ip-pool-db scenario tests DNS and NBNS server support
Andreas Steffen [Wed, 16 Dec 2009 18:02:23 +0000 (19:02 +0100)]
sql/ip-pool-db scenario tests DNS and NBNS server support

10 years agoikev2/ip-pool-db scenario tests DNS and NBNS server support
Andreas Steffen [Wed, 16 Dec 2009 17:45:29 +0000 (18:45 +0100)]
ikev2/ip-pool-db scenario tests DNS and NBNS server support

10 years agoadded ipsec pool DNS and NBNS support to NEWS
Andreas Steffen [Wed, 16 Dec 2009 17:20:07 +0000 (18:20 +0100)]
added ipsec pool DNS and NBNS support to NEWS

10 years agoipsec pool manages dns and nbns servers
Andreas Steffen [Wed, 16 Dec 2009 17:11:57 +0000 (18:11 +0100)]
ipsec pool manages dns and nbns servers

10 years agocosmetics
Andreas Steffen [Wed, 16 Dec 2009 12:33:09 +0000 (13:33 +0100)]
cosmetics

10 years agoprovide attributes from SQL database
Andreas Steffen [Wed, 16 Dec 2009 11:31:41 +0000 (12:31 +0100)]
provide attributes from SQL database

10 years agoadded openssl-ikev1/alg-camellia scenario
Andreas Steffen [Tue, 15 Dec 2009 18:55:58 +0000 (19:55 +0100)]
added openssl-ikev1/alg-camellia scenario

10 years agoremoved superfluous ikev1/esp-alg-camellia scenario
Andreas Steffen [Tue, 15 Dec 2009 18:16:28 +0000 (19:16 +0100)]
removed superfluous ikev1/esp-alg-camellia scenario

10 years agoadded gcrypt-ikev1/alg-camellia scenario
Andreas Steffen [Tue, 15 Dec 2009 18:15:44 +0000 (19:15 +0100)]
added gcrypt-ikev1/alg-camellia scenario

10 years agoadd IKEv1 support for the Camellia cipher
Andreas Steffen [Tue, 15 Dec 2009 18:13:06 +0000 (19:13 +0100)]
add IKEv1 support for the Camellia cipher

10 years agoAdded htoun16/32 and untoh16/32 to read/write unaligned network order integers
Martin Willi [Tue, 15 Dec 2009 12:39:01 +0000 (13:39 +0100)]
Added htoun16/32 and untoh16/32 to read/write unaligned network order integers

10 years agoInstall v6 routes via outgoing interface for now
Martin Willi [Mon, 14 Dec 2009 13:44:24 +0000 (14:44 +0100)]
Install v6 routes via outgoing interface for now

10 years agoactivate tcpdump in ikev1/esp-alg-des scenario
Andreas Steffen [Thu, 10 Dec 2009 21:37:43 +0000 (22:37 +0100)]
activate tcpdump in ikev1/esp-alg-des scenario

10 years agoshuffled output order to achieve consistence
Andreas Steffen [Wed, 9 Dec 2009 16:26:35 +0000 (17:26 +0100)]
shuffled output order to achieve consistence

10 years agoadded pfkey/alg-sha384 and pfkey/alg-sha512 scenarios
Andreas Steffen [Wed, 9 Dec 2009 16:25:12 +0000 (17:25 +0100)]
added pfkey/alg-sha384 and pfkey/alg-sha512 scenarios

10 years agoadapted openssl-ikev2/alg scenarios
Andreas Steffen [Wed, 9 Dec 2009 14:51:43 +0000 (15:51 +0100)]
adapted openssl-ikev2/alg scenarios

10 years agoadapted gcrypt-ikev2/alg-camellia scenario
Andreas Steffen [Wed, 9 Dec 2009 14:48:03 +0000 (15:48 +0100)]
adapted gcrypt-ikev2/alg-camellia scenario

10 years agoadapted gcrypt-ikev1 alg scenarios
Andreas Steffen [Wed, 9 Dec 2009 14:45:45 +0000 (15:45 +0100)]
adapted gcrypt-ikev1 alg scenarios

10 years agoadapted ikev1 alg and esp scenarios
Andreas Steffen [Wed, 9 Dec 2009 14:41:54 +0000 (15:41 +0100)]
adapted ikev1 alg and esp scenarios

