3 years agoplugin-constructors: Add script to generate constructor registration
Tobias Brunner [Fri, 28 Apr 2017 15:46:57 +0000 (17:46 +0200)]
plugin-constructors: Add script to generate constructor registration

Using a Python script so this works in cross-compilation situations.

3 years agoplugin-loader: Add facility to register plugin constructors
Tobias Brunner [Fri, 28 Apr 2017 15:41:57 +0000 (17:41 +0200)]
plugin-loader: Add facility to register plugin constructors

Enabled when building monolithically and statically.

This should allow us to work around the -whole-archive issue with
libtool.  If the libraries register the plugin constructors they provide
they reference the constructors and will therefore prevent the linker from
removing these seemingly unused symbols from the final executable.

For use cases where dlsym() can be used, e.g. because the static libraries
are manually linked with -whole-archive (Linux) or -force-load (Apple),
this can be disabled by passing ss_cv_static_plugin_constructors=no to
the configure script.

3 years agoconfigure: Don't build static libraries by default
Tobias Brunner [Fri, 28 Apr 2017 13:39:01 +0000 (15:39 +0200)]
configure: Don't build static libraries by default

This way we can actually detect if someone wants to build strongSwan
statically because --enable-static has to be passed explicitly.

3 years agolibrary: Add compile option to disable memwipe() check
Tobias Brunner [Wed, 19 Apr 2017 08:40:40 +0000 (10:40 +0200)]
library: Add compile option to disable memwipe() check

3 years agofuzz: Make path to libFuzzer.a configurable
Tobias Brunner [Wed, 29 Mar 2017 09:32:25 +0000 (11:32 +0200)]
fuzz: Make path to libFuzzer.a configurable

3 years agopem: Don't read beyond line ends
Tobias Brunner [Wed, 29 Mar 2017 09:19:30 +0000 (11:19 +0200)]
pem: Don't read beyond line ends

3 years agox509: Fix leak if there is an empty CDP
Tobias Brunner [Wed, 29 Mar 2017 09:16:34 +0000 (11:16 +0200)]
x509: Fix leak if there is an empty CDP

3 years agox509: Fix leak if a certificate contains multiple authorityKeyIdentifiers
Tobias Brunner [Wed, 15 Mar 2017 10:16:35 +0000 (11:16 +0100)]
x509: Fix leak if a certificate contains multiple authorityKeyIdentifiers

3 years agofuzz: Add fuzzing boilerplate
Tobias Brunner [Wed, 8 Mar 2017 10:00:22 +0000 (11:00 +0100)]
fuzz: Add fuzzing boilerplate

3 years agotesting: Avoid expiration of allocated SPIs due to low retransmission settings
Tobias Brunner [Tue, 14 Mar 2017 16:02:26 +0000 (17:02 +0100)]
testing: Avoid expiration of allocated SPIs due to low retransmission settings

3 years agokernel-netlink: Use total retransmit timeout as acquire timeout
Tobias Brunner [Mon, 13 Mar 2017 11:15:25 +0000 (12:15 +0100)]
kernel-netlink: Use total retransmit timeout as acquire timeout

By using the total retransmit timeout, modifications of timeout settings
automatically reflect on the value of xfrm_acq_expires.  If set, the
value of xfrm_acq_expires configured by the user takes precedence over
the calculated value.

3 years agotask-manager: Add helper function to calculate the total retransmit timeout
Tobias Brunner [Mon, 13 Mar 2017 11:00:40 +0000 (12:00 +0100)]
task-manager: Add helper function to calculate the total retransmit timeout

3 years agoike: Use optional jitter to calculate retransmission timeouts
Tobias Brunner [Fri, 19 May 2017 14:14:40 +0000 (16:14 +0200)]
ike: Use optional jitter to calculate retransmission timeouts

Also adds an optional limit to avoid very high retransmission timeouts
with high numbers of retries.

