strongswan.git
11 years agoMigrated ike_mobike task to INIT/METHOD macros.
Tobias Brunner [Thu, 7 Oct 2010 12:26:35 +0000 (14:26 +0200)]
Migrated ike_mobike task to INIT/METHOD macros.

11 years agoSimplified apply_port function in mobike task.
Tobias Brunner [Tue, 5 Oct 2010 14:16:21 +0000 (16:16 +0200)]
Simplified apply_port function in mobike task.

11 years agoDo not fire roam events based on local route changes.
Tobias Brunner [Tue, 5 Oct 2010 14:18:35 +0000 (16:18 +0200)]
Do not fire roam events based on local route changes.

These kernel events are triggered on address changes, which is
problematic when deleting virtual IP addresses.

11 years agoIf a changed route has no src, try to find it via interface.
Tobias Brunner [Tue, 5 Oct 2010 16:41:06 +0000 (18:41 +0200)]
If a changed route has no src, try to find it via interface.

11 years agoGet source address from interface if the route does not provide one.
Tobias Brunner [Tue, 5 Oct 2010 07:36:31 +0000 (09:36 +0200)]
Get source address from interface if the route does not provide one.

11 years agoDo not update hosts based on retransmitted messages.
Tobias Brunner [Tue, 7 Sep 2010 09:52:16 +0000 (11:52 +0200)]
Do not update hosts based on retransmitted messages.

11 years agoDo not update remote host if we are behind a NAT.
Tobias Brunner [Tue, 7 Sep 2010 09:31:01 +0000 (11:31 +0200)]
Do not update remote host if we are behind a NAT.

11 years agoscenarios without RADIUS server can use default iptables script
Andreas Steffen [Mon, 11 Oct 2010 15:04:53 +0000 (17:04 +0200)]
scenarios without RADIUS server can use default iptables script

11 years agofixed some evaltest.dat files
Andreas Steffen [Mon, 11 Oct 2010 14:57:53 +0000 (16:57 +0200)]
fixed some evaltest.dat files

11 years agoadded ikev2/rw-eap-tnc-block scenario
Andreas Steffen [Mon, 11 Oct 2010 14:55:21 +0000 (16:55 +0200)]
added ikev2/rw-eap-tnc-block scenario

11 years agoadded eap-radius-filter_id option to strongswan.conf
Andreas Steffen [Mon, 11 Oct 2010 10:20:45 +0000 (12:20 +0200)]
added eap-radius-filter_id option to strongswan.conf

11 years agoupdated keyexchange entry in ipsec.conf.5 man page
Andreas Steffen [Mon, 11 Oct 2010 04:23:57 +0000 (06:23 +0200)]
updated keyexchange entry in ipsec.conf.5 man page

11 years agoupdated strongswan.conf
Andreas Steffen [Mon, 11 Oct 2010 04:12:26 +0000 (06:12 +0200)]
updated strongswan.conf

11 years agoexplicit ikev1 key exchange for ikev1/esp-alg-null scenario
Andreas Steffen [Sat, 9 Oct 2010 20:07:51 +0000 (22:07 +0200)]
explicit ikev1 key exchange for ikev1/esp-alg-null scenario

11 years agofixed typo
Andreas Steffen [Sat, 9 Oct 2010 20:05:26 +0000 (22:05 +0200)]
fixed typo

11 years ago*** HISTORICAL MOMENT: IKEv2 becomes the default! ***
Andreas Steffen [Sat, 9 Oct 2010 18:46:55 +0000 (20:46 +0200)]
*** HISTORICAL MOMENT: IKEv2 becomes the default! ***

11 years agodefine explicit IKEv1 key exchange mode II
Andreas Steffen [Sat, 9 Oct 2010 18:04:00 +0000 (20:04 +0200)]
define explicit IKEv1 key exchange mode II

11 years agouse DBG_TNC for TNC debugging output
Andreas Steffen [Sat, 9 Oct 2010 14:01:19 +0000 (16:01 +0200)]
use DBG_TNC for TNC debugging output

11 years agochanged filter attribute from access to allow
Andreas Steffen [Fri, 8 Oct 2010 23:01:19 +0000 (01:01 +0200)]
changed filter attribute from access to allow

