strongswan.git
9 years agoMap the guests to a ruby hash to avoid creating new ruby objects on each call of...
Tobias Brunner [Thu, 24 Sep 2009 16:39:12 +0000 (18:39 +0200)]
Map the guests to a ruby hash to avoid creating new ruby objects on each call of Guest.each or Guest[].

9 years agoExposed the mutli-overlay functionality in the ruby bindings.
Tobias Brunner [Thu, 2 Jul 2009 15:11:28 +0000 (17:11 +0200)]
Exposed the mutli-overlay functionality in the ruby bindings.

Overlays can be added to individual guests (which overlays exactly the
supplied directory) or to all guests (which overlays a subdirectory
with the guest's name to each guest).

The template functionality is provided as before.

9 years agoAdded support for multiple overlays to the main library.
Tobias Brunner [Thu, 2 Jul 2009 15:01:14 +0000 (17:01 +0200)]
Added support for multiple overlays to the main library.

Also implemented the template functionality using the new overlay functions.

9 years agoAdded support for multiple overlays to guests (replaces the template functionality).
Tobias Brunner [Thu, 2 Jul 2009 14:41:40 +0000 (16:41 +0200)]
Added support for multiple overlays to guests (replaces the template functionality).

Compared to a template an overlay is an arbitrary directory, not the
parent directory of a directory with the guest's name.

9 years agoAdded support for multiple overlays to the copy-on-write filesystem.
Tobias Brunner [Tue, 12 Oct 2010 13:03:19 +0000 (15:03 +0200)]
Added support for multiple overlays to the copy-on-write filesystem.

9 years agoDo not add additional addresses to MOBIKE path probing messages.
Tobias Brunner [Thu, 7 Oct 2010 08:08:06 +0000 (10:08 +0200)]
Do not add additional addresses to MOBIKE path probing messages.

9 years agoChange behavior of responder during roaming.
Tobias Brunner [Tue, 5 Oct 2010 16:01:41 +0000 (18:01 +0200)]
Change behavior of responder during roaming.

If the current source address is not available anymore, the responder
uses ike_mobike_t.roam, thus, uses multiple address combinations when
trying to notify the initiator.

9 years agoAllow responder to use ike_mobike_t.roam.
Tobias Brunner [Tue, 5 Oct 2010 15:59:48 +0000 (17:59 +0200)]
Allow responder to use ike_mobike_t.roam.

After getting a response the responder updates the IPsec SAs.

9 years agoSend list of additional addresses even if current path is still valid.
Tobias Brunner [Tue, 5 Oct 2010 15:55:32 +0000 (17:55 +0200)]
Send list of additional addresses even if current path is still valid.

9 years agoExtracted path checking in ike_sa_t.roam into separate functions.
Tobias Brunner [Tue, 5 Oct 2010 15:49:50 +0000 (17:49 +0200)]
Extracted path checking in ike_sa_t.roam into separate functions.

9 years agoAdded support for responders to change their address via MOBIKE.
Tobias Brunner [Tue, 5 Oct 2010 14:52:36 +0000 (16:52 +0200)]
Added support for responders to change their address via MOBIKE.

If the original responder updates its list of additional addresses we
check if the remote endpoint changed and update the IPsec SAs if it did,
as we assume the original address became unavailable and the responder
already updated the SAs on its side.

9 years agoExplicitly configure MOBIKE tasks to update the list of additional addresses.
Tobias Brunner [Tue, 5 Oct 2010 14:49:20 +0000 (16:49 +0200)]
Explicitly configure MOBIKE tasks to update the list of additional addresses.

9 years agoImproved check for first IKE_AUTH message in ike_mobike task.
Tobias Brunner [Tue, 5 Oct 2010 14:42:39 +0000 (16:42 +0200)]
Improved check for first IKE_AUTH message in ike_mobike task.

If the original responder initiated a MOBIKE exchange, the previous
check was not always correct.

9 years agoMigrated ike_mobike task to INIT/METHOD macros.
Tobias Brunner [Thu, 7 Oct 2010 12:26:35 +0000 (14:26 +0200)]
Migrated ike_mobike task to INIT/METHOD macros.

9 years agoSimplified apply_port function in mobike task.
Tobias Brunner [Tue, 5 Oct 2010 14:16:21 +0000 (16:16 +0200)]
Simplified apply_port function in mobike task.

9 years agoDo not fire roam events based on local route changes.
Tobias Brunner [Tue, 5 Oct 2010 14:18:35 +0000 (16:18 +0200)]
Do not fire roam events based on local route changes.