3 years agokernel-netlink: Try to add new inbound SA if update fails
Thomas Egerer [Thu, 9 Mar 2017 17:26:35 +0000 (18:26 +0100)]
kernel-netlink: Try to add new inbound SA if update fails

When establishing a traffic-triggered CHILD_SA involves the setup of an
IKE_SA more than one exchange is required. As a result the temporary
acquire state may have expired -- even if the acquire expiration
(xfrm_acq_expires) time is set properly (165 by default).  The expire
message sent by the kernel is not processed in charon since no trap can
be found by the trap manager.
A possible solution could be to track allocated SPIs.  But since this is
a corner case and the tracking introduces quite a bit of overhead, it
seems much more sensible to add a new state if the update of a state
fails with NOT_FOUND.

Signed-off-by: Thomas Egerer <>
3 years agokernel-pfkey: Update SA addresses if supported by the kernel
Tobias Brunner [Tue, 7 Feb 2017 08:57:09 +0000 (09:57 +0100)]
kernel-pfkey: Update SA addresses if supported by the kernel

Upcoming FreeBSD kernels will support updating the addresses of existing
SAs with new SADB_X_EXT_NEW_ADDRESS_SRC|DST extensions for the SADB_UPDATE

3 years agokernel-pfkey: Use new encap flag on Mac OS X when updating SAs
Tobias Brunner [Tue, 7 Feb 2017 08:55:50 +0000 (09:55 +0100)]
kernel-pfkey: Use new encap flag on Mac OS X when updating SAs

3 years agoreceiver: Restrict init limit to half-open SAs as responder
Thomas Egerer [Fri, 10 Mar 2017 09:45:48 +0000 (10:45 +0100)]
receiver: Restrict init limit to half-open SAs as responder

Signed-off-by: Thomas Egerer <>
3 years agoMerge branch 'hw-offload'
Tobias Brunner [Tue, 23 May 2017 15:00:04 +0000 (17:00 +0200)]
Merge branch 'hw-offload'

Allows enabling hardware offload for IPsec SAs as introduced by Linux 4.11
for specific hardware.

3 years agokernel-netlink: Update hardware offload attribute when SAs are updated
Tobias Brunner [Wed, 30 Nov 2016 09:46:21 +0000 (10:46 +0100)]
kernel-netlink: Update hardware offload attribute when SAs are updated

3 years agokernel-netlink: Base SA update on correct message in multi-message response
Tobias Brunner [Wed, 30 Nov 2016 09:27:10 +0000 (10:27 +0100)]
kernel-netlink: Base SA update on correct message in multi-message response

3 years agovici: Make hardware offload configurable
Tobias Brunner [Mon, 20 Jun 2016 13:29:47 +0000 (15:29 +0200)]
vici: Make hardware offload configurable

3 years agochild-sa: Optionally enable hardware offload for CHILD_SAs
Tobias Brunner [Mon, 20 Jun 2016 13:27:22 +0000 (15:27 +0200)]
child-sa: Optionally enable hardware offload for CHILD_SAs

3 years agochild-cfg: Add flag to enable hardware offload
Tobias Brunner [Mon, 20 Jun 2016 13:24:49 +0000 (15:24 +0200)]
child-cfg: Add flag to enable hardware offload

3 years agochild-cfg: Use flags for boolean options
Tobias Brunner [Wed, 10 May 2017 17:04:25 +0000 (19:04 +0200)]
child-cfg: Use flags for boolean options

Makes it potentially easier to add new flags.

3 years agokernel-netlink: Enable hardware offloading if configured for an SA
Tobias Brunner [Mon, 20 Jun 2016 13:14:40 +0000 (15:14 +0200)]
kernel-netlink: Enable hardware offloading if configured for an SA

3 years agokernel-ipsec: Add flag to enable hardware offloading for an IPsec SA
Tobias Brunner [Mon, 20 Jun 2016 12:59:38 +0000 (14:59 +0200)]
kernel-ipsec: Add flag to enable hardware offloading for an IPsec SA

3 years agoinclude: Update xfrm.h to include hardware offloading extensions
Tobias Brunner [Mon, 20 Jun 2016 12:55:53 +0000 (14:55 +0200)]
include: Update xfrm.h to include hardware offloading extensions

3 years agokernel-netlink: Directly handle Netlink messages if thread pool is empty
Tobias Brunner [Wed, 12 Apr 2017 13:18:45 +0000 (15:18 +0200)]
kernel-netlink: Directly handle Netlink messages if thread pool is empty

During initialization of the plugins the thread pool is not yet
initialized so there is no watcher thread that could handle the queued
Netlink message and the main thread will wait indefinitely for a

Fixes #2199.

