strongswan.git
8 years agoLog configured IKE_SA proposals as initiator
Tobias Brunner [Wed, 8 Aug 2012 08:07:53 +0000 (10:07 +0200)]
Log configured IKE_SA proposals as initiator

8 years agoLog configured CHILD_SA proposals as initiator
Tobias Brunner [Wed, 8 Aug 2012 08:05:47 +0000 (10:05 +0200)]
Log configured CHILD_SA proposals as initiator

8 years agoFall back to local address as IKEv1 identity if nothing else is configured
Tobias Brunner [Fri, 24 Aug 2012 10:53:23 +0000 (12:53 +0200)]
Fall back to local address as IKEv1 identity if nothing else is configured

8 years agoRemoved deprecated options from ipsec.conf template
Tobias Brunner [Fri, 24 Aug 2012 09:52:01 +0000 (11:52 +0200)]
Removed deprecated options from ipsec.conf template

8 years agoApply send delay before adding non-ESP marker
Tobias Brunner [Fri, 24 Aug 2012 09:23:36 +0000 (11:23 +0200)]
Apply send delay before adding non-ESP marker

Otherwise the packet header could not be parsed correctly when NAT-T is
used.

8 years agouse pen_type_t for PA Message Subtype
Andreas Steffen [Thu, 23 Aug 2012 08:48:48 +0000 (10:48 +0200)]
use pen_type_t for PA Message Subtype

8 years agoRemove unused src/dst variables in send_no_marker()
Martin Willi [Tue, 21 Aug 2012 07:34:12 +0000 (09:34 +0200)]
Remove unused src/dst variables in send_no_marker()

8 years agouse pen_type_t for attribute request entries
Andreas Steffen [Mon, 20 Aug 2012 22:22:02 +0000 (00:22 +0200)]
use pen_type_t for attribute request entries

8 years agodefine pen_type_t as a vendor-specific type
Andreas Steffen [Mon, 20 Aug 2012 20:37:08 +0000 (22:37 +0200)]
define pen_type_t as a vendor-specific type

8 years agoDon't use POSIX semaphores if a MONOTONIC clock is available
Martin Willi [Mon, 20 Aug 2012 15:58:58 +0000 (17:58 +0200)]
Don't use POSIX semaphores if a MONOTONIC clock is available

POSIX semaphores use CLOCK_REALTIME, but our semaphore_t abstraction
expects CLOCK_MONOTONIC based times. Use the mutex/condvar based
fallback if time_monotonic() actuall returns monotonic times.

8 years agoRemove the unused second IKE_SA entry match function argument
Martin Willi [Mon, 20 Aug 2012 15:39:26 +0000 (17:39 +0200)]
Remove the unused second IKE_SA entry match function argument

LLVMs clang complains about this parameter, so remove it.

8 years agoAdd a mutex/condvar based semaphore implementation if sem_timedwait is unavailable
Martin Willi [Mon, 20 Aug 2012 14:58:15 +0000 (16:58 +0200)]
Add a mutex/condvar based semaphore implementation if sem_timedwait is unavailable

Fixes #214.

8 years agoadded IBM and OpenPTS Private Enterprise Numbers
Andreas Steffen [Mon, 20 Aug 2012 13:02:25 +0000 (15:02 +0200)]
added IBM and OpenPTS Private Enterprise Numbers

8 years agoAdd keymat_t constructor registration function
Adrian-Ken Rueegsegger [Tue, 7 Aug 2012 12:00:28 +0000 (14:00 +0200)]
Add keymat_t constructor registration function

Using the register_constructor function enables custom keymat_t
implementations per IKE version. If no constructor is registered the
default behavior is preserved.

8 years agofixed caption
Andreas Steffen [Mon, 20 Aug 2012 10:56:13 +0000 (12:56 +0200)]
fixed caption

8 years agoimplemented IETF Attribute Request attribute
Andreas Steffen [Mon, 20 Aug 2012 10:27:14 +0000 (12:27 +0200)]
implemented IETF Attribute Request attribute

8 years agoversion bump to 5.0.1dr3
Andreas Steffen [Mon, 20 Aug 2012 10:25:53 +0000 (12:25 +0200)]
version bump to 5.0.1dr3

8 years agoopenssl: Fix registration of the PUBKEY builder
Tobias Brunner [Sat, 18 Aug 2012 15:49:57 +0000 (17:49 +0200)]
openssl: Fix registration of the PUBKEY builder

libtls drops support for RSA suites if it does not find an RSA backend
(final builder for RSA public keys).