10 years agoadapted pfkey alg and esp scenarios
Andreas Steffen [Wed, 9 Dec 2009 14:38:17 +0000 (15:38 +0100)]
adapted pfkey alg and esp scenarios

10 years agoremove again the ikev2/esp-alg-camellia scenario
Andreas Steffen [Wed, 9 Dec 2009 14:26:43 +0000 (15:26 +0100)]
remove again the ikev2/esp-alg-camellia scenario

10 years agoadapted ikev2 alg and esp scenarios
Andreas Steffen [Wed, 9 Dec 2009 14:19:10 +0000 (15:19 +0100)]
adapted ikev2 alg and esp scenarios

10 years agoremoved redundant ikev1/ike-alg-sha2 scenarios
Andreas Steffen [Wed, 9 Dec 2009 09:11:03 +0000 (10:11 +0100)]
removed redundant ikev1/ike-alg-sha2 scenarios

10 years agoadded ikev1/alg-sha512 scenario
Andreas Steffen [Wed, 9 Dec 2009 08:51:54 +0000 (09:51 +0100)]
added ikev1/alg-sha512 scenario

10 years agoadded ikev1/alg-sha384 scenario
Andreas Steffen [Wed, 9 Dec 2009 08:46:40 +0000 (09:46 +0100)]
added ikev1/alg-sha384 scenario

10 years agorenamed ikev1/alg-sha2_256 scenario to ikev1/alg-sha256
Andreas Steffen [Wed, 9 Dec 2009 08:36:16 +0000 (09:36 +0100)]
renamed ikev1/alg-sha2_256 scenario to ikev1/alg-sha256

10 years agoadded ikev1/alg-sha256-96 scenario
Andreas Steffen [Wed, 9 Dec 2009 08:35:17 +0000 (09:35 +0100)]
added ikev1/alg-sha256-96 scenario

10 years agofixed IKEv1 support of HMAC_SHA2_256_96
Andreas Steffen [Wed, 9 Dec 2009 08:33:32 +0000 (09:33 +0100)]
fixed IKEv1 support of HMAC_SHA2_256_96

10 years agoadded Juniper SRX support to NEWS
Andreas Steffen [Wed, 9 Dec 2009 07:00:19 +0000 (08:00 +0100)]
added Juniper SRX support to NEWS

10 years agoif end id is missing assign IP address to raw public key
Andreas Steffen [Wed, 9 Dec 2009 06:24:43 +0000 (07:24 +0100)]
if end id is missing assign IP address to raw public key

10 years agoIKEv1 support of ESP SHA2_HMAC with correct truncation
Andreas Steffen [Tue, 8 Dec 2009 23:24:22 +0000 (00:24 +0100)]
IKEv1 support of ESP SHA2_HMAC with correct truncation

10 years agosome code optimizations
Andreas Steffen [Tue, 8 Dec 2009 23:19:03 +0000 (00:19 +0100)]
some code optimizations

10 years agoadded ipAddrBlocks OID
Andreas Steffen [Tue, 8 Dec 2009 22:48:56 +0000 (23:48 +0100)]
added ipAddrBlocks OID

10 years agoremoved redundant ikev2/esp-alg-camellia scenario
Andreas Steffen [Tue, 8 Dec 2009 20:43:03 +0000 (21:43 +0100)]
removed redundant ikev2/esp-alg-camellia scenario

10 years agoImproved libfast session management, using a hashtable
Martin Willi [Sat, 5 Dec 2009 16:56:44 +0000 (17:56 +0100)]
Improved libfast session management, using a hashtable

10 years agoRemoved obsolete curl interface specific destructor
Martin Willi [Tue, 8 Dec 2009 15:21:58 +0000 (16:21 +0100)]
Removed obsolete curl interface specific destructor

10 years agoSupport "_" and "-" variants of NetworkManager pkg-config packages
Martin Willi [Tue, 8 Dec 2009 13:35:16 +0000 (14:35 +0100)]
Support "_" and "-" variants of NetworkManager pkg-config packages

10 years agoUndef PACKAGE_BUG/URL of strongSwan before including ruby variants
Martin Willi [Tue, 8 Dec 2009 13:34:14 +0000 (14:34 +0100)]
Undef PACKAGE_BUG/URL of strongSwan before including ruby variants

10 years agoRemove generated config.h.in from source tree
Martin Willi [Tue, 8 Dec 2009 13:29:48 +0000 (14:29 +0100)]
Remove generated config.h.in from source tree

10 years agoadded ikev2/alg-3des-md5 scenario
Andreas Steffen [Tue, 8 Dec 2009 11:54:42 +0000 (12:54 +0100)]
added ikev2/alg-3des-md5 scenario

10 years agoThe attribute manager was moved from daemon_t to libstrongswan.
Tobias Brunner [Mon, 7 Dec 2009 15:00:27 +0000 (16:00 +0100)]
The attribute manager was moved from daemon_t to libstrongswan.