3 years agosocket-default: Add an option to force the sending interface via IP_PKTINFO
Martin Willi [Fri, 16 Sep 2016 12:50:07 +0000 (14:50 +0200)]
socket-default: Add an option to force the sending interface via IP_PKTINFO

On Linux, setting the source address is insufficient to force a packet to be
sent over a certain path. The kernel uses the best route to select the outgoing
interface, even if we set a source address of a lower priority interface. This
is not only true for interfaces attaching to the same subnet, but also for
unrelated interfaces; the kernel (at least on 4.7) sends out the packet on
whatever interface it sees fit, even if that network does not expect packets
from the source address we force to.

When a better interface becomes available, strongSwan sends its MOBIKE address
list update using the old source address. But the kernel sends that packet over
the new best interface. If that network drops packets having the unexpected
source address from the old path, the MOBIKE update fails and the SA finally
times out.

To enforce a specific interface for our packet, we explicitly set the interface
index from the interface where the source address is installed. According to
ip(7), this overrules the specified source address to the primary interface
address. As this could have side effects to installations using multiple
addresses on a single interface, we disable the option by default for now.

This also allows using IPv6 link-local addresses, which won't work if
the outbound interface is not set explicitly.

3 years agoAdd an option to announce support for IKE fragmentation but not sending fragments
Tobias Brunner [Fri, 5 May 2017 13:48:14 +0000 (15:48 +0200)]
Add an option to announce support for IKE fragmentation but not sending fragments

3 years agoswanctl: Use returned key ID to track loaded private keys
Tobias Brunner [Fri, 12 May 2017 07:15:24 +0000 (09:15 +0200)]
swanctl: Use returned key ID to track loaded private keys

There was a direct call to load_key() for unencrypted keys that didn't
remove the key ID from the hashtable, which caused keys to get unloaded
when --load-creds was called multiple times.

3 years agovici: Return key ID from load-key command
Tobias Brunner [Fri, 12 May 2017 07:10:15 +0000 (09:10 +0200)]
vici: Return key ID from load-key command

We already do this for load-token and this should simplify client

3 years agocredential-manager: Prefer local over global sets
Adrian-Ken Rueegsegger [Wed, 26 Apr 2017 11:46:26 +0000 (13:46 +0200)]
credential-manager: Prefer local over global sets

Invert set enumeration order to first enumerate local and then global
credential sets.

3 years agoikev1: Send NAT-D payloads after HASH payloads in Aggressive Mode requests
Tobias Brunner [Thu, 4 May 2017 09:29:50 +0000 (11:29 +0200)]
ikev1: Send NAT-D payloads after HASH payloads in Aggressive Mode requests

Some implementations seem to have problems if the third AM message
contains NAT-D payloads before the HASH payload.

Fixes #2314.

3 years agoike-sa-manager: Improve scalability of IKE_SA count checking
Thomas Egerer [Thu, 23 Mar 2017 08:43:06 +0000 (09:43 +0100)]
ike-sa-manager: Improve scalability of IKE_SA count checking

Much like in commit a68454b, we now use a global atomic counter to keep
track of the number of IKE_SAs currently registered. This should improve
scalability for a large number of segments even more.

Signed-off-by: Thomas Egerer <>
3 years agotun-device: Use next free TUN device on FreeBSD
Tobias Brunner [Wed, 3 May 2017 08:01:12 +0000 (10:01 +0200)]
tun-device: Use next free TUN device on FreeBSD

While this API is documented as legacy (and there is a sysctl option to
disable it) the documentation also mentions that it will probably stay
enabled by default due to compatibility issues with existing applications.

With the previous approach only 255 devices could be opened then the
daemon had to be restarted.

Fixes #2313.