These kernel events are triggered on address changes, which is
problematic when deleting virtual IP addresses.

9 years agoIf a changed route has no src, try to find it via interface.
Tobias Brunner [Tue, 5 Oct 2010 16:41:06 +0000 (18:41 +0200)]
If a changed route has no src, try to find it via interface.

9 years agoGet source address from interface if the route does not provide one.
Tobias Brunner [Tue, 5 Oct 2010 07:36:31 +0000 (09:36 +0200)]
Get source address from interface if the route does not provide one.

9 years agoDo not update hosts based on retransmitted messages.
Tobias Brunner [Tue, 7 Sep 2010 09:52:16 +0000 (11:52 +0200)]
Do not update hosts based on retransmitted messages.

9 years agoDo not update remote host if we are behind a NAT.
Tobias Brunner [Tue, 7 Sep 2010 09:31:01 +0000 (11:31 +0200)]
Do not update remote host if we are behind a NAT.

9 years agoscenarios without RADIUS server can use default iptables script
Andreas Steffen [Mon, 11 Oct 2010 15:04:53 +0000 (17:04 +0200)]
scenarios without RADIUS server can use default iptables script

9 years agofixed some evaltest.dat files
Andreas Steffen [Mon, 11 Oct 2010 14:57:53 +0000 (16:57 +0200)]
fixed some evaltest.dat files

9 years agoadded ikev2/rw-eap-tnc-block scenario
Andreas Steffen [Mon, 11 Oct 2010 14:55:21 +0000 (16:55 +0200)]
added ikev2/rw-eap-tnc-block scenario

9 years agoadded eap-radius-filter_id option to strongswan.conf
Andreas Steffen [Mon, 11 Oct 2010 10:20:45 +0000 (12:20 +0200)]
added eap-radius-filter_id option to strongswan.conf

9 years agoupdated keyexchange entry in ipsec.conf.5 man page
Andreas Steffen [Mon, 11 Oct 2010 04:23:57 +0000 (06:23 +0200)]
updated keyexchange entry in ipsec.conf.5 man page

9 years agoupdated strongswan.conf
Andreas Steffen [Mon, 11 Oct 2010 04:12:26 +0000 (06:12 +0200)]
updated strongswan.conf

9 years agoexplicit ikev1 key exchange for ikev1/esp-alg-null scenario
Andreas Steffen [Sat, 9 Oct 2010 20:07:51 +0000 (22:07 +0200)]
explicit ikev1 key exchange for ikev1/esp-alg-null scenario

9 years agofixed typo
Andreas Steffen [Sat, 9 Oct 2010 20:05:26 +0000 (22:05 +0200)]
fixed typo

9 years ago*** HISTORICAL MOMENT: IKEv2 becomes the default! ***
Andreas Steffen [Sat, 9 Oct 2010 18:46:55 +0000 (20:46 +0200)]
*** HISTORICAL MOMENT: IKEv2 becomes the default! ***

9 years agodefine explicit IKEv1 key exchange mode II
Andreas Steffen [Sat, 9 Oct 2010 18:04:00 +0000 (20:04 +0200)]
define explicit IKEv1 key exchange mode II

9 years agouse DBG_TNC for TNC debugging output
Andreas Steffen [Sat, 9 Oct 2010 14:01:19 +0000 (16:01 +0200)]
use DBG_TNC for TNC debugging output

9 years agochanged filter attribute from access to allow
Andreas Steffen [Fri, 8 Oct 2010 23:01:19 +0000 (01:01 +0200)]
changed filter attribute from access to allow

9 years agoadded ikev2/rw-eap-tnc scenario
Andreas Steffen [Fri, 8 Oct 2010 22:59:31 +0000 (00:59 +0200)]
added ikev2/rw-eap-tnc scenario

9 years agoTNCCS debug cosmetics
Andreas Steffen [Fri, 8 Oct 2010 22:58:12 +0000 (00:58 +0200)]
TNCCS debug cosmetics

9 years agorevert to standard TNCC/TNCS Initialization function
Andreas Steffen [Fri, 8 Oct 2010 22:35:45 +0000 (00:35 +0200)]
revert to standard TNCC/TNCS Initialization function

9 years agoimplemented TNC isolation via group memberships
Andreas Steffen [Fri, 8 Oct 2010 22:34:53 +0000 (00:34 +0200)]
implemented TNC isolation via group memberships