10 years agoDo not execute the callback job if it has been cancelled since registration
Martin Willi [Thu, 3 Dec 2009 07:00:04 +0000 (08:00 +0100)]
Do not execute the callback job if it has been cancelled since registration

10 years agoCleanup library if daemon initialization fails
Martin Willi [Thu, 3 Dec 2009 06:56:19 +0000 (07:56 +0100)]
Cleanup library if daemon initialization fails

10 years agoTo build strongSwan from git sources, gettext is required
Martin Willi [Wed, 2 Dec 2009 10:49:11 +0000 (11:49 +0100)]
To build strongSwan from git sources, gettext is required

10 years agoDo not install invalid 0.0.0.0 DNS servers
Martin Willi [Tue, 1 Dec 2009 14:46:56 +0000 (15:46 +0100)]
Do not install invalid 0.0.0.0 DNS servers

10 years agoPrefer EAP-Identity for provider attribute/address lookup
Martin Willi [Tue, 1 Dec 2009 13:01:56 +0000 (13:01 +0000)]
Prefer EAP-Identity for provider attribute/address lookup

10 years agoSave EAP-Identity on auth config
Martin Willi [Tue, 1 Dec 2009 13:23:37 +0000 (14:23 +0100)]
Save EAP-Identity on auth config

10 years agoStore completed authentication rounds permanently on IKE_SA, with flush option
Martin Willi [Tue, 1 Dec 2009 10:35:30 +0000 (11:35 +0100)]
Store completed authentication rounds permanently on IKE_SA, with flush option

10 years agoRemoved obsolete and unused [gs]et_eap_identity() methods
Martin Willi [Mon, 30 Nov 2009 15:59:23 +0000 (16:59 +0100)]
Removed obsolete and unused [gs]et_eap_identity() methods

10 years agoDo not propose transport mode as initiator if connection is NATed
Martin Willi [Mon, 30 Nov 2009 10:32:26 +0000 (11:32 +0100)]
Do not propose transport mode as initiator if connection is NATed

10 years agoVerify EAP-SIM/AKA AT_MAC before processing any attributes
Martin Willi [Mon, 30 Nov 2009 08:58:54 +0000 (09:58 +0100)]
Verify EAP-SIM/AKA AT_MAC before processing any attributes

10 years agoSIM/AKA/Request/Reauthentication AT_MAC does not include NONCE_S, only the response
Martin Willi [Fri, 27 Nov 2009 14:40:40 +0000 (15:40 +0100)]
SIM/AKA/Request/Reauthentication AT_MAC does not include NONCE_S, only the response

10 years agoInvoke attribute/key hooks from libsimaka
Martin Willi [Fri, 27 Nov 2009 10:16:20 +0000 (11:16 +0100)]
Invoke attribute/key hooks from libsimaka

10 years agoExtended SIM manager by hooks, currently featuring attribute and key hooks
Martin Willi [Fri, 27 Nov 2009 10:14:40 +0000 (11:14 +0100)]
Extended SIM manager by hooks, currently featuring attribute and key hooks

10 years agoAdded a get_sa() method to the bus, allowing a thread to lookup its IKE_SA
Martin Willi [Fri, 27 Nov 2009 08:34:38 +0000 (09:34 +0100)]
Added a get_sa() method to the bus, allowing a thread to lookup its IKE_SA

10 years agoHandle NOT_SUPPORTED or other errors properly in get_quintuplet
Martin Willi [Fri, 27 Nov 2009 13:55:20 +0000 (14:55 +0100)]
Handle NOT_SUPPORTED or other errors properly in get_quintuplet

10 years agoadded RFC-conforming ikev2/sha2 scenarios
Andreas Steffen [Thu, 26 Nov 2009 22:48:29 +0000 (23:48 +0100)]
added RFC-conforming ikev2/sha2 scenarios