3 years agotun-device: TUN devices are not supported on iOS
Tobias Brunner [Tue, 18 Apr 2017 09:06:13 +0000 (11:06 +0200)]
tun-device: TUN devices are not supported on iOS

3 years agoattr-sql: Make release of online leases during startup optional
Tobias Brunner [Tue, 21 Mar 2017 07:53:02 +0000 (08:53 +0100)]
attr-sql: Make release of online leases during startup optional

This cleanup prevents sharing the same DB between multiple VPN gateways.

3 years agocharon-nm: Fix typo to actually use random NAT-T port
Tobias Brunner [Wed, 3 May 2017 07:54:52 +0000 (09:54 +0200)]
charon-nm: Fix typo to actually use random NAT-T port

Fixes: af16b5afb0ee ("Use random ports in NetworkManager backend")

3 years agoaf-alg: Fix crypt() definition conflict
Baruch Siach [Thu, 11 May 2017 11:04:47 +0000 (14:04 +0300)]
af-alg: Fix crypt() definition conflict

Rename the crypt() method to avoid conflict with POSIX crypt(). Fixes the
following build failure with musl libc:

In file included from ../../../../src/libstrongswan/utils/utils.h:53:0,
                 from ../../../../src/libstrongswan/library.h:101,
                 from af_alg_ops.h:24,
                 from af_alg_ops.c:16:
af_alg_ops.c:110:22: error: conflicting types for 'crypt'
 METHOD(af_alg_ops_t, crypt, bool,
../../../../src/libstrongswan/utils/utils/object.h:99:13: note: in definition of macro 'METHOD'
  static ret name(union {iface *_public; this;} \
In file included from af_alg_ops.c:18:0:
.../host/usr/x86_64-buildroot-linux-musl/sysroot/usr/include/unistd.h:144:7: note: previous declaration of 'crypt' was here
 char *crypt(const char *, const char *);

Closes strongswan/strongswan#72.

3 years agoVersion bump to 5.3.3dr2 5.5.3dr2
Andreas Steffen [Mon, 8 May 2017 20:38:12 +0000 (22:38 +0200)]
Version bump to 5.3.3dr2

3 years agox509: Evaluate return codes of parsing functions
Andreas Steffen [Fri, 5 May 2017 07:04:19 +0000 (09:04 +0200)]
x509: Evaluate return codes of parsing functions

3 years agonm: Explicitly prevent the smartcard PIN from being stored
Raphael Geissert [Thu, 3 Nov 2016 16:00:21 +0000 (17:00 +0100)]
nm: Explicitly prevent the smartcard PIN from being stored

The secret storage flag wasn't being saved when using smartcard
authentication, resulting in the PIN being stored.

Fixes #2166.

3 years agonm: IKE/ESP proposal customization support
Defunct [Sat, 29 Apr 2017 19:02:36 +0000 (19:02 +0000)]
nm: IKE/ESP proposal customization support

Closes strongswan/strongswan#70.

3 years agocharon-nm: IKE/ESP proposal customization support
Defunct [Sat, 29 Apr 2017 16:32:02 +0000 (16:32 +0000)]
charon-nm: IKE/ESP proposal customization support

Closes strongswan/strongswan#69.

3 years agoVersion bump to 5.5.3dr1 5.5.3dr1
Andreas Steffen [Wed, 26 Apr 2017 19:29:42 +0000 (21:29 +0200)]
Version bump to 5.5.3dr1

3 years agoconfigure: Include curve25519 in the pki default plugin list
Martin Willi [Wed, 29 Mar 2017 15:04:03 +0000 (17:04 +0200)]
configure: Include curve25519 in the pki default plugin list

The plugin provides ed25519 public key support, and is required to generate
keys or sign certificates with pki.

3 years agotesting: Created swanctl/rw-eap-aka-sql-rsa scenario
Andreas Steffen [Wed, 26 Apr 2017 10:43:40 +0000 (12:43 +0200)]
testing: Created swanctl/rw-eap-aka-sql-rsa scenario

3 years agotesting: Created ikev2/rw-eap-aka-sql-rsa scenario
Andreas Steffen [Sun, 23 Apr 2017 07:19:22 +0000 (09:19 +0200)]
testing: Created ikev2/rw-eap-aka-sql-rsa scenario

This test scenario tests the eap-simaka-sql plugin.