11 years agoadded ikev2/rw-eap-tnc scenario
Andreas Steffen [Fri, 8 Oct 2010 22:59:31 +0000 (00:59 +0200)]
added ikev2/rw-eap-tnc scenario

11 years agoTNCCS debug cosmetics
Andreas Steffen [Fri, 8 Oct 2010 22:58:12 +0000 (00:58 +0200)]
TNCCS debug cosmetics

11 years agorevert to standard TNCC/TNCS Initialization function
Andreas Steffen [Fri, 8 Oct 2010 22:35:45 +0000 (00:35 +0200)]
revert to standard TNCC/TNCS Initialization function

11 years agoimplemented TNC isolation via group memberships
Andreas Steffen [Fri, 8 Oct 2010 22:34:53 +0000 (00:34 +0200)]
implemented TNC isolation via group memberships

11 years agoimplemented a makeshift non-scalable send buffer
Andreas Steffen [Fri, 8 Oct 2010 20:24:30 +0000 (22:24 +0200)]
implemented a makeshift non-scalable send buffer

11 years agoimc/imv cosmetics
Andreas Steffen [Fri, 8 Oct 2010 04:40:03 +0000 (06:40 +0200)]
imc/imv cosmetics

11 years agofixed notation
Andreas Steffen [Thu, 7 Oct 2010 21:34:37 +0000 (23:34 +0200)]
fixed notation

11 years agocreated tnc-imc and tnc-imv plugins
Andreas Steffen [Thu, 7 Oct 2010 21:31:23 +0000 (23:31 +0200)]
created tnc-imc and tnc-imv plugins

11 years agodeactivate start_phase2_tnc flag after start
Andreas Steffen [Thu, 7 Oct 2010 13:42:00 +0000 (15:42 +0200)]
deactivate start_phase2_tnc flag after start

11 years agoadded server side support for EAP-TNC
Andreas Steffen [Thu, 7 Oct 2010 13:02:36 +0000 (15:02 +0200)]
added server side support for EAP-TNC

11 years agoShow result of RADIUS authentication along with EAP identity
Martin Willi [Thu, 7 Oct 2010 09:13:48 +0000 (11:13 +0200)]
Show result of RADIUS authentication along with EAP identity

11 years agoadded --debug-tls to charon usage() function
Andreas Steffen [Thu, 7 Oct 2010 07:34:56 +0000 (09:34 +0200)]
added --debug-tls to charon usage() function

11 years agodefine explicit IKEv1 key exchange mode
Andreas Steffen [Thu, 7 Oct 2010 05:31:44 +0000 (07:31 +0200)]
define explicit IKEv1 key exchange mode

11 years agohost venus is used in ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Wed, 6 Oct 2010 08:38:18 +0000 (10:38 +0200)]
host venus is used in ikev2/rw-eap-tnc-radius scenario

11 years agoadded ikev2/rw-eap-tnc-radius-block scenario
Andreas Steffen [Wed, 6 Oct 2010 08:32:50 +0000 (10:32 +0200)]
added ikev2/rw-eap-tnc-radius-block scenario

11 years agoadded tnccs-11 plugin options to strongswan.conf
Andreas Steffen [Wed, 6 Oct 2010 05:53:50 +0000 (07:53 +0200)]
added tnccs-11 plugin options to strongswan.conf

11 years agoversion bump to 4.5.0dr5
Andreas Steffen [Wed, 6 Oct 2010 05:07:14 +0000 (07:07 +0200)]
version bump to 4.5.0dr5

11 years agoconfigure tnc_config path and preferred_language via strongswan.conf
Andreas Steffen [Tue, 5 Oct 2010 20:09:07 +0000 (22:09 +0200)]
configure tnc_config path and preferred_language via strongswan.conf

11 years agocreated hull for TNCCS 2.0 plugin
Andreas Steffen [Tue, 5 Oct 2010 19:15:24 +0000 (21:15 +0200)]
created hull for TNCCS 2.0 plugin

11 years agouse group membership to implement access/isolate redirection in filter-based TNC...
Andreas Steffen [Tue, 5 Oct 2010 18:40:36 +0000 (20:40 +0200)]
use group membership to implement access/isolate redirection in filter-based TNC scenario

