strongswan.git
11 years agoexplicitly load kernel-netlink plugin in UML scenarios
Andreas Steffen [Tue, 7 Oct 2008 04:51:20 +0000 (04:51 -0000)]
explicitly load kernel-netlink plugin in UML scenarios

11 years agouse MOBIKE enabled DPD if we are NATed
Martin Willi [Mon, 6 Oct 2008 13:37:04 +0000 (13:37 -0000)]
use MOBIKE enabled DPD if we are NATed
update SAs if we detect changes in NAT mappings

11 years agofixed builder_cancel macro to return NULL on failed build
Martin Willi [Mon, 6 Oct 2008 13:08:49 +0000 (13:08 -0000)]
fixed builder_cancel macro to return NULL on failed build

11 years agodo not run CHILD_SA delete action if rekeying
Martin Willi [Fri, 3 Oct 2008 16:01:14 +0000 (16:01 -0000)]
do not run CHILD_SA delete action if rekeying

11 years agoadded --disable-kernel-netlink configure option
Andreas Steffen [Fri, 3 Oct 2008 03:27:42 +0000 (03:27 -0000)]
added --disable-kernel-netlink configure option

11 years agouse dpd_action also for remotely closed tunnels
Martin Willi [Thu, 2 Oct 2008 13:47:19 +0000 (13:47 -0000)]
use dpd_action also for remotely closed tunnels

11 years agoalso respect the mobike=no setting as responder
Martin Willi [Tue, 30 Sep 2008 12:36:58 +0000 (12:36 -0000)]
also respect the mobike=no setting as responder

11 years agousing signed return value for read()
Martin Willi [Tue, 30 Sep 2008 06:27:50 +0000 (06:27 -0000)]
using signed return value for read()

11 years agomerging renaming of mode_t to ipsec_mode_t back to trunk
Tobias Brunner [Thu, 25 Sep 2008 13:56:23 +0000 (13:56 -0000)]
merging renaming of mode_t to ipsec_mode_t back to trunk

11 years agomerging modularized kernel interface back to trunk
Tobias Brunner [Thu, 25 Sep 2008 07:56:58 +0000 (07:56 -0000)]
merging modularized kernel interface back to trunk

11 years agomissing '_' added
Tobias Brunner [Fri, 19 Sep 2008 13:20:09 +0000 (13:20 -0000)]
missing '_' added

11 years agoversion bump to 4.2.8
Andreas Steffen [Thu, 18 Sep 2008 00:42:22 +0000 (00:42 -0000)]
version bump to 4.2.8

11 years agocompleted NEWS for 4.2.7 release 4.2.7
Andreas Steffen [Thu, 18 Sep 2008 00:34:31 +0000 (00:34 -0000)]
completed NEWS for 4.2.7 release

11 years agofixed DH value range testing
Martin Willi [Wed, 17 Sep 2008 09:02:30 +0000 (09:02 -0000)]
fixed DH value range testing

11 years agochecking mpz_export return value properly
Martin Willi [Wed, 17 Sep 2008 08:10:48 +0000 (08:10 -0000)]
checking mpz_export return value properly
fixes a potential DoS attack if a DH value of zero gets processed

11 years agostroke parses and lists AC groups
Andreas Steffen [Wed, 17 Sep 2008 02:17:01 +0000 (02:17 -0000)]
stroke parses and lists AC groups

11 years agoupdated ubuntu packages for release compatible with NM svn20080908
Martin Willi [Fri, 12 Sep 2008 13:48:11 +0000 (13:48 -0000)]
updated ubuntu packages for release compatible with NM svn20080908

11 years agoported NM plugin to upstream NetworkManager changes
Martin Willi [Fri, 12 Sep 2008 13:28:31 +0000 (13:28 -0000)]
ported NM plugin to upstream NetworkManager changes
splitted secrets (4031)
using uuid in auth-dialog (4053)

11 years agoallow multiple DELETE payloads in an informational message
Martin Willi [Thu, 11 Sep 2008 11:14:09 +0000 (11:14 -0000)]
allow multiple DELETE payloads in an informational message

11 years agoupdated NEWS
Martin Willi [Fri, 5 Sep 2008 15:10:56 +0000 (15:10 -0000)]
updated NEWS

11 years agofixed ubuntu distribution/typos
Martin Willi [Fri, 5 Sep 2008 14:44:21 +0000 (14:44 -0000)]
fixed ubuntu distribution/typos