3 years agoeap-simaka-sql: Fixed database column from use to used
Andreas Steffen [Wed, 26 Apr 2017 08:37:45 +0000 (10:37 +0200)]
eap-simaka-sql: Fixed database column from use to used

3 years agopki: Reset variable so error handling works properly
Tobias Brunner [Wed, 19 Apr 2017 16:56:43 +0000 (18:56 +0200)]
pki: Reset variable so error handling works properly

If we jump to `end` without this we crash (not necessarily visibly) due
to a double free and the actual error message is not printed.

3 years agovici: Fix type error exception in Python bindings
odi79 [Fri, 14 Apr 2017 14:40:57 +0000 (16:40 +0200)]
vici: Fix type error exception in Python bindings

Line 66 yields "TypeError: can't concat bytes to str" using Python 3.4.
"requestdata" was introduced in 22f08609f1b6 but is not actually used.
Since the original "request" is not used anywhere else this can be changed
to be similar to the other UTF-8 encoding changes in that commit.

Fixes: 22f08609f1b6 ("vici: Explicitly set the Python encoding type").
Closes strongswan/strongswan#66.

4 years agoVersion bump to 5.5.2 5.5.2
Andreas Steffen [Mon, 27 Mar 2017 14:57:03 +0000 (16:57 +0200)]
Version bump to 5.5.2

4 years agotesting: List BLIS certs in swanctl/rw-newhope-bliss scenario
Andreas Steffen [Mon, 27 Mar 2017 14:56:50 +0000 (16:56 +0200)]
testing: List BLIS certs in swanctl/rw-newhope-bliss scenario

4 years agokernel-netlink: Avoid O(n^2) copy operations when concatenating Netlink responses
Jiri Horky [Thu, 23 Mar 2017 21:59:45 +0000 (22:59 +0100)]
kernel-netlink: Avoid O(n^2) copy operations when concatenating Netlink responses

When constructing the result, all responses from Netlink were concatenated
iteratively, i.e. for each response, the previously acquired result was
copied to newly allocated memory and the current response appended to it.
This results in O(n^2) copy operations. Instead, we now check for the
total final length of the result and copy the individual responses to it
in one pass, i.e. in O(n) copy operations. In particular, this issue caused
very high CPU usage in memcpy() function as the result is copied over and
over. Common way how to hit the issue is when having 1000+ routes and 5+
connecting clients a second. In that case, the memcpy() function can
take 50%+ of one CPU thread on a decent CPU and the whole charon daemon
is stuck just reading routes and concatenating them together (connecting
clients are blocked in that particular case as this is done under mutex).

Closes strongswan/strongswan#65.
References #2055.

4 years agolibtls: Replace expired certificates for unit tests
Tobias Brunner [Fri, 24 Mar 2017 09:18:32 +0000 (10:18 +0100)]
libtls: Replace expired certificates for unit tests

Only the tests with client authentication failed, the client accepted
the trusted self-signed certificate even when it was expired.  On the
server the lookup (based on the pre-configured SAN) first found the ECDSA
cert, which it dismissed for the RSA authentication the client used, and
since only the first "pretrusted" cert is considered the following RSA
cert was verified more thoroughly.
The lookup on the client always uses the full DN of the server certificate
not the pre-configured identity so it found the correct certificate on
the first try.

4 years agopki: Actually make the default key type KEY_ANY for --self
Tobias Brunner [Fri, 24 Mar 2017 09:10:13 +0000 (10:10 +0100)]
pki: Actually make the default key type KEY_ANY for --self

Fixes: 05ccde0a8bd9 ("pki: Add generic 'priv' key type that loads any
type of private key")

4 years agoaddrblock: Narrow selectors when rekeying a CHILD_SA as original responder
Martin Willi [Thu, 23 Mar 2017 07:48:46 +0000 (08:48 +0100)]
addrblock: Narrow selectors when rekeying a CHILD_SA as original responder

If a the original responder narrows the selectors of its peer in addrblock,
the peer gets a subset of that selectors. However, once the original responder
initiates rekeying of that CHILD_SA, it sends the full selectors to the peer,
and then narrows the received selectors locally for the installation, only.