11 years agofinal version of ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Tue, 5 Oct 2010 18:38:34 +0000 (20:38 +0200)]
final version of ikev2/rw-eap-tnc-radius scenario

11 years agofixed typo in image path
Andreas Steffen [Tue, 5 Oct 2010 07:09:58 +0000 (09:09 +0200)]
fixed typo in image path

11 years agomoved CHILD_SA selection out of attribute loop
Andreas Steffen [Tue, 5 Oct 2010 06:02:07 +0000 (08:02 +0200)]
moved CHILD_SA selection out of attribute loop

11 years agoreceive name of preferred CHILD_SA via RADIUS Filter-Id attribute
Andreas Steffen [Tue, 5 Oct 2010 05:58:07 +0000 (07:58 +0200)]
receive name of preferred CHILD_SA via RADIUS Filter-Id attribute

11 years agoupdated ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Tue, 5 Oct 2010 05:56:57 +0000 (07:56 +0200)]
updated ikev2/rw-eap-tnc-radius scenario

11 years agoset EAP-TTLS/TNC version also in acknowledgement packets
Andreas Steffen [Mon, 4 Oct 2010 12:39:49 +0000 (14:39 +0200)]
set EAP-TTLS/TNC version also in acknowledgement packets

11 years agoFixed status_t enum names definition
Martin Willi [Mon, 4 Oct 2010 08:47:30 +0000 (10:47 +0200)]
Fixed status_t enum names definition

12 years agoadded configuration files for dummyimc.so IMC
Andreas Steffen [Thu, 30 Sep 2010 22:14:44 +0000 (00:14 +0200)]
added configuration files for dummyimc.so IMC

12 years agoThe TNC@FHH TNC Serve does not like symbolic links
Andreas Steffen [Thu, 30 Sep 2010 21:35:24 +0000 (23:35 +0200)]
The TNC@FHH TNC Serve does not like symbolic links

12 years agoprint XML as plaintext and process recieved TNCCS Batch
Andreas Steffen [Thu, 30 Sep 2010 21:34:00 +0000 (23:34 +0200)]
print XML as plaintext and process recieved TNCCS Batch

12 years agoadded tnc_config files to TNC scenario
Andreas Steffen [Thu, 30 Sep 2010 10:42:18 +0000 (12:42 +0200)]
added tnc_config files to TNC scenario

12 years agostarted use of libtnc library
Andreas Steffen [Wed, 29 Sep 2010 21:24:59 +0000 (23:24 +0200)]
started use of libtnc library

12 years agoNOTIFY error message types include 16383
Andreas Steffen [Wed, 29 Sep 2010 17:01:36 +0000 (19:01 +0200)]
NOTIFY error message types include 16383

12 years agoadded NEWS for 4.5dr3
Andreas Steffen [Wed, 29 Sep 2010 05:14:52 +0000 (07:14 +0200)]
added NEWS for 4.5dr3

12 years agoversion bump to 4.5dr4
Andreas Steffen [Wed, 29 Sep 2010 05:14:33 +0000 (07:14 +0200)]
version bump to 4.5dr4

12 years agoload tnccs-11 plugin in ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Tue, 28 Sep 2010 21:52:59 +0000 (23:52 +0200)]
load tnccs-11 plugin in ikev2/rw-eap-tnc-radius scenario

12 years agomoved TNCCS layer out of eap_tnc plugin
Andreas Steffen [Tue, 28 Sep 2010 21:34:04 +0000 (23:34 +0200)]
moved TNCCS layer out of eap_tnc plugin

12 years agostop gateway after clients in order to check release of virtual IP
Andreas Steffen [Sun, 26 Sep 2010 09:31:39 +0000 (11:31 +0200)]
stop gateway after clients in order to check release of virtual IP

12 years agostop gateway after clients in order to check release of virtual IP
Andreas Steffen [Sun, 26 Sep 2010 08:58:28 +0000 (10:58 +0200)]
stop gateway after clients in order to check release of virtual IP

12 years agostop gateway after clients in order to check release of virtual IP
Andreas Steffen [Sun, 26 Sep 2010 08:35:12 +0000 (10:35 +0200)]
stop gateway after clients in order to check release of virtual IP

12 years agofixed release of virtual IP for XAUTH identities
Andreas Steffen [Sun, 26 Sep 2010 08:16:30 +0000 (10:16 +0200)]
fixed release of virtual IP for XAUTH identities

12 years agoinclude RFC 5998
Andreas Steffen [Mon, 20 Sep 2010 18:03:20 +0000 (20:03 +0200)]
include RFC 5998

12 years agodraft-ietf-ipsecme-eap-mutual will be released as RFC 5998.
Tobias Brunner [Thu, 16 Sep 2010 08:27:49 +0000 (10:27 +0200)]
draft-ietf-ipsecme-eap-mutual will be released as RFC 5998.

