strongswan.git
12 years agouse cgecho for green output
Andreas Steffen [Fri, 3 Aug 2007 10:58:45 +0000 (10:58 -0000)]
use cgecho for green output

12 years agocheck source routing table 100
Andreas Steffen [Fri, 3 Aug 2007 10:57:37 +0000 (10:57 -0000)]
check source routing table 100

12 years agore-introduced leftnexthop=%direct
Andreas Steffen [Fri, 3 Aug 2007 10:57:08 +0000 (10:57 -0000)]
re-introduced leftnexthop=%direct

12 years agoadded routing table 50 for passthrough routes
Andreas Steffen [Fri, 3 Aug 2007 10:56:40 +0000 (10:56 -0000)]
added routing table 50 for passthrough routes

12 years agouse table 100 for source routing
Andreas Steffen [Fri, 3 Aug 2007 10:05:15 +0000 (10:05 -0000)]
use table 100 for source routing

12 years agoworking cowfs prototype
Martin Willi [Fri, 3 Aug 2007 09:33:43 +0000 (09:33 -0000)]
working cowfs prototype

12 years agohandle dns lookup failures
Andreas Steffen [Thu, 2 Aug 2007 18:38:28 +0000 (18:38 -0000)]
handle dns lookup failures

12 years agostarted own cowfs implementation
Martin Willi [Tue, 31 Jul 2007 15:23:23 +0000 (15:23 -0000)]
started own cowfs implementation

12 years agoadded two methods to clone linked lists and the contained objects.
Tobias Brunner [Tue, 31 Jul 2007 12:54:17 +0000 (12:54 -0000)]
added two methods to clone linked lists and the contained objects.

12 years agobridging using libbridge
Martin Willi [Mon, 30 Jul 2007 13:20:35 +0000 (13:20 -0000)]
bridging using libbridge
rewrite of guest, does not change cwd anymore
loading of created scenarios

12 years agocorrected typo
Andreas Steffen [Mon, 30 Jul 2007 10:55:09 +0000 (10:55 -0000)]
corrected typo

12 years agoproperly shutdown of clients
Martin Willi [Fri, 27 Jul 2007 10:17:50 +0000 (10:17 -0000)]
properly shutdown of clients

12 years agosupport for killing guests properly
Martin Willi [Fri, 27 Jul 2007 07:37:15 +0000 (07:37 -0000)]
support for killing guests properly

12 years agoimplemented mconsole notification to check if guest came up
Martin Willi [Thu, 26 Jul 2007 13:21:06 +0000 (13:21 -0000)]
implemented mconsole notification to check if guest came up
slightly modified menu commands

12 years agofixed tap device setup (requires open/close for each call)
Martin Willi [Thu, 26 Jul 2007 07:39:49 +0000 (07:39 -0000)]
fixed tap device setup (requires open/close for each call)
using more meaningful names for tap devices

12 years agofixed mconsole when using multiple guests
Martin Willi [Wed, 25 Jul 2007 14:05:06 +0000 (14:05 -0000)]
fixed mconsole when using multiple guests
fixed interface enumeration bug

12 years agoadded dynamic interface manipulation for guests
Martin Willi [Wed, 25 Jul 2007 13:23:45 +0000 (13:23 -0000)]
added dynamic interface manipulation for guests
management of tap devices on the host

12 years agochecked in first draft of "Dynamic Uml Mesh Modeler"
Martin Willi [Tue, 24 Jul 2007 14:22:56 +0000 (14:22 -0000)]
checked in first draft of "Dynamic Uml Mesh Modeler"

12 years agobackports from the p2p-nat-t branch:
Tobias Brunner [Thu, 19 Jul 2007 14:12:19 +0000 (14:12 -0000)]
backports from the p2p-nat-t branch:
 * double assignment of function ''destroy'' in some jobs
 * typos

12 years agoupdated XML interface to new schema
Martin Willi [Thu, 19 Jul 2007 10:57:33 +0000 (10:57 -0000)]
updated XML interface to new schema

12 years agonot touching IKE_SA_INIT from ike_mobike_t anymore
Martin Willi [Thu, 19 Jul 2007 08:08:22 +0000 (08:08 -0000)]
not touching IKE_SA_INIT from ike_mobike_t anymore