This is insufficient, as the peer ends up with wider selectors, sending traffic
that the original responder will reject to the stricter IPsec policy. So
additionally narrow the selectors when rekeying CHILD_SAs before sending the
TS list to the peer.

4 years agoconf: Document recommended lower limit for SPIs
Tobias Brunner [Thu, 23 Mar 2017 16:29:47 +0000 (17:29 +0100)]
conf: Document recommended lower limit for SPIs

4 years agotravis: aikpub2 was removed, no need to disable it anymore
Tobias Brunner [Thu, 23 Mar 2017 09:48:04 +0000 (10:48 +0100)]
travis: aikpub2 was removed, no need to disable it anymore

4 years agoconf: Remove snippet for aikpub2
Tobias Brunner [Thu, 23 Mar 2017 09:47:25 +0000 (10:47 +0100)]
conf: Remove snippet for aikpub2

4 years agotravis: Build Windows-specific plugins
Tobias Brunner [Wed, 22 Mar 2017 17:04:05 +0000 (18:04 +0100)]
travis: Build Windows-specific plugins

The plugins can only be built on x64 as the MinGW headers on Ubuntu 12.04,
which we have to use for x86 due to another issue with MinGW, are too old.

4 years agokernel-wfp: Don't redefine IPPROTO_IP* if already defined
Tobias Brunner [Wed, 22 Mar 2017 16:59:20 +0000 (17:59 +0100)]
kernel-wfp: Don't redefine IPPROTO_IP* if already defined

4 years agopki: Cast length derived from pointer arithmetic to int
Tobias Brunner [Wed, 22 Mar 2017 16:30:10 +0000 (17:30 +0100)]
pki: Cast length derived from pointer arithmetic to int

4 years agovici: Don't fall back to uninstalling traps if a matching shunt was found
Tobias Brunner [Wed, 22 Mar 2017 16:19:31 +0000 (17:19 +0100)]
vici: Don't fall back to uninstalling traps if a matching shunt was found

This is different if `ike` and `child` are provided and uninstall()
fails as we call that without knowing whether a matching shunt exists.
But if `ike` is not provided we explicitly search for a matching shunt
and if found don't need to look for a trap policy.

4 years agoconfigure: Fix test for libunwind
Tobias Brunner [Wed, 22 Mar 2017 15:33:27 +0000 (16:33 +0100)]
configure: Fix test for libunwind

Most functions in libunwind.h are actually mapped via macros to obscure
function names, so checking for these would require some elaborate test
via AC_LINK_IFELSE().  However, unw_backtrace() seems to be one of the few
actual functions so lets use this for now, even though we don't call it
ourselves later.

Fixes: 016228c15843 ("configure: Check for actual functions in libraries

4 years agoFixed some typos, courtesy of codespell
Tobias Brunner [Wed, 22 Mar 2017 12:13:56 +0000 (13:13 +0100)]
Fixed some typos, courtesy of codespell

4 years agoswanctl: Reformulate IKEv1 selector restriction, describe problems with TS narrowing
Noel Kuntze [Mon, 13 Mar 2017 15:26:10 +0000 (16:26 +0100)]
swanctl: Reformulate IKEv1 selector restriction, describe problems with TS narrowing

4 years agoswanctl: Mention including files when referring to strongswan.conf(5)
Tobias Brunner [Tue, 21 Mar 2017 08:52:44 +0000 (09:52 +0100)]
swanctl: Mention including files when referring to strongswan.conf(5)

4 years agoman: Describe the tunneling of several subnets with IKEv1 in more detail
Noel Kuntze [Mon, 13 Mar 2017 15:20:39 +0000 (16:20 +0100)]
man: Describe the tunneling of several subnets with IKEv1 in more detail