9 years agoimplemented a makeshift non-scalable send buffer
Andreas Steffen [Fri, 8 Oct 2010 20:24:30 +0000 (22:24 +0200)]
implemented a makeshift non-scalable send buffer

9 years agoimc/imv cosmetics
Andreas Steffen [Fri, 8 Oct 2010 04:40:03 +0000 (06:40 +0200)]
imc/imv cosmetics

9 years agofixed notation
Andreas Steffen [Thu, 7 Oct 2010 21:34:37 +0000 (23:34 +0200)]
fixed notation

9 years agocreated tnc-imc and tnc-imv plugins
Andreas Steffen [Thu, 7 Oct 2010 21:31:23 +0000 (23:31 +0200)]
created tnc-imc and tnc-imv plugins

9 years agodeactivate start_phase2_tnc flag after start
Andreas Steffen [Thu, 7 Oct 2010 13:42:00 +0000 (15:42 +0200)]
deactivate start_phase2_tnc flag after start

9 years agoadded server side support for EAP-TNC
Andreas Steffen [Thu, 7 Oct 2010 13:02:36 +0000 (15:02 +0200)]
added server side support for EAP-TNC

9 years agoShow result of RADIUS authentication along with EAP identity
Martin Willi [Thu, 7 Oct 2010 09:13:48 +0000 (11:13 +0200)]
Show result of RADIUS authentication along with EAP identity

9 years agoadded --debug-tls to charon usage() function
Andreas Steffen [Thu, 7 Oct 2010 07:34:56 +0000 (09:34 +0200)]
added --debug-tls to charon usage() function

9 years agodefine explicit IKEv1 key exchange mode
Andreas Steffen [Thu, 7 Oct 2010 05:31:44 +0000 (07:31 +0200)]
define explicit IKEv1 key exchange mode

9 years agohost venus is used in ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Wed, 6 Oct 2010 08:38:18 +0000 (10:38 +0200)]
host venus is used in ikev2/rw-eap-tnc-radius scenario

9 years agoadded ikev2/rw-eap-tnc-radius-block scenario
Andreas Steffen [Wed, 6 Oct 2010 08:32:50 +0000 (10:32 +0200)]
added ikev2/rw-eap-tnc-radius-block scenario

9 years agoadded tnccs-11 plugin options to strongswan.conf
Andreas Steffen [Wed, 6 Oct 2010 05:53:50 +0000 (07:53 +0200)]
added tnccs-11 plugin options to strongswan.conf

9 years agoversion bump to 4.5.0dr5
Andreas Steffen [Wed, 6 Oct 2010 05:07:14 +0000 (07:07 +0200)]
version bump to 4.5.0dr5

9 years agoconfigure tnc_config path and preferred_language via strongswan.conf
Andreas Steffen [Tue, 5 Oct 2010 20:09:07 +0000 (22:09 +0200)]
configure tnc_config path and preferred_language via strongswan.conf

9 years agocreated hull for TNCCS 2.0 plugin
Andreas Steffen [Tue, 5 Oct 2010 19:15:24 +0000 (21:15 +0200)]
created hull for TNCCS 2.0 plugin

9 years agouse group membership to implement access/isolate redirection in filter-based TNC...
Andreas Steffen [Tue, 5 Oct 2010 18:40:36 +0000 (20:40 +0200)]
use group membership to implement access/isolate redirection in filter-based TNC scenario

9 years agofinal version of ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Tue, 5 Oct 2010 18:38:34 +0000 (20:38 +0200)]
final version of ikev2/rw-eap-tnc-radius scenario

9 years agofixed typo in image path
Andreas Steffen [Tue, 5 Oct 2010 07:09:58 +0000 (09:09 +0200)]
fixed typo in image path

9 years agomoved CHILD_SA selection out of attribute loop
Andreas Steffen [Tue, 5 Oct 2010 06:02:07 +0000 (08:02 +0200)]
moved CHILD_SA selection out of attribute loop

9 years agoreceive name of preferred CHILD_SA via RADIUS Filter-Id attribute
Andreas Steffen [Tue, 5 Oct 2010 05:58:07 +0000 (07:58 +0200)]
receive name of preferred CHILD_SA via RADIUS Filter-Id attribute

9 years agoupdated ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Tue, 5 Oct 2010 05:56:57 +0000 (07:56 +0200)]
updated ikev2/rw-eap-tnc-radius scenario