11 years agonew ubuntu package release
Martin Willi [Fri, 5 Sep 2008 14:01:47 +0000 (14:01 -0000)]
new ubuntu package release

11 years agoNM plugin supports (encrypted) private key files
Martin Willi [Fri, 5 Sep 2008 13:26:58 +0000 (13:26 -0000)]
NM plugin supports (encrypted) private key files

11 years agotime values in strongswan.conf can be optionally specified in days (d), hours (h...
Andreas Steffen [Thu, 4 Sep 2008 16:19:46 +0000 (16:19 -0000)]
time values in strongswan.conf can be optionally specified in days (d), hours (h), minutes (m), or seconds (s)

11 years agosome NEWS
Martin Willi [Thu, 4 Sep 2008 14:52:33 +0000 (14:52 -0000)]
some NEWS

11 years agofixed some translations/encoding
Martin Willi [Thu, 4 Sep 2008 13:51:35 +0000 (13:51 -0000)]
fixed some translations/encoding

11 years agoan initial German translation for NM plugin
Martin Willi [Thu, 4 Sep 2008 13:39:37 +0000 (13:39 -0000)]
an initial German translation for NM plugin

11 years agoupdated debian build to extended nm plugin
Martin Willi [Thu, 4 Sep 2008 11:55:31 +0000 (11:55 -0000)]
updated debian build to extended nm plugin

11 years agoreduced nm verbosity
Martin Willi [Thu, 4 Sep 2008 10:35:20 +0000 (10:35 -0000)]
reduced nm verbosity

11 years agoimplemented NetworkManager certificate/private key authentication using ssh-agent
Martin Willi [Thu, 4 Sep 2008 08:40:37 +0000 (08:40 -0000)]
implemented NetworkManager certificate/private key authentication using ssh-agent

11 years agoadded a configure option to select charon binary
Martin Willi [Thu, 4 Sep 2008 08:37:31 +0000 (08:37 -0000)]
added a configure option to select charon binary

11 years agoagent plugin optionally accepts a BUILD_PUBLIC_KEY to select a specific private key...
Martin Willi [Thu, 4 Sep 2008 08:35:11 +0000 (08:35 -0000)]
agent plugin optionally accepts a BUILD_PUBLIC_KEY to select a specific private key from the agent

11 years agocharon.keep_alive = 0 disables the sending of NAT keep alives
Andreas Steffen [Wed, 3 Sep 2008 19:00:08 +0000 (19:00 -0000)]
charon.keep_alive = 0 disables the sending of NAT keep alives

11 years agoconfigure NAT keep alive interval using the charon.keep_alive key
Andreas Steffen [Wed, 3 Sep 2008 18:49:06 +0000 (18:49 -0000)]
configure NAT keep alive interval using the charon.keep_alive key

11 years agotypos
Tobias Brunner [Wed, 3 Sep 2008 07:44:46 +0000 (07:44 -0000)]
typos

11 years agohandle INFORMATIONAL exchanges with NATD payloads in mobike task
Martin Willi [Tue, 2 Sep 2008 14:02:40 +0000 (14:02 -0000)]
handle INFORMATIONAL exchanges with NATD payloads in mobike task

11 years agolibstrongswan agent plugin to use ssh-agent for RSA signatures
Martin Willi [Tue, 2 Sep 2008 11:04:26 +0000 (11:04 -0000)]
libstrongswan agent plugin to use ssh-agent for RSA signatures

11 years agoported openac to credential factory changes
Martin Willi [Tue, 2 Sep 2008 11:01:05 +0000 (11:01 -0000)]
ported openac to credential factory changes

11 years agorefactored credential builder
Martin Willi [Tue, 2 Sep 2008 11:00:13 +0000 (11:00 -0000)]
refactored credential builder
allow enumeration of matching builders
try a second builder if the first one fails
builder clones resources internally on demand
caller frees added resources on failure and success
stricter handling of non-supported build parts

11 years agoOIDs used by strongSwan
Andreas Steffen [Mon, 1 Sep 2008 11:38:03 +0000 (11:38 -0000)]
OIDs used by strongSwan

11 years agoadded thread_analysis tool
Andreas Steffen [Mon, 1 Sep 2008 11:19:07 +0000 (11:19 -0000)]
added thread_analysis tool