10 years agoadapted ikev2/alg-aes-xcbc scenario
Andreas Steffen [Thu, 26 Nov 2009 22:46:27 +0000 (23:46 +0100)]
adapted ikev2/alg-aes-xcbc scenario

10 years agoUse transport mode ESP SA if IPcomp is used, IPcomp already applies outer IP header
Martin Willi [Thu, 26 Nov 2009 14:58:55 +0000 (15:58 +0100)]
Use transport mode ESP SA if IPcomp is used, IPcomp already applies outer IP header

10 years agoAdded NEWS about SHA2 changes
Martin Willi [Thu, 26 Nov 2009 09:27:35 +0000 (10:27 +0100)]
Added NEWS about SHA2 changes

10 years agoUse full algorithm name for SHA384/512 HMACs
Martin Willi [Tue, 24 Nov 2009 14:21:16 +0000 (15:21 +0100)]
Use full algorithm name for SHA384/512 HMACs

10 years agoSupport the Linux specific SHA256 96 bit truncation HMAC via "sha256_96" keyword
Martin Willi [Fri, 20 Nov 2009 09:49:03 +0000 (09:49 +0000)]
Support the Linux specific SHA256 96 bit truncation HMAC via "sha256_96" keyword

10 years agoInstall SHA256_128 auth algorithm with specified 128 bit truncation
Martin Willi [Fri, 20 Nov 2009 09:42:29 +0000 (09:42 +0000)]
Install SHA256_128 auth algorithm with specified 128 bit truncation

10 years agoUpdated XFRM linux header, includes specified truncations for auth algos
Martin Willi [Fri, 20 Nov 2009 09:41:46 +0000 (09:41 +0000)]
Updated XFRM linux header, includes specified truncations for auth algos

10 years agoAdded support for IPv6 source route installation
Martin Willi [Tue, 24 Nov 2009 13:10:18 +0000 (14:10 +0100)]
Added support for IPv6 source route installation

10 years agoCheck existing path in mobike probing only if we still have a route
Martin Willi [Tue, 24 Nov 2009 13:09:09 +0000 (14:09 +0100)]
Check existing path in mobike probing only if we still have a route

10 years agoput identities in single quotes
Andreas Steffen [Wed, 25 Nov 2009 08:02:09 +0000 (09:02 +0100)]
put identities in single quotes

10 years agoadded more debugging in configuration attribute handling
Andreas Steffen [Tue, 24 Nov 2009 22:17:07 +0000 (23:17 +0100)]
added more debugging in configuration attribute handling

10 years agochanged error messages in the case of faulty esp and ike strings
Andreas Steffen [Tue, 24 Nov 2009 15:45:52 +0000 (16:45 +0100)]
changed error messages in the case of faulty esp and ike strings

10 years agodo not send all available kernel algorithms if esp string is faulty
Andreas Steffen [Tue, 24 Nov 2009 15:38:10 +0000 (16:38 +0100)]
do not send all available kernel algorithms if esp string is faulty

10 years agocheck if alg_info_esp exists
Elmar Vonlanthen [Tue, 24 Nov 2009 15:15:12 +0000 (16:15 +0100)]
check if alg_info_esp exists

10 years agoadded some parentheses
Andreas Steffen [Tue, 24 Nov 2009 13:36:17 +0000 (14:36 +0100)]
added some parentheses

10 years agoallow ECP DH groups in pfsgroup definition
Andreas Steffen [Tue, 24 Nov 2009 13:35:25 +0000 (14:35 +0100)]
allow ECP DH groups in pfsgroup definition

10 years agorenewed OCSP Signing certificate
Andreas Steffen [Tue, 24 Nov 2009 12:55:38 +0000 (13:55 +0100)]
renewed OCSP Signing certificate

10 years agoissue error message for expired certificates in OCSP trust chain checking
Andreas Steffen [Tue, 24 Nov 2009 11:37:38 +0000 (12:37 +0100)]
issue error message for expired certificates in OCSP trust chain checking

10 years agoupdated IKEv2 notification messages assigned by IANA
Andreas Steffen [Tue, 24 Nov 2009 08:21:00 +0000 (09:21 +0100)]
updated IKEv2 notification messages assigned by IANA