9 years agoset EAP-TTLS/TNC version also in acknowledgement packets
Andreas Steffen [Mon, 4 Oct 2010 12:39:49 +0000 (14:39 +0200)]
set EAP-TTLS/TNC version also in acknowledgement packets

9 years agoFixed status_t enum names definition
Martin Willi [Mon, 4 Oct 2010 08:47:30 +0000 (10:47 +0200)]
Fixed status_t enum names definition

9 years agoadded configuration files for dummyimc.so IMC
Andreas Steffen [Thu, 30 Sep 2010 22:14:44 +0000 (00:14 +0200)]
added configuration files for dummyimc.so IMC

9 years agoThe TNC@FHH TNC Serve does not like symbolic links
Andreas Steffen [Thu, 30 Sep 2010 21:35:24 +0000 (23:35 +0200)]
The TNC@FHH TNC Serve does not like symbolic links

9 years agoprint XML as plaintext and process recieved TNCCS Batch
Andreas Steffen [Thu, 30 Sep 2010 21:34:00 +0000 (23:34 +0200)]
print XML as plaintext and process recieved TNCCS Batch

9 years agoadded tnc_config files to TNC scenario
Andreas Steffen [Thu, 30 Sep 2010 10:42:18 +0000 (12:42 +0200)]
added tnc_config files to TNC scenario

9 years agostarted use of libtnc library
Andreas Steffen [Wed, 29 Sep 2010 21:24:59 +0000 (23:24 +0200)]
started use of libtnc library

9 years agoNOTIFY error message types include 16383
Andreas Steffen [Wed, 29 Sep 2010 17:01:36 +0000 (19:01 +0200)]
NOTIFY error message types include 16383

9 years agoadded NEWS for 4.5dr3
Andreas Steffen [Wed, 29 Sep 2010 05:14:52 +0000 (07:14 +0200)]
added NEWS for 4.5dr3

9 years agoversion bump to 4.5dr4
Andreas Steffen [Wed, 29 Sep 2010 05:14:33 +0000 (07:14 +0200)]
version bump to 4.5dr4

9 years agoload tnccs-11 plugin in ikev2/rw-eap-tnc-radius scenario
Andreas Steffen [Tue, 28 Sep 2010 21:52:59 +0000 (23:52 +0200)]
load tnccs-11 plugin in ikev2/rw-eap-tnc-radius scenario

9 years agomoved TNCCS layer out of eap_tnc plugin
Andreas Steffen [Tue, 28 Sep 2010 21:34:04 +0000 (23:34 +0200)]
moved TNCCS layer out of eap_tnc plugin

9 years agostop gateway after clients in order to check release of virtual IP
Andreas Steffen [Sun, 26 Sep 2010 09:31:39 +0000 (11:31 +0200)]
stop gateway after clients in order to check release of virtual IP

9 years agostop gateway after clients in order to check release of virtual IP
Andreas Steffen [Sun, 26 Sep 2010 08:58:28 +0000 (10:58 +0200)]
stop gateway after clients in order to check release of virtual IP

9 years agostop gateway after clients in order to check release of virtual IP
Andreas Steffen [Sun, 26 Sep 2010 08:35:12 +0000 (10:35 +0200)]
stop gateway after clients in order to check release of virtual IP

9 years agofixed release of virtual IP for XAUTH identities
Andreas Steffen [Sun, 26 Sep 2010 08:16:30 +0000 (10:16 +0200)]
fixed release of virtual IP for XAUTH identities

9 years agoinclude RFC 5998
Andreas Steffen [Mon, 20 Sep 2010 18:03:20 +0000 (20:03 +0200)]
include RFC 5998

9 years agodraft-ietf-ipsecme-eap-mutual will be released as RFC 5998.
Tobias Brunner [Thu, 16 Sep 2010 08:27:49 +0000 (10:27 +0200)]
draft-ietf-ipsecme-eap-mutual will be released as RFC 5998.

9 years agothe updated IKEv2 RFC 5996 has been released
Andreas Steffen [Wed, 15 Sep 2010 10:55:31 +0000 (12:55 +0200)]
the updated IKEv2 RFC 5996 has been released

9 years agoadded notify messages defined in RFC 5996
Andreas Steffen [Wed, 15 Sep 2010 10:48:58 +0000 (12:48 +0200)]
added notify messages defined in RFC 5996

9 years agoshow validity of OCSP responses
Andreas Steffen [Fri, 10 Sep 2010 20:14:12 +0000 (22:14 +0200)]
show validity of OCSP responses

9 years agoAdded missing options (corrected some default values).
Tobias Brunner [Fri, 10 Sep 2010 09:18:31 +0000 (11:18 +0200)]
Added missing options (corrected some default values).