8 years agoWithout the ties to PAM we can build eap-gtc on Android
Tobias Brunner [Fri, 17 Aug 2012 12:22:24 +0000 (14:22 +0200)]
Without the ties to PAM we can build eap-gtc on Android

8 years agoCAP_AUDIT_WRITE is now required by xauth-pam not eap-gtc plugin
Tobias Brunner [Fri, 17 Aug 2012 12:21:21 +0000 (14:21 +0200)]
CAP_AUDIT_WRITE is now required by xauth-pam not eap-gtc plugin

8 years agoRemoved manual EAP method registration in eap-gtc plugin
Tobias Brunner [Fri, 17 Aug 2012 12:19:37 +0000 (14:19 +0200)]
Removed manual EAP method registration in eap-gtc plugin

8 years agoEnable build of eap-tls, eap-ttls and eap-peap on Android
Tobias Brunner [Fri, 17 Aug 2012 11:55:44 +0000 (13:55 +0200)]
Enable build of eap-tls, eap-ttls and eap-peap on Android

8 years agoAdd a wrapper around vstr_add_fmt() to avoid having to link libcharon against libvstr
Tobias Brunner [Fri, 17 Aug 2012 09:47:52 +0000 (11:47 +0200)]
Add a wrapper around vstr_add_fmt() to avoid having to link libcharon against libvstr

At least on Android the latter would be required.

8 years agostarter: Restore original config in case also= is used (which reads the same values)
Tobias Brunner [Thu, 16 Aug 2012 14:45:11 +0000 (16:45 +0200)]
starter: Restore original config in case also= is used (which reads the same values)

8 years agoIncreased log level when listing interfaces and IP addresses during startup
Tobias Brunner [Tue, 14 Aug 2012 15:21:55 +0000 (17:21 +0200)]
Increased log level when listing interfaces and IP addresses during startup

This avoids confusing log messages in starter and ipsec statusall
already lists the available addresses anyway.

8 years agoOnly load kernel plugins in starter when flushing SAD/SPD entries
Tobias Brunner [Tue, 14 Aug 2012 14:59:22 +0000 (16:59 +0200)]
Only load kernel plugins in starter when flushing SAD/SPD entries

This avoids keeping the kernel sockets open when they are not actually
needed, which could lead to resource problems (in particular with PF_KEY
where all open sockets receive all messages).

Fixes #217.

8 years agoEnable UDP decapsulation for both address families
Tobias Brunner [Thu, 16 Aug 2012 13:26:37 +0000 (15:26 +0200)]
Enable UDP decapsulation for both address families

Since the 3.5 Linux kernel both UDP implementations have a separate static
flag to indicate whether ANY sockets enabled UDP decapsulation.
As we only ever enabled it for one address family (in earlier versions IPv4
only, now for IPv6, if supported, and for IPv4 otherwise) UDP decapsulation
wouldn't work anymore (at least for one address family).

8 years agoCorrectly transmit EAP-MSCHAPv2 user name if it contains a domain part
Tobias Brunner [Thu, 16 Aug 2012 07:58:26 +0000 (09:58 +0200)]
Correctly transmit EAP-MSCHAPv2 user name if it contains a domain part

8 years agofall through to evidence measurements if no file measurements must be done
Andreas Steffen [Thu, 16 Aug 2012 07:15:36 +0000 (09:15 +0200)]
fall through to evidence measurements if no file measurements must be done

8 years agoupgraded to Ubuntu 12.04.1 LTS
Andreas Steffen [Thu, 16 Aug 2012 07:14:46 +0000 (09:14 +0200)]
upgraded to Ubuntu 12.04.1 LTS

8 years agoadded deletion of product/file entries to usage
Andreas Steffen [Thu, 16 Aug 2012 07:14:13 +0000 (09:14 +0200)]
added deletion of product/file entries to usage

8 years agoNew Android release after adding error dialog
Tobias Brunner [Wed, 15 Aug 2012 08:54:22 +0000 (10:54 +0200)]
New Android release after adding error dialog

Skipped one version due to a rebasing mishap.