12 years agofixed compiler warning
Martin Willi [Mon, 16 Jul 2007 07:10:14 +0000 (07:10 -0000)]
fixed compiler warning

12 years agofixed payload order (Nonce, KE) for IKE_SA_INIT
Martin Willi [Mon, 16 Jul 2007 07:01:49 +0000 (07:01 -0000)]
fixed payload order (Nonce, KE) for IKE_SA_INIT

12 years agoinclude default route also in src address evaluation
Andreas Steffen [Fri, 13 Jul 2007 09:00:39 +0000 (09:00 -0000)]
include default route also in src address evaluation

12 years agoinclude default route with missing dst field into route evaluation
Andreas Steffen [Fri, 13 Jul 2007 06:13:14 +0000 (06:13 -0000)]
include default route with missing dst field into route evaluation

12 years agoadded to ipsec.conf installation path
Andreas Steffen [Wed, 11 Jul 2007 16:22:02 +0000 (16:22 -0000)]
added  to ipsec.conf installation path

12 years agodoing route lookup in userspace to ignore routes installed by us
Martin Willi [Wed, 11 Jul 2007 12:37:24 +0000 (12:37 -0000)]
doing route lookup in userspace to ignore routes installed by us

12 years agousing own routing table for installed routes (table 100, prio 100)
Martin Willi [Wed, 11 Jul 2007 06:55:11 +0000 (06:55 -0000)]
using own routing table for installed routes (table 100, prio 100)

12 years agoversion bump to 4.1.5
Andreas Steffen [Sun, 8 Jul 2007 19:40:11 +0000 (19:40 -0000)]
version bump to 4.1.5

12 years agoversion bump to 4.1.5
Andreas Steffen [Sun, 8 Jul 2007 19:08:31 +0000 (19:08 -0000)]
version bump to 4.1.5

12 years agoadded first draft of SMP relax-ng schema
Martin Willi [Fri, 6 Jul 2007 13:44:43 +0000 (13:44 -0000)]
added first draft of SMP relax-ng schema

12 years agoexecute conntrack -F at the outset 4.1.4
Andreas Steffen [Wed, 4 Jul 2007 18:55:54 +0000 (18:55 -0000)]
execute conntrack -F at the outset

12 years agosuppress stderr in start-switches script
Andreas Steffen [Wed, 4 Jul 2007 18:50:21 +0000 (18:50 -0000)]
suppress stderr in start-switches script

12 years agoadded three mobike scenarios
Andreas Steffen [Wed, 4 Jul 2007 17:39:10 +0000 (17:39 -0000)]
added three mobike scenarios

12 years agooutput crl uri as a printable string instead of a binary blob
Andreas Steffen [Wed, 4 Jul 2007 13:36:41 +0000 (13:36 -0000)]
output crl uri as a printable string instead of a binary blob

12 years agoadded entrustVersInfo OID
Andreas Steffen [Wed, 4 Jul 2007 12:11:38 +0000 (12:11 -0000)]
added entrustVersInfo OID

12 years agoignoring unkown crl/ocsp uris
Martin Willi [Wed, 4 Jul 2007 12:00:33 +0000 (12:00 -0000)]
ignoring unkown crl/ocsp uris

12 years agousing correct nexthop for inserted route
Martin Willi [Wed, 4 Jul 2007 09:10:13 +0000 (09:10 -0000)]
using correct nexthop for inserted route

12 years agochanged mobike behavior to NOT use additional responder addresses until we have path...
Martin Willi [Wed, 4 Jul 2007 07:26:34 +0000 (07:26 -0000)]
changed mobike behavior to NOT use additional responder addresses until we have path discovery

12 years agofixed responder initiated CHILD_SA rekeying when using virtual IPs
Martin Willi [Wed, 4 Jul 2007 06:27:33 +0000 (06:27 -0000)]
fixed responder initiated CHILD_SA rekeying when using virtual IPs

12 years agodescribe eap option in ipsec.conf.5 man page
Andreas Steffen [Wed, 4 Jul 2007 05:42:58 +0000 (05:42 -0000)]
describe eap option in ipsec.conf.5 man page