11 years agouse libcap for capability dropping
Martin Willi [Fri, 29 Aug 2008 09:24:14 +0000 (09:24 -0000)]
use libcap for capability dropping
optional, must be enabled --with-capabilities=libcap
will be extended to support --with-capabilities=libcap2

11 years agostreamlined ipsec listalgs output
Andreas Steffen [Fri, 29 Aug 2008 05:35:09 +0000 (05:35 -0000)]
streamlined ipsec listalgs output

11 years agocapability API to allow plugin-controlled capability set
Martin Willi [Thu, 28 Aug 2008 16:27:48 +0000 (16:27 -0000)]
capability API to allow plugin-controlled capability set

11 years agocosmetics
Martin Willi [Thu, 28 Aug 2008 11:15:01 +0000 (11:15 -0000)]
cosmetics

11 years agocreating default IKE proposals dynamically using algorithm enumeration API
Martin Willi [Thu, 28 Aug 2008 11:07:57 +0000 (11:07 -0000)]
creating default IKE proposals dynamically using algorithm enumeration API

11 years agoseparated sha1_prf implementation from sha1_hasher
Martin Willi [Thu, 28 Aug 2008 10:57:24 +0000 (10:57 -0000)]
separated sha1_prf implementation from sha1_hasher

11 years agocrypto_factory algorithm enumeration API
Martin Willi [Thu, 28 Aug 2008 09:24:42 +0000 (09:24 -0000)]
crypto_factory algorithm enumeration API
implementation of "ipsec listalgs"

11 years ago * allow to load templates from arbitrary places
Tobias Brunner [Thu, 28 Aug 2008 08:05:07 +0000 (08:05 -0000)]
 * allow to load templates from arbitrary places
 * changed implementation of guest?/iface?

11 years agomkdir_p: utility function to create a directory and all required parent directories
Tobias Brunner [Thu, 28 Aug 2008 07:47:55 +0000 (07:47 -0000)]
mkdir_p: utility function to create a directory and all required parent directories

11 years agobuild scripts for ubuntu NetworkManager packages
Martin Willi [Wed, 27 Aug 2008 13:51:05 +0000 (13:51 -0000)]
build scripts for ubuntu NetworkManager packages

11 years agocheck user account validity after PAM authentication
Martin Willi [Wed, 27 Aug 2008 13:48:54 +0000 (13:48 -0000)]
check user account validity after PAM authentication

11 years agoversion bump to 4.2.7
Andreas Steffen [Wed, 27 Aug 2008 12:01:57 +0000 (12:01 -0000)]
version bump to 4.2.7

11 years agoadditional NEWS for 4.2.6 4.2.6
Martin Willi [Wed, 27 Aug 2008 08:39:09 +0000 (08:39 -0000)]
additional NEWS for 4.2.6

11 years ago * guest#running?
Tobias Brunner [Wed, 27 Aug 2008 07:35:20 +0000 (07:35 -0000)]
 * guest#running?
 * guest?, iface? (also Guest.include? resp. guest.include?)
 * easy accessors for guests and ifaces (Guest.sun instead of Guest["sun"] and guest.eth0 instead of guest["eth0"])
 * if a block is given for iface#add or iface#del then the change is only temporary while executing the block and gets reverted afterwards

11 years agomy changes for the 4.2.6 release
Andreas Steffen [Wed, 27 Aug 2008 07:19:40 +0000 (07:19 -0000)]
my changes for the 4.2.6 release

11 years agoadded ikev2/rw-eap-aka-identity scenario
Andreas Steffen [Tue, 26 Aug 2008 20:02:58 +0000 (20:02 -0000)]
added ikev2/rw-eap-aka-identity scenario

11 years agocosmetics
Andreas Steffen [Tue, 26 Aug 2008 19:54:47 +0000 (19:54 -0000)]
cosmetics

11 years agoipsec statusall lists eap_type and eap_identity
Andreas Steffen [Tue, 26 Aug 2008 19:45:44 +0000 (19:45 -0000)]
ipsec statusall lists eap_type and eap_identity

11 years agoenable-eap-identity in UML scenarios
Andreas Steffen [Tue, 26 Aug 2008 19:17:14 +0000 (19:17 -0000)]
enable-eap-identity in UML scenarios

11 years agousing strongSwan, not NetworkManager version number
Martin Willi [Tue, 26 Aug 2008 14:27:53 +0000 (14:27 -0000)]
using strongSwan, not NetworkManager version number