8 years agoShow an error message if VPN is not supported
Tobias Brunner [Wed, 15 Aug 2012 08:51:30 +0000 (10:51 +0200)]
Show an error message if VPN is not supported

Some devices have Android 4 installed but the system images still seem to
lack the components that are required for VPN support. One such
component is the dialog used to grant permission to create .

8 years agoEnable search for certificate lists (via SearchView in ActionBar)
Tobias Brunner [Tue, 14 Aug 2012 09:50:03 +0000 (11:50 +0200)]
Enable search for certificate lists (via SearchView in ActionBar)

8 years agoAdded new UI to select a specific CA certificate
Tobias Brunner [Tue, 14 Aug 2012 09:47:32 +0000 (11:47 +0200)]
Added new UI to select a specific CA certificate

With this change there is no need to wait for all certificates being loaded
anymore (this happens only when the user opens the selection activity).

8 years agoDon't try to save profile ID if there is none
Tobias Brunner [Tue, 14 Aug 2012 09:31:37 +0000 (11:31 +0200)]
Don't try to save profile ID if there is none

8 years agoList fragment for trusted certificates can notify listeners about clicks
Tobias Brunner [Tue, 14 Aug 2012 08:43:03 +0000 (10:43 +0200)]
List fragment for trusted certificates can notify listeners about clicks

8 years agoAdded an activity that shows lists of CA certificates in two tabs
Tobias Brunner [Tue, 14 Aug 2012 08:10:52 +0000 (10:10 +0200)]
Added an activity that shows lists of CA certificates in two tabs

8 years agoAdded a ListFragment that lists trusted certificates (loaded via a custom Loader)
Tobias Brunner [Tue, 14 Aug 2012 07:36:56 +0000 (09:36 +0200)]
Added a ListFragment that lists trusted certificates (loaded via a custom Loader)

8 years agoChanged TrustedCertificateAdapter for use with ListViews and TrustedCertificateEntry
Tobias Brunner [Tue, 14 Aug 2012 07:15:02 +0000 (09:15 +0200)]
Changed TrustedCertificateAdapter for use with ListViews and TrustedCertificateEntry

8 years agoRemove certificate spinner from edit view
Tobias Brunner [Tue, 14 Aug 2012 07:12:29 +0000 (09:12 +0200)]
Remove certificate spinner from edit view

8 years agoFunction to get only system-wide CA certificates added to TrustedCertificateManager
Tobias Brunner [Mon, 13 Aug 2012 16:43:29 +0000 (18:43 +0200)]
Function to get only system-wide CA certificates added to TrustedCertificateManager

8 years agoAdded class to store trusted certificate entries for lists
Tobias Brunner [Mon, 13 Aug 2012 16:41:34 +0000 (18:41 +0200)]
Added class to store trusted certificate entries for lists

8 years agofixed Makefile for libstrongswan dev headers
Andreas Steffen [Tue, 14 Aug 2012 08:21:28 +0000 (10:21 +0200)]
fixed Makefile for libstrongswan dev headers

8 years agoversion bump to 5.0.1dr2
Andreas Steffen [Tue, 14 Aug 2012 08:00:46 +0000 (10:00 +0200)]
version bump to 5.0.1dr2

8 years agoskip boot aggregate check against database
Andreas Steffen [Tue, 14 Aug 2012 08:00:05 +0000 (10:00 +0200)]
skip boot aggregate check against database

8 years agoValidate netmask in mem_pool_create
Tobias Brunner [Mon, 13 Aug 2012 11:54:28 +0000 (13:54 +0200)]
Validate netmask in mem_pool_create

8 years agoValidate netmask in traffic_selector_create_from_subnet
Tobias Brunner [Mon, 13 Aug 2012 10:57:41 +0000 (12:57 +0200)]
Validate netmask in traffic_selector_create_from_subnet

Fixes #216.

8 years agoComment fixed
Tobias Brunner [Mon, 13 Aug 2012 11:16:45 +0000 (13:16 +0200)]
Comment fixed

8 years agoMerge branch 'android-app'
Tobias Brunner [Mon, 13 Aug 2012 10:07:52 +0000 (12:07 +0200)]
Merge branch 'android-app'

This branch introduces a userland IPsec implementation (libipsec) and an
Android App which targets the VpnService API that is provided by Android 4+.