12 years agocosmetics
Andreas Steffen [Wed, 4 Jul 2007 05:42:09 +0000 (05:42 -0000)]
cosmetics

12 years agoremoved the ipsec.conf version number
Andreas Steffen [Wed, 4 Jul 2007 05:41:51 +0000 (05:41 -0000)]
removed the ipsec.conf version number

12 years agofixed firewall script invocation when interface is not available anymore
Martin Willi [Tue, 3 Jul 2007 13:49:29 +0000 (13:49 -0000)]
fixed firewall script invocation when interface is not available anymore

12 years agoversion bumps
Andreas Steffen [Tue, 3 Jul 2007 13:08:13 +0000 (13:08 -0000)]
version bumps

12 years agorecognize strongswan-2.8.6 VID
Andreas Steffen [Tue, 3 Jul 2007 13:06:27 +0000 (13:06 -0000)]
recognize strongswan-2.8.6 VID

12 years agostarter bug fix and pkcs11initargs patch by Robert Varga
Andreas Steffen [Tue, 3 Jul 2007 12:51:29 +0000 (12:51 -0000)]
starter bug fix and pkcs11initargs patch by Robert Varga

12 years agoimproved MOBIKE:
Martin Willi [Tue, 3 Jul 2007 12:32:38 +0000 (12:32 -0000)]
improved MOBIKE:
  prefer address family already used
  do not change address implicit when mobike supported
  handle multiple simultaneous roaming requests more properly
  proper enabling/disabling of UDP encapsulation

12 years agosupport of PKCS#11 init arguments required by NSS softoken, patch contributed by...
Andreas Steffen [Tue, 3 Jul 2007 09:33:02 +0000 (09:33 -0000)]
support of PKCS#11 init arguments required by NSS softoken, patch contributed by Robert Varga

12 years agosupport of PKCS#11 init arguments required by NSS softoken, patch contributed by...
Andreas Steffen [Tue, 3 Jul 2007 09:26:44 +0000 (09:26 -0000)]
support of PKCS#11 init arguments required by NSS softoken, patch contributed by Robert Varga

12 years agoadded message ID to message log
Martin Willi [Tue, 3 Jul 2007 09:00:16 +0000 (09:00 -0000)]
added message ID to message log

12 years agoshow kind of notify contained in messages in log
Martin Willi [Tue, 3 Jul 2007 08:50:14 +0000 (08:50 -0000)]
show kind of notify contained in messages in log

12 years agoDBG1 level for 'peer supports MOBIKE' debug message
Andreas Steffen [Mon, 2 Jul 2007 20:13:15 +0000 (20:13 -0000)]
DBG1 level for 'peer supports MOBIKE' debug message

12 years agofixed typo
Andreas Steffen [Mon, 2 Jul 2007 20:10:26 +0000 (20:10 -0000)]
fixed typo

12 years agocosmetics
Andreas Steffen [Mon, 2 Jul 2007 17:56:04 +0000 (17:56 -0000)]
cosmetics

12 years agofix of the bug fix, courtesy of Robert Varga
Andreas Steffen [Mon, 2 Jul 2007 17:48:30 +0000 (17:48 -0000)]
fix of the bug fix, courtesy of Robert Varga

12 years agobug fix courtesy of Robert Varga
Andreas Steffen [Mon, 2 Jul 2007 17:42:16 +0000 (17:42 -0000)]
bug fix courtesy of Robert Varga

12 years agoupdated documentation files
Martin Willi [Mon, 2 Jul 2007 12:55:43 +0000 (12:55 -0000)]
updated documentation files

12 years agofixed mobike address update from and to NAT
Martin Willi [Mon, 2 Jul 2007 12:55:07 +0000 (12:55 -0000)]
fixed mobike address update from and to NAT

12 years agochanges in uml configuration to allow mobike
Andreas Steffen [Mon, 2 Jul 2007 09:52:20 +0000 (09:52 -0000)]
changes in uml configuration to allow mobike