12 years agothe updated IKEv2 RFC 5996 has been released
Andreas Steffen [Wed, 15 Sep 2010 10:55:31 +0000 (12:55 +0200)]
the updated IKEv2 RFC 5996 has been released

12 years agoadded notify messages defined in RFC 5996
Andreas Steffen [Wed, 15 Sep 2010 10:48:58 +0000 (12:48 +0200)]
added notify messages defined in RFC 5996

12 years agoshow validity of OCSP responses
Andreas Steffen [Fri, 10 Sep 2010 20:14:12 +0000 (22:14 +0200)]
show validity of OCSP responses

12 years agoAdded missing options (corrected some default values).
Tobias Brunner [Fri, 10 Sep 2010 09:18:31 +0000 (11:18 +0200)]
Added missing options (corrected some default values).

12 years agoMoved load-tester configuration to a separate section.
Tobias Brunner [Fri, 10 Sep 2010 08:00:02 +0000 (10:00 +0200)]
Moved load-tester configuration to a separate section.

12 years agoAdded information about logger configuration.
Tobias Brunner [Thu, 9 Sep 2010 16:55:26 +0000 (18:55 +0200)]
Added information about logger configuration.

12 years agoMore information about IKEv2 retransmissions added.
Tobias Brunner [Thu, 9 Sep 2010 16:50:24 +0000 (18:50 +0200)]
More information about IKEv2 retransmissions added.

12 years agoAdding most of the strongswan.conf options from the wiki.
Tobias Brunner [Thu, 9 Sep 2010 16:49:04 +0000 (18:49 +0200)]
Adding most of the strongswan.conf options from the wiki.

12 years agoAdded strongswan.conf(5) stub.
Tobias Brunner [Thu, 9 Sep 2010 12:03:22 +0000 (14:03 +0200)]
Added strongswan.conf(5) stub.

12 years agoMoved man pages for config files to a separate directory.
Tobias Brunner [Thu, 9 Sep 2010 11:15:36 +0000 (13:15 +0200)]
Moved man pages for config files to a separate directory.

12 years agoversion bump to 4.5.0dr2
Andreas Steffen [Fri, 10 Sep 2010 05:37:28 +0000 (07:37 +0200)]
version bump to 4.5.0dr2

12 years agofixed memory leak
Andreas Steffen [Thu, 9 Sep 2010 19:38:22 +0000 (21:38 +0200)]
fixed memory leak

12 years agoCompare subject against all key identifiers in has_subject()
Martin Willi [Thu, 9 Sep 2010 15:40:16 +0000 (17:40 +0200)]
Compare subject against all key identifiers in has_subject()

12 years agohas_subject() now resolves ID_KEY_IDs
Andreas Steffen [Thu, 9 Sep 2010 15:14:06 +0000 (17:14 +0200)]
has_subject() now resolves ID_KEY_IDs

12 years agoDo not change cipherspec while we have buffered handshake fragments pending
Martin Willi [Thu, 9 Sep 2010 12:27:41 +0000 (14:27 +0200)]
Do not change cipherspec while we have buffered handshake fragments pending

12 years agoadded ikev1/net2net-same-nets scenario
Andreas Steffen [Thu, 9 Sep 2010 11:37:22 +0000 (13:37 +0200)]
added ikev1/net2net-same-nets scenario

12 years agoConditional exclusion of tls_test script completed.
Tobias Brunner [Thu, 9 Sep 2010 11:19:51 +0000 (13:19 +0200)]
Conditional exclusion of tls_test script completed.

12 years agoFixed typo.
Tobias Brunner [Thu, 9 Sep 2010 11:19:22 +0000 (13:19 +0200)]
Fixed typo.