The implementation is based on the bachelor thesis 'Userland IPsec for
Android 4' by Giuliano Grassi and Ralf Sager.

8 years agoEnsure thread IDs always start with 1 even if the library is reused
Tobias Brunner [Sat, 11 Aug 2012 15:30:39 +0000 (17:30 +0200)]
Ensure thread IDs always start with 1 even if the library is reused

Within the Android App the library stays loaded in memory and is just
initialized/deinitialized with each connection, the static thread
counter would continuously increase without this patch.

8 years agoAdded a button to the error dialog that allows to view the log file
Tobias Brunner [Sat, 11 Aug 2012 14:16:45 +0000 (16:16 +0200)]
Added a button to the error dialog that allows to view the log file

8 years agoUse major.minor.revision version numbers for Android application
Tobias Brunner [Fri, 10 Aug 2012 14:46:09 +0000 (16:46 +0200)]
Use major.minor.revision version numbers for Android application

8 years agoOnly allow access to log file via explicitly created URIs
Tobias Brunner [Fri, 10 Aug 2012 14:42:49 +0000 (16:42 +0200)]
Only allow access to log file via explicitly created URIs

Since ContentProviders are public and permissions don't seem to work any
other application could access the log file.  With this token system
only URIs we explicitly created can be accessed.

8 years agoMenu option added that allows users to send the log file
Tobias Brunner [Fri, 10 Aug 2012 14:37:39 +0000 (16:37 +0200)]
Menu option added that allows users to send the log file

8 years agoAdd ContentProvider to access log file from other applications
Tobias Brunner [Fri, 10 Aug 2012 14:33:05 +0000 (16:33 +0200)]
Add ContentProvider to access log file from other applications

8 years agoWatch for changes to the log file so we can reopen it
Tobias Brunner [Fri, 10 Aug 2012 08:05:38 +0000 (10:05 +0200)]
Watch for changes to the log file so we can reopen it

If the log fragment is shown while the daemon starts (which is not the
case at the moment, but maybe later on tablets) the file reader would not
notice that the file got truncated.  The same applies if the file is deleted
directly on the file system e.g. with adb shell.

8 years agoAdd an Activity that shows the log fragment
Tobias Brunner [Fri, 10 Aug 2012 07:58:56 +0000 (09:58 +0200)]
Add an Activity that shows the log fragment

8 years agoAdd a fragment that can display charon's log file
Tobias Brunner [Fri, 10 Aug 2012 07:50:52 +0000 (09:50 +0200)]
Add a fragment that can display charon's log file

It continuously reads from the log file in a separate thread while displayed.

8 years agoAdded special ScrollView with auto-scrolling feature
Tobias Brunner [Fri, 10 Aug 2012 07:37:20 +0000 (09:37 +0200)]
Added special ScrollView with auto-scrolling feature

The ability to auto-scroll is disabled as soon as the user manually
scrolls around and re-enable when the user scrolls to the bottom.

8 years agoCharon logs to a file in the App's data directory
Tobias Brunner [Fri, 10 Aug 2012 07:06:49 +0000 (09:06 +0200)]
Charon logs to a file in the App's data directory

8 years agoMoved Java to C string conversion function to android_jni header file
Tobias Brunner [Thu, 9 Aug 2012 14:38:19 +0000 (16:38 +0200)]
Moved Java to C string conversion function to android_jni header file

8 years agoLog charon version and uname() output, split libcharon and charon initialization
Tobias Brunner [Thu, 9 Aug 2012 14:36:48 +0000 (16:36 +0200)]
Log charon version and uname() output, split libcharon and charon initialization

8 years agoOnly call disconnect() from CharonVpnService if we are not already disconnecting
Tobias Brunner [Thu, 9 Aug 2012 14:03:14 +0000 (16:03 +0200)]
Only call disconnect() from CharonVpnService if we are not already disconnecting

8 years agoLoad single certificates directly from the KeyStore if we cannot get the read lock
Tobias Brunner [Thu, 9 Aug 2012 14:00:35 +0000 (16:00 +0200)]
Load single certificates directly from the KeyStore if we cannot get the read lock

This helps when running in the emulator as loading the certificates
takes quite a while there.  This way a configured CA certificates is loaded
directly without having to wait for all certificates being cached.