12 years agoproper update of IPsec SA when roaming a host-to-host tunnel
Martin Willi [Mon, 2 Jul 2007 09:49:22 +0000 (09:49 -0000)]
proper update of IPsec SA when roaming a host-to-host tunnel
roaming of IPsec SAs using virtual IPs

12 years agofixed memleak
Martin Willi [Mon, 2 Jul 2007 08:33:15 +0000 (08:33 -0000)]
fixed memleak

12 years agoupdated charons architecture description
Martin Willi [Fri, 29 Jun 2007 09:21:28 +0000 (09:21 -0000)]
updated charons architecture description

12 years agofixed dpd=hold when using virtual IPs
Martin Willi [Fri, 29 Jun 2007 08:03:32 +0000 (08:03 -0000)]
fixed dpd=hold when using virtual IPs

12 years agoremoved accidently checked in debbuging code
Martin Willi [Fri, 29 Jun 2007 07:40:04 +0000 (07:40 -0000)]
removed accidently checked in debbuging code

12 years agoMobIKE requires iptables to open udp/4500
Andreas Steffen [Thu, 28 Jun 2007 21:33:51 +0000 (21:33 -0000)]
MobIKE requires iptables to open udp/4500

12 years agoMobIKE requires iptables to open udp/4500
Andreas Steffen [Thu, 28 Jun 2007 21:33:13 +0000 (21:33 -0000)]
MobIKE requires iptables to open udp/4500

12 years agofixed IKE_SA reestablishment after DPD using port 500
Martin Willi [Thu, 28 Jun 2007 15:24:24 +0000 (15:24 -0000)]
fixed IKE_SA reestablishment after DPD using port 500

12 years agoalphabetical order
Andreas Steffen [Wed, 27 Jun 2007 21:49:09 +0000 (21:49 -0000)]
alphabetical order

12 years agoseparated pluto, charon, and klips setup config section parameters
Andreas Steffen [Wed, 27 Jun 2007 15:42:11 +0000 (15:42 -0000)]
separated pluto, charon, and klips setup config section parameters

12 years agoadded passthrough scenario
Andreas Steffen [Wed, 27 Jun 2007 14:25:15 +0000 (14:25 -0000)]
added passthrough scenario

12 years agoadded lefthostaccess and leftprotoport parameters
Andreas Steffen [Wed, 27 Jun 2007 14:03:56 +0000 (14:03 -0000)]
added lefthostaccess and leftprotoport parameters

12 years agoright=%<fqdn> wildcard added
Andreas Steffen [Wed, 27 Jun 2007 13:31:16 +0000 (13:31 -0000)]
right=%<fqdn> wildcard added

12 years agoupdate ipsec.conf man page
Andreas Steffen [Wed, 27 Jun 2007 13:29:36 +0000 (13:29 -0000)]
update ipsec.conf man page

12 years agoadd starter.8 man page to distribution
Andreas Steffen [Wed, 27 Jun 2007 13:29:20 +0000 (13:29 -0000)]
add starter.8 man page to distribution

12 years agofurther mobike improvements, regarding to NAT-T
Martin Willi [Wed, 27 Jun 2007 13:10:55 +0000 (13:10 -0000)]
further mobike improvements, regarding to NAT-T

12 years agocosmetics
Andreas Steffen [Wed, 27 Jun 2007 10:04:02 +0000 (10:04 -0000)]
cosmetics

12 years agorecognize wildcard keyingtries=%forever
Andreas Steffen [Wed, 27 Jun 2007 08:11:22 +0000 (08:11 -0000)]
recognize wildcard keyingtries=%forever

12 years agorecognize wildcards right=%group and keyingtries=%forever
Andreas Steffen [Wed, 27 Jun 2007 08:11:08 +0000 (08:11 -0000)]
recognize wildcards right=%group and keyingtries=%forever

12 years agoupdated copyright statement
Andreas Steffen [Wed, 27 Jun 2007 07:36:44 +0000 (07:36 -0000)]
updated copyright statement

12 years agofixed distro and copyright information
Andreas Steffen [Wed, 27 Jun 2007 07:25:19 +0000 (07:25 -0000)]
fixed distro and copyright information

12 years agosimple roaming of the client works (not MOBIKE conform yet!)
Martin Willi [Tue, 26 Jun 2007 13:04:13 +0000 (13:04 -0000)]
simple roaming of the client works (not MOBIKE conform yet!)