12 years agodebug output of inbound and outbound TNCCS batches
Andreas Steffen [Thu, 9 Sep 2010 09:14:48 +0000 (11:14 +0200)]
debug output of inbound and outbound TNCCS batches

12 years agosupport non EAP-TTLS conformant RADIUS-type attribute segmentation
Andreas Steffen [Thu, 9 Sep 2010 09:13:48 +0000 (11:13 +0200)]
support non EAP-TTLS conformant RADIUS-type attribute segmentation

12 years agoFixed copy/paste error.
Tobias Brunner [Thu, 9 Sep 2010 08:10:43 +0000 (10:10 +0200)]
Fixed copy/paste error.

12 years agoadded explanatory comments
Andreas Steffen [Thu, 9 Sep 2010 06:57:13 +0000 (08:57 +0200)]
added explanatory comments

12 years agosend well-formed TNCCS-Batch
Andreas Steffen [Wed, 8 Sep 2010 11:44:34 +0000 (13:44 +0200)]
send well-formed TNCCS-Batch

12 years agomax max_message_count configurable and move it into tls_eap_t
Andreas Steffen [Wed, 8 Sep 2010 10:58:40 +0000 (12:58 +0200)]
max max_message_count configurable and move it into tls_eap_t

12 years agohandle TLS_PURPOSE_EAP_TNC
Andreas Steffen [Wed, 8 Sep 2010 10:11:44 +0000 (12:11 +0200)]
handle TLS_PURPOSE_EAP_TNC

12 years agoAdded a simple led plugin to control Linux LEDs based on IKE activity
Martin Willi [Wed, 8 Sep 2010 09:59:00 +0000 (11:59 +0200)]
Added a simple led plugin to control Linux LEDs based on IKE activity

12 years agomoved tls_t existance test into tls_eap_create() again
Andreas Steffen [Wed, 8 Sep 2010 09:09:11 +0000 (11:09 +0200)]
moved tls_t existance test into tls_eap_create() again

12 years agogeneralized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol
Andreas Steffen [Wed, 8 Sep 2010 09:01:47 +0000 (11:01 +0200)]
generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol

12 years agoRead the compression type byte for EC groups, only
Martin Willi [Wed, 8 Sep 2010 08:32:55 +0000 (10:32 +0200)]
Read the compression type byte for EC groups, only

12 years agoadded non-standard SERPENT and TWOFISH support to kernel_netlink plugin
Andreas Steffen [Wed, 8 Sep 2010 05:22:31 +0000 (07:22 +0200)]
added non-standard SERPENT and TWOFISH support to kernel_netlink plugin

12 years agoadded openssl-ikev2/rw-eap-tls-only scenario
Andreas Steffen [Tue, 7 Sep 2010 15:14:32 +0000 (17:14 +0200)]
added openssl-ikev2/rw-eap-tls-only scenario

12 years agoadded qcStatements OID
Andreas Steffen [Tue, 7 Sep 2010 09:17:51 +0000 (11:17 +0200)]
added qcStatements OID

12 years agoFixed typos
Martin Willi [Tue, 7 Sep 2010 08:24:40 +0000 (10:24 +0200)]
Fixed typos

12 years agoBuild tls_test script only if TLS stack is enabled
Martin Willi [Tue, 7 Sep 2010 08:21:44 +0000 (10:21 +0200)]
Build tls_test script only if TLS stack is enabled

12 years agoAdded PKCS#11 NEWS
Martin Willi [Tue, 7 Sep 2010 08:21:25 +0000 (10:21 +0200)]
Added PKCS#11 NEWS

12 years agoAdded (EAP-)TLS NEWS
Martin Willi [Tue, 7 Sep 2010 08:10:36 +0000 (10:10 +0200)]
Added (EAP-)TLS NEWS

12 years agoInclude ec_point_format extension in ClientHello
Martin Willi [Mon, 6 Sep 2010 16:51:38 +0000 (18:51 +0200)]
Include ec_point_format extension in ClientHello

12 years agoAdded TLS specific EC point formats
Martin Willi [Mon, 6 Sep 2010 16:42:43 +0000 (18:42 +0200)]
Added TLS specific EC point formats