8 years agoUse colors from the Android color palette for the VPN status texts
Tobias Brunner [Thu, 9 Aug 2012 13:01:19 +0000 (15:01 +0200)]
Use colors from the Android color palette for the VPN status texts

8 years agoLocalized title for contextual action bar
Tobias Brunner [Thu, 9 Aug 2012 10:26:48 +0000 (12:26 +0200)]
Localized title for contextual action bar

8 years agoGerman translation added
Tobias Brunner [Thu, 9 Aug 2012 09:53:55 +0000 (11:53 +0200)]
German translation added

8 years agoShow MainActiviy if the user clicks 'Configure' in Android's VPN dialog
Tobias Brunner [Thu, 9 Aug 2012 09:38:18 +0000 (11:38 +0200)]
Show MainActiviy if the user clicks 'Configure' in Android's VPN dialog

8 years agoKeep reporting the error until the user dismisses it
Tobias Brunner [Thu, 9 Aug 2012 09:35:24 +0000 (11:35 +0200)]
Keep reporting the error until the user dismisses it

Even when the Activity is closed and later reopened.

8 years agoShow an error dialog when errors occur while establishing the VPN
Tobias Brunner [Thu, 9 Aug 2012 09:33:22 +0000 (11:33 +0200)]
Show an error dialog when errors occur while establishing the VPN

8 years agoShow a button to disconnect the VPN once it is established
Tobias Brunner [Thu, 9 Aug 2012 09:27:34 +0000 (11:27 +0200)]
Show a button to disconnect the VPN once it is established

8 years agoShow current VPN state and profile name
Tobias Brunner [Thu, 9 Aug 2012 09:22:12 +0000 (11:22 +0200)]
Show current VPN state and profile name

Show modal dialogs while connecting and disconnecting the VPN.

8 years agoAdd a fragment to MainActivity which will display the current VPN state
Tobias Brunner [Thu, 9 Aug 2012 09:11:32 +0000 (11:11 +0200)]
Add a fragment to MainActivity which will display the current VPN state

The fragment is bound to the VpnStateService and registered as listener.

8 years agoUse a separate (volatile) variable for certificate alias
Tobias Brunner [Wed, 8 Aug 2012 17:10:33 +0000 (19:10 +0200)]
Use a separate (volatile) variable for certificate alias

If a connection is started while certificates are still loading and the
initiation is then canceled a deadlock could result if the daemon is
trying to enumerate the certificates just then.

8 years agoDon't set the source address on Android
Tobias Brunner [Wed, 8 Aug 2012 13:50:36 +0000 (15:50 +0200)]
Don't set the source address on Android

8 years agoClose IKE_SA on Android immediately if setting up CHILD_SA fails
Tobias Brunner [Wed, 8 Aug 2012 13:03:00 +0000 (15:03 +0200)]
Close IKE_SA on Android immediately if setting up CHILD_SA fails

8 years agoReduce number of retransmits on Android
Tobias Brunner [Wed, 8 Aug 2012 13:02:34 +0000 (15:02 +0200)]
Reduce number of retransmits on Android

8 years agoJob added which handles plain text packets read from TUN device
Tobias Brunner [Wed, 8 Aug 2012 12:54:44 +0000 (14:54 +0200)]
Job added which handles plain text packets read from TUN device

8 years agoAdded a handler that writes inbound plain text packets to the TUN device
Tobias Brunner [Wed, 8 Aug 2012 12:51:59 +0000 (14:51 +0200)]
Added a handler that writes inbound plain text packets to the TUN device

8 years agoAdd simple callbacks to receive/send ESP packets via libipsec/receiver.
Tobias Brunner [Wed, 8 Aug 2012 12:49:52 +0000 (14:49 +0200)]
Add simple callbacks to receive/send ESP packets via libipsec/receiver.

8 years agoAdd routes based on the installed IPsec policies to the TUN device builder
Tobias Brunner [Wed, 8 Aug 2012 12:47:47 +0000 (14:47 +0200)]
Add routes based on the installed IPsec policies to the TUN device builder

8 years agoAdd virtual IP to the TUN device builder
Tobias Brunner [Wed, 8 Aug 2012 12:46:22 +0000 (14:46 +0200)]
Add virtual IP to the TUN device builder

After the CHILD_SA is established we can easily get this address from
the IKE_SA.