12 years agouse of the right=%<fqdn> wildcard
Andreas Steffen [Tue, 26 Jun 2007 10:46:30 +0000 (10:46 -0000)]
use of the right=%<fqdn> wildcard

12 years agofurther fixed for mobike roaming
Martin Willi [Mon, 25 Jun 2007 13:26:02 +0000 (13:26 -0000)]
further fixed for mobike roaming

12 years agosupport of right=%<FQDN> wildcard
Andreas Steffen [Mon, 25 Jun 2007 11:28:39 +0000 (11:28 -0000)]
support of right=%<FQDN> wildcard

12 years agodiscarded unused functions
Andreas Steffen [Mon, 25 Jun 2007 09:06:13 +0000 (09:06 -0000)]
discarded unused functions

12 years agomake starter behave more gracefully in the presence of non-fatal errors
Andreas Steffen [Mon, 25 Jun 2007 07:10:23 +0000 (07:10 -0000)]
make starter behave more gracefully in the presence of non-fatal errors

12 years agofurther MOBIKE stuff:
Martin Willi [Thu, 21 Jun 2007 15:25:28 +0000 (15:25 -0000)]
further MOBIKE stuff:
  kernel properly reports network reconfiguration and informs all IKE_SAs
  MOBIKE in IKE_AUTH: MOBIKE_SUPPORTED notify and address exchange
  reestablishment of IKE_SAs on network reconfiguration kinda works
  not stable yet!

12 years agoadded MOBIKE rfc
Martin Willi [Wed, 20 Jun 2007 10:12:11 +0000 (10:12 -0000)]
added MOBIKE rfc

12 years agoIKEv1 rightallowany flag introduced
Andreas Steffen [Wed, 20 Jun 2007 09:46:54 +0000 (09:46 -0000)]
IKEv1 rightallowany flag introduced

12 years agodon't modify des/3des input key anymore
Martin Willi [Tue, 19 Jun 2007 07:56:28 +0000 (07:56 -0000)]
don't modify des/3des input key anymore

12 years agofixed virtua IP: adding virtual IP to interface address list cache directly
Martin Willi [Tue, 19 Jun 2007 06:20:33 +0000 (06:20 -0000)]
fixed virtua IP: adding virtual IP to interface address list cache directly
corrected debug targets

12 years agoset nexthop to him when instantiating rightallowyes template with leftnexthop ==...
Andreas Steffen [Mon, 18 Jun 2007 20:07:47 +0000 (20:07 -0000)]
set nexthop to him when instantiating rightallowyes template with leftnexthop == right

12 years agosupport of right|leftallowany flag
Andreas Steffen [Mon, 18 Jun 2007 17:51:45 +0000 (17:51 -0000)]
support of right|leftallowany flag

12 years agoadded dynamic DNS scenarios
Andreas Steffen [Mon, 18 Jun 2007 17:50:54 +0000 (17:50 -0000)]
added dynamic DNS scenarios

12 years agoadded extensions management to IKE_SA
Martin Willi [Mon, 18 Jun 2007 10:32:01 +0000 (10:32 -0000)]
added extensions management to IKE_SA
fixed NATD payload (port) when using route lookup

12 years agosource address lookup in kernel interface
Martin Willi [Mon, 18 Jun 2007 07:25:58 +0000 (07:25 -0000)]
source address lookup in kernel interface
  use it for NAT detection if no source address known from config
  support for %any...%any connections

12 years agosupport for left=%any change our address dynamically
Martin Willi [Mon, 18 Jun 2007 05:57:59 +0000 (05:57 -0000)]
support for left=%any change our address dynamically

12 years agoincreased receive buffer to handle more interfaces
Martin Willi [Mon, 18 Jun 2007 05:56:18 +0000 (05:56 -0000)]
increased receive buffer to handle more interfaces

12 years ago eliminated nexthop
Andreas Steffen [Sun, 17 Jun 2007 15:29:49 +0000 (15:29 -0000)]
 eliminated nexthop