11 years agofixing charon path for now for ubuntu package
Martin Willi [Tue, 26 Aug 2008 14:27:12 +0000 (14:27 -0000)]
fixing charon path for now for ubuntu package

11 years agoadded ikev2/multi-level-ca-cr-init and ikev2/multi-level-ca-cr-resp scenarios
Andreas Steffen [Tue, 26 Aug 2008 05:34:33 +0000 (05:34 -0000)]
added ikev2/multi-level-ca-cr-init and ikev2/multi-level-ca-cr-resp scenarios

11 years agocompleted support of AUTHZ_CA_CERT and AUTHZ_CA_CERT_NAME attributes
Andreas Steffen [Tue, 26 Aug 2008 05:15:34 +0000 (05:15 -0000)]
completed support of AUTHZ_CA_CERT and AUTHZ_CA_CERT_NAME attributes

11 years agoadapted sql/rw-eap-aka-rsa scenario to new EAP identity type
Andreas Steffen [Mon, 25 Aug 2008 13:52:26 +0000 (13:52 -0000)]
adapted sql/rw-eap-aka-rsa scenario to new EAP identity type

11 years agolist CA restrictions in ipsec statusall
Andreas Steffen [Mon, 25 Aug 2008 12:35:18 +0000 (12:35 -0000)]
list CA restrictions in ipsec statusall

11 years agoadded NM gnome plugin to distribution
Martin Willi [Mon, 25 Aug 2008 08:21:51 +0000 (08:21 -0000)]
added NM gnome plugin to distribution

11 years agoremoved generated Makefile.in.in from svn
Martin Willi [Mon, 25 Aug 2008 08:15:57 +0000 (08:15 -0000)]
removed generated Makefile.in.in from svn

11 years agoenforce DN of configured gateway certificate
Martin Willi [Mon, 25 Aug 2008 07:50:21 +0000 (07:50 -0000)]
enforce DN of configured gateway certificate

11 years agonew EAP-Identity handling uses ID_EAP in plugins
Martin Willi [Mon, 25 Aug 2008 07:49:48 +0000 (07:49 -0000)]
new EAP-Identity handling uses ID_EAP in plugins

11 years agodisabled PSK option until we have a way to enforce strong secrets
Martin Willi [Mon, 25 Aug 2008 07:48:11 +0000 (07:48 -0000)]
disabled PSK option until we have a way to enforce strong secrets

11 years agouse username part of RFC822 IDs for PAM authentication
Martin Willi [Mon, 25 Aug 2008 07:47:16 +0000 (07:47 -0000)]
use username part of RFC822 IDs for PAM authentication

11 years agoported parts of two-sim branch
Martin Willi [Fri, 22 Aug 2008 10:44:51 +0000 (10:44 -0000)]
ported parts of two-sim branch
eap_identity parameter to exchange in eap_identity
some auth_info/peer_cfg refactorings
fixed some bugs, introduced new ones

11 years agorun guests with some niceness
Martin Willi [Fri, 22 Aug 2008 08:37:15 +0000 (08:37 -0000)]
run guests with some niceness

11 years agopool names are unique
Martin Willi [Fri, 22 Aug 2008 07:38:59 +0000 (07:38 -0000)]
pool names are unique

11 years agodo not return IPv6 src addresses for IPv4 destinations
Martin Willi [Thu, 21 Aug 2008 15:17:45 +0000 (15:17 -0000)]
do not return IPv6 src addresses for IPv4 destinations

11 years agofixed EAP-GTC secret lookup
Martin Willi [Thu, 21 Aug 2008 14:40:03 +0000 (14:40 -0000)]
fixed EAP-GTC secret lookup
improved error logging
PAM authentication needs CAP_AUDIT_WRITE capability

11 years agoa (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM
Martin Willi [Thu, 21 Aug 2008 12:10:07 +0000 (12:10 -0000)]
a (incomplete) implementation of draft-sheffer-ikev2-gtc-00.txt using PAM

11 years agocorrected caption
Andreas Steffen [Thu, 21 Aug 2008 11:58:58 +0000 (11:58 -0000)]
corrected caption