8 years agoCreate a TUN device via VpnService.Builder once the CHILD_SA is established
Tobias Brunner [Wed, 8 Aug 2012 12:43:39 +0000 (14:43 +0200)]
Create a TUN device via VpnService.Builder once the CHILD_SA is established

8 years agoAn Android specific attribute handler installs DNS servers via Builder
Tobias Brunner [Wed, 8 Aug 2012 12:04:14 +0000 (14:04 +0200)]
An Android specific attribute handler installs DNS servers via Builder

8 years agoNative counterpart of VpnService.Builder added, exposed by charonservice
Tobias Brunner [Wed, 8 Aug 2012 11:48:54 +0000 (13:48 +0200)]
Native counterpart of VpnService.Builder added, exposed by charonservice

8 years agoAdapter class added around VpnService.Builder which allows to access it via JNI
Tobias Brunner [Wed, 8 Aug 2012 11:45:49 +0000 (13:45 +0200)]
Adapter class added around VpnService.Builder which allows to access it via JNI

8 years agoDon't print hosts as %any if %+H is used
Tobias Brunner [Wed, 8 Aug 2012 12:06:59 +0000 (14:06 +0200)]
Don't print hosts as %any if %+H is used

That is, the plus sign can be used in the format string to force a numeric
string representation of all host_t objects even 0.0.0.0 and :: which
would otherwise be printed as %any and %any6.

8 years agoAdd support for '+' in custom format specifiers
Tobias Brunner [Wed, 8 Aug 2012 12:05:58 +0000 (14:05 +0200)]
Add support for '+' in custom format specifiers

8 years agoInitiate an SA via native JNI method
Tobias Brunner [Wed, 8 Aug 2012 11:23:41 +0000 (13:23 +0200)]
Initiate an SA via native JNI method

8 years agoHelper function added that retrieves a local IP address
Tobias Brunner [Wed, 8 Aug 2012 11:20:34 +0000 (13:20 +0200)]
Helper function added that retrieves a local IP address

8 years agoandroid_service_t handles initiation of an SA and tracks its progress
Tobias Brunner [Wed, 8 Aug 2012 11:15:53 +0000 (13:15 +0200)]
android_service_t handles initiation of an SA and tracks its progress

Status updates are delivered via charonservice (JNI).

8 years agoAndroid specific credential set also provides user credentials
Tobias Brunner [Wed, 8 Aug 2012 10:59:39 +0000 (12:59 +0200)]
Android specific credential set also provides user credentials

8 years agoAdded an Android specific credential set that provides CA certificates via JNI
Tobias Brunner [Wed, 8 Aug 2012 10:52:05 +0000 (12:52 +0200)]
Added an Android specific credential set that provides CA certificates via JNI

8 years agoCharonVpnService provides a function to get trusted certificates via JNI
Tobias Brunner [Wed, 8 Aug 2012 10:35:49 +0000 (12:35 +0200)]
CharonVpnService provides a function to get trusted certificates via JNI

8 years agoFunction added that allows to update VPN state via JNI
Tobias Brunner [Wed, 8 Aug 2012 10:31:58 +0000 (12:31 +0200)]
Function added that allows to update VPN state via JNI

8 years agoAdd a function to disconnect any current VPN connection
Tobias Brunner [Wed, 8 Aug 2012 10:25:17 +0000 (12:25 +0200)]
Add a function to disconnect any current VPN connection

8 years agoImplement kernel_ipsec_t.bypass_socket() via JNI and VpnService.protect()
Tobias Brunner [Wed, 8 Aug 2012 10:20:13 +0000 (12:20 +0200)]
Implement kernel_ipsec_t.bypass_socket() via JNI and VpnService.protect()

8 years agoCharonVpnService binds to VpnStateService and does basic state updates
Tobias Brunner [Wed, 8 Aug 2012 10:04:38 +0000 (12:04 +0200)]
CharonVpnService binds to VpnStateService and does basic state updates

8 years agoCharonVpnService reacts on Intents and properly inits/deinits charon
Tobias Brunner [Wed, 8 Aug 2012 09:54:36 +0000 (11:54 +0200)]
CharonVpnService reacts on Intents and properly inits/deinits charon

Charon is initialized with every new connection attempt and
deinitialized when the service is terminated or it receives an empty
Intent (or before starting a new connection).

A separate thread is used to handle the connection attempts, this thread
acts as main thread for charon.