sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-05 00:00:45 -04:00
Code Issues Projects Releases Wiki Activity
10,882 Commits 101 Branches 327 Tags
Commit Graph

52 Commits

Author SHA1 Message Date
Martin Willi
e82deaf6ce Merge branch 'multi-cert' 
Allows the configuration of multiple certificates in leftcert, and select
the correct certificate to use based on the received certificate requests.
 2013-03-01 11:35:32 +01:00
Martin Willi
a36b49f3cb Merge branch 'opaque-ports' 
Adds a %opaque port option and support for port ranges in left/rightprotoport.
Currently not supported by any of our kernel backends.
 2013-03-01 11:27:12 +01:00
Martin Willi
0abeac3a0b Document ipsec.conf leftprotoport extensions in manpage 2013-02-21 11:52:33 +01:00
Martin Willi
88f4cd3988 Add ikedscp documentation to ipsec.conf.5 2013-02-06 15:42:14 +01:00
Martin Willi
11a7abf554 Add ipsec.conf.5 updates regarding multiple certificates in leftcert 2013-01-18 09:33:15 +01:00
Tobias Brunner
365d9a6f67 Added an option that allows to force IKEv1 fragmentation 2013-01-12 11:54:32 +01:00
Tobias Brunner
97973f8609 Use a connection specific option to en-/disable IKEv1 fragmentation 2012-12-24 13:00:01 +01:00
Martin Willi
f6d8fb3687 Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcards 2012-10-24 13:07:53 +02:00
Martin Willi
05e266ea9d Add leftcert ipsec.conf.5 documentation about smartcard certificates 2012-10-24 13:07:53 +02:00
Martin Willi
5b2e669ba2 Add ipsec.conf.5 documentation for explicit PRFs in IKE proposals 2012-10-24 11:49:37 +02:00
Martin Willi
55f126fd55 Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with Unity 2012-09-18 17:17:48 +02:00
Tobias Brunner
b7a500e985 Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity> 2012-09-18 14:40:41 +02:00
Tobias Brunner
72970b458d Some updates to ipsec.conf(5) man page 2012-09-12 16:53:45 +02:00
Tobias Brunner
f4cc7ea11b Add uniqueids=never to ignore INITIAL_CONTACT notifies 
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received.  With this new option
it also ignores these notifies.
 2012-09-10 17:37:18 +02:00
Martin Willi
1323dc1138 Merge branch 'multi-vip' 
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
 2012-08-31 12:55:56 +02:00
Tobias Brunner
5f6ef5d5ce Documentation for eap-dynamic added 2012-08-31 11:42:03 +02:00
Martin Willi
26bc695806 Updated ipsec.conf.5 with multiple left/rightsourceip support 2012-08-30 16:43:45 +02:00
Martin Willi
c60f1da424 Add a description of the leftdns option to ipsec.conf.5 2012-08-21 09:38:01 +02:00
Tobias Brunner
56d07af3be Added ESP log group for libipsec log messages. 2012-08-08 15:12:25 +02:00
Martin Willi
46df61dff7 Add an ipsec.conf leftgroups2 parameter for the second authentication round 2012-07-26 11:51:58 +02:00
Tobias Brunner
66e12b