11 years agocharon.process_route = no does not process RTM_NEWROUTE and RTM_DELROUTE events....
Andreas Steffen [Thu, 21 Aug 2008 11:55:16 +0000 (11:55 -0000)]
charon.process_route = no does not process RTM_NEWROUTE and RTM_DELROUTE events. Useful for taking down hundreds of virtual IPs on the same host

11 years agoadded sqlite busy handler: retries on locking conflicts
Martin Willi [Thu, 21 Aug 2008 09:25:06 +0000 (09:25 -0000)]
added sqlite busy handler: retries on locking conflicts

11 years agoavoid too many alloca()s in netlink send, problematic on MIPS
Martin Willi [Thu, 21 Aug 2008 07:55:16 +0000 (07:55 -0000)]
avoid too many alloca()s in netlink send, problematic on MIPS

11 years agosome string fixes
Martin Willi [Wed, 20 Aug 2008 13:59:37 +0000 (13:59 -0000)]
some string fixes

11 years agoadded missing tooltip
Martin Willi [Wed, 20 Aug 2008 12:02:53 +0000 (12:02 -0000)]
added missing tooltip

11 years agohandle DBUS permission problems gracefully
Martin Willi [Wed, 20 Aug 2008 11:44:47 +0000 (11:44 -0000)]
handle DBUS permission problems gracefully

11 years agofixed shared key lookup by ID
Martin Willi [Wed, 20 Aug 2008 08:51:18 +0000 (08:51 -0000)]
fixed shared key lookup by ID
proper auth method selection

11 years agofixed auth-dialog password flush
Martin Willi [Wed, 20 Aug 2008 08:49:47 +0000 (08:49 -0000)]
fixed auth-dialog password flush

11 years agoset version back to 4.2.6
Andreas Steffen [Tue, 19 Aug 2008 18:53:15 +0000 (18:53 -0000)]
set version back to 4.2.6

11 years agofixed libstrongswan integrity test
Andreas Steffen [Tue, 19 Aug 2008 18:51:30 +0000 (18:51 -0000)]
fixed libstrongswan integrity test

11 years agocertificate based gateway authentication
Martin Willi [Tue, 19 Aug 2008 15:19:45 +0000 (15:19 -0000)]
certificate based gateway authentication
prototype PSK user authentication with auth-dialog

11 years agoupdated nm plugin to NetworkManager API changes
Martin Willi [Mon, 18 Aug 2008 11:59:19 +0000 (11:59 -0000)]
updated nm plugin to NetworkManager API changes

11 years agoroam jobs for routing table changes not fired for virtual IP routes
Martin Willi [Mon, 18 Aug 2008 11:07:26 +0000 (11:07 -0000)]
roam jobs for routing table changes not fired for virtual IP routes

11 years agodo not fire a roam job when virtual IP is deleted
Andreas Steffen [Fri, 15 Aug 2008 19:15:52 +0000 (19:15 -0000)]
do not fire a roam job when virtual IP is deleted

11 years agotemporary workaround to prevent roam jobs due to virtual IP installations
Andreas Steffen [Mon, 11 Aug 2008 19:04:48 +0000 (19:04 -0000)]
temporary workaround to prevent roam jobs due to virtual IP installations

11 years agocorrected typo
Andreas Steffen [Mon, 11 Aug 2008 18:40:22 +0000 (18:40 -0000)]
corrected typo

11 years ago * ruby extension extracted from irdumm
Tobias Brunner [Thu, 7 Aug 2008 14:56:54 +0000 (14:56 -0000)]
 * ruby extension extracted from irdumm
 * guests do not shutdown anymore on SIGINT in irb

11 years agoadded ipv6/net2net-ip6-in-ip6-ikev2 scenario
Andreas Steffen [Wed, 6 Aug 2008 20:40:14 +0000 (20:40 -0000)]
added ipv6/net2net-ip6-in-ip6-ikev2 scenario

11 years agoadd additional scenario diagrams
Andreas Steffen [Wed, 6 Aug 2008 20:35:42 +0000 (20:35 -0000)]
add additional scenario diagrams

11 years agoadded missing cleanup on failure
Tobias Brunner [Wed, 6 Aug 2008 07:31:26 +0000 (07:31 -0000)]
added missing cleanup on failure

11 years agoinitiator sends contents of rightca= if present as a certificate request without...
Andreas Steffen [Tue, 5 Aug 2008 09:05:57 +0000 (09:05 -0000)]
initiator sends contents of rightca= if present as a certificate request without searching for further CA certificates