9 years agoMoved load-tester configuration to a separate section.
Tobias Brunner [Fri, 10 Sep 2010 08:00:02 +0000 (10:00 +0200)]
Moved load-tester configuration to a separate section.

9 years agoAdded information about logger configuration.
Tobias Brunner [Thu, 9 Sep 2010 16:55:26 +0000 (18:55 +0200)]
Added information about logger configuration.

9 years agoMore information about IKEv2 retransmissions added.
Tobias Brunner [Thu, 9 Sep 2010 16:50:24 +0000 (18:50 +0200)]
More information about IKEv2 retransmissions added.

9 years agoAdding most of the strongswan.conf options from the wiki.
Tobias Brunner [Thu, 9 Sep 2010 16:49:04 +0000 (18:49 +0200)]
Adding most of the strongswan.conf options from the wiki.

9 years agoAdded strongswan.conf(5) stub.
Tobias Brunner [Thu, 9 Sep 2010 12:03:22 +0000 (14:03 +0200)]
Added strongswan.conf(5) stub.

9 years agoMoved man pages for config files to a separate directory.
Tobias Brunner [Thu, 9 Sep 2010 11:15:36 +0000 (13:15 +0200)]
Moved man pages for config files to a separate directory.

9 years agoversion bump to 4.5.0dr2
Andreas Steffen [Fri, 10 Sep 2010 05:37:28 +0000 (07:37 +0200)]
version bump to 4.5.0dr2

9 years agofixed memory leak
Andreas Steffen [Thu, 9 Sep 2010 19:38:22 +0000 (21:38 +0200)]
fixed memory leak

9 years agoCompare subject against all key identifiers in has_subject()
Martin Willi [Thu, 9 Sep 2010 15:40:16 +0000 (17:40 +0200)]
Compare subject against all key identifiers in has_subject()

9 years agohas_subject() now resolves ID_KEY_IDs
Andreas Steffen [Thu, 9 Sep 2010 15:14:06 +0000 (17:14 +0200)]
has_subject() now resolves ID_KEY_IDs

9 years agoDo not change cipherspec while we have buffered handshake fragments pending
Martin Willi [Thu, 9 Sep 2010 12:27:41 +0000 (14:27 +0200)]
Do not change cipherspec while we have buffered handshake fragments pending

9 years agoadded ikev1/net2net-same-nets scenario
Andreas Steffen [Thu, 9 Sep 2010 11:37:22 +0000 (13:37 +0200)]
added ikev1/net2net-same-nets scenario

9 years agoConditional exclusion of tls_test script completed.
Tobias Brunner [Thu, 9 Sep 2010 11:19:51 +0000 (13:19 +0200)]
Conditional exclusion of tls_test script completed.

9 years agoFixed typo.
Tobias Brunner [Thu, 9 Sep 2010 11:19:22 +0000 (13:19 +0200)]
Fixed typo.

9 years agodebug output of inbound and outbound TNCCS batches
Andreas Steffen [Thu, 9 Sep 2010 09:14:48 +0000 (11:14 +0200)]
debug output of inbound and outbound TNCCS batches

9 years agosupport non EAP-TTLS conformant RADIUS-type attribute segmentation
Andreas Steffen [Thu, 9 Sep 2010 09:13:48 +0000 (11:13 +0200)]
support non EAP-TTLS conformant RADIUS-type attribute segmentation

9 years agoFixed copy/paste error.
Tobias Brunner [Thu, 9 Sep 2010 08:10:43 +0000 (10:10 +0200)]
Fixed copy/paste error.

9 years agoadded explanatory comments
Andreas Steffen [Thu, 9 Sep 2010 06:57:13 +0000 (08:57 +0200)]
added explanatory comments

9 years agosend well-formed TNCCS-Batch
Andreas Steffen [Wed, 8 Sep 2010 11:44:34 +0000 (13:44 +0200)]
send well-formed TNCCS-Batch

9 years agomax max_message_count configurable and move it into tls_eap_t
Andreas Steffen [Wed, 8 Sep 2010 10:58:40 +0000 (12:58 +0200)]
max max_message_count configurable and move it into tls_eap_t

9 years agohandle TLS_PURPOSE_EAP_TNC
Andreas Steffen [Wed, 8 Sep 2010 10:11:44 +0000 (12:11 +0200)]
handle TLS_PURPOSE_EAP_TNC