4 years agoman: Add note about modeconfig having to match
Noel Kuntze [Mon, 13 Mar 2017 16:18:48 +0000 (17:18 +0100)]
man: Add note about modeconfig having to match

4 years agoVersion bump to 5.2.2rc1 5.5.2rc1
Andreas Steffen [Tue, 21 Mar 2017 08:09:43 +0000 (09:09 +0100)]
Version bump to 5.2.2rc1

4 years agotesting: Updated OCSP certificate for carol
Andreas Steffen [Tue, 21 Mar 2017 08:09:06 +0000 (09:09 +0100)]
testing: Updated OCSP certificate for carol

4 years agoAllow x25519 as an alias of the curve25519 KE algorithm
Andreas Steffen [Mon, 20 Mar 2017 06:24:29 +0000 (07:24 +0100)]
Allow x25519 as an alias of the curve25519 KE algorithm

4 years agoReference Edwards-curve signature RFCs
Andreas Steffen [Fri, 10 Feb 2017 08:05:54 +0000 (09:05 +0100)]
Reference Edwards-curve signature RFCs

4 years agoThe tpm plugin offers random number generation
Andreas Steffen [Sat, 18 Mar 2017 13:51:30 +0000 (14:51 +0100)]
The tpm plugin offers random number generation

The tpm plugin can be used to derive true random numbers from a
TPM 2.0 device. The get_random method must be explicitly enabled
in strongswan.conf with the plugin.tpm.use_rng = yes option.

4 years agovici: Document how we pronounce the vici protocol and plugin
Martin Willi [Fri, 17 Feb 2017 09:47:44 +0000 (10:47 +0100)]
vici: Document how we pronounce the vici protocol and plugin

4 years agoswanctl: Describe what happens when a FQDN is specified in local|remote_addrs
Tobias Brunner [Fri, 10 Mar 2017 15:03:14 +0000 (16:03 +0100)]
swanctl: Describe what happens when a FQDN is specified in local|remote_addrs

4 years agoman: Describe what happens when a FQDN is specified in left or right
Noel Kuntze [Thu, 9 Mar 2017 16:47:49 +0000 (17:47 +0100)]
man: Describe what happens when a FQDN is specified in left or right

4 years agoikev1: First do PSK lookups based on identities then fallback to IPs
Tobias Brunner [Mon, 13 Mar 2017 15:37:12 +0000 (16:37 +0100)]
ikev1: First do PSK lookups based on identities then fallback to IPs

This provides a solution for configs where there is e.g. a catch-all %any
PSK, while more specific PSKs would be found by the identities of configs
that e.g. use FQDNs as local/remote addresses.

Fixes #2223.

4 years agotesting: Fix URL for kernel sources
Tobias Brunner [Mon, 20 Mar 2017 09:13:33 +0000 (10:13 +0100)]
testing: Fix URL for kernel sources

4 years agoike-sa-manager: Remove superfluous assignment
Thomas Egerer [Wed, 15 Mar 2017 15:24:49 +0000 (16:24 +0100)]
ike-sa-manager: Remove superfluous assignment

Memory is allocated with calloc, hence set to zero, thus assigning the
numerical value 0 is not required.

Signed-off-by: Thomas Egerer <>
4 years agoike: Log remote IP when deleting half-open IKE_SAs
Tobias Brunner [Wed, 15 Mar 2017 14:56:39 +0000 (15:56 +0100)]
ike: Log remote IP when deleting half-open IKE_SAs

4 years agocoverage: Exclude test suites and /usr from coverage report
Tobias Brunner [Wed, 15 Mar 2017 14:54:38 +0000 (15:54 +0100)]
coverage: Exclude test suites and /usr from coverage report

4 years agotravis: Create coverage report via
Tobias Brunner [Wed, 15 Mar 2017 09:19:02 +0000 (10:19 +0100)]
travis: Create coverage report via

4 years agoVersion bump to 5.5.2dr7 5.5.2dr7
Andreas Steffen [Mon, 6 Mar 2017 19:21:40 +0000 (20:21 +0100)]
Version bump to 5.5.2dr7

4 years agoaikpub2: Removed aikpub2 tool
Andreas Steffen [Mon, 6 Mar 2017 05:16:10 +0000 (06:16 +0100)]
aikpub2: Removed aikpub2 tool

The aikpub2 tool has been replaced by pki --pub|--req --keyid hex ..
where keyid indicates the TPM 2.0 private key object handle. Thus
either the public key in PKCS#1 format can be extracted or a PKCS#10
certificate request signed by the TPM private key can be generated.

4 years agopki: Add key object handle of smartcard or TPM private key as an argument to pki...
Andreas Steffen [Mon, 6 Mar 2017 11:53:48 +0000 (12:53 +0100)]
pki: Add key object handle of smartcard or TPM private key as an argument to pki --keyid

4 years agoutils: chunk_from_hex() skips optional 0x prefix
Andreas Steffen [Mon, 6 Mar 2017 10:51:10 +0000 (11:51 +0100)]
utils: chunk_from_hex() skips optional 0x prefix

4 years agopki: Edited keyid parameter use in various pki man pages and usage outputs
Andreas Steffen [Sun, 5 Mar 2017 10:19:39 +0000 (11:19 +0100)]
pki: Edited keyid parameter use in various pki man pages and usage outputs

4 years agoquick-mode: Correctly prepare NAT-OA payloads as responder
Tobias Brunner [Fri, 3 Mar 2017 16:11:04 +0000 (17:11 +0100)]
quick-mode: Correctly prepare NAT-OA payloads as responder

The initiator's address was sent back twice previously.

Fixes #2268.

4 years agoVersion bump to 5.5.2dr6 5.5.2dr6
Andreas Steffen [Fri, 3 Mar 2017 08:34:50 +0000 (09:34 +0100)]
Version bump to 5.5.2dr6

4 years agoAdd keyid of smartcard or TPM private key as an argument to pki --req
Andreas Steffen [Thu, 2 Mar 2017 19:30:24 +0000 (20:30 +0100)]
Add keyid of smartcard or TPM private key as an argument to pki --req

4 years agotesting: load-testconfig script loads config from source dir
Tobias Brunner [Thu, 2 Mar 2017 08:50:34 +0000 (09:50 +0100)]
testing: load-testconfig script loads config from source dir

It now does replace the IPs too. This way it's easier to play around
with a config (otherwise a do-tests run was required to build the
config files in the build dir).

4 years agolibipsec: Enforce a minimum of 256 for SPIs
Tobias Brunner [Thu, 2 Mar 2017 10:51:27 +0000 (11:51 +0100)]
libipsec: Enforce a minimum of 256 for SPIs

RFC 4303 reserves the SPIs between 1 and 255 for future use.  This also
avoids an overflow and a division by zero if spi_min is 0 and spi_max is

4 years agolibipsec: Fix min/max SPI
Tobias Brunner [Thu, 2 Mar 2017 09:11:32 +0000 (10:11 +0100)]
libipsec: Fix min/max SPI

4 years agocontroller: Don't listen for CHILD_SA state changes when terminating IKE_SAs
Tobias Brunner [Thu, 2 Mar 2017 07:58:07 +0000 (08:58 +0100)]
controller: Don't listen for CHILD_SA state changes when terminating IKE_SAs

We actually want to wait until the IKE_SA is destroyed, not any of the
CHILD_SAs (even though there might not be that much of a difference
depending on the number of CHILD_SAs).

Fixes #2261.

4 years agokernel: Make range of SPIs for IPsec SAs configurable
Tobias Brunner [Tue, 21 Feb 2017 18:21:01 +0000 (19:21 +0100)]
kernel: Make range of SPIs for IPsec SAs configurable

4 years agosettings: Add support for hex integers (0x prefix) via get_int()
Tobias Brunner [Tue, 21 Feb 2017 18:12:32 +0000 (19:12 +0100)]
settings: Add support for hex integers (0x prefix) via get_int()

4 years agolibipsec: Log a packet's ports and protocol in case of a policy mismatch
Tobias Brunner [Fri, 17 Feb 2017 11:40:36 +0000 (12:40 +0100)]
libipsec: Log a packet's ports and protocol in case of a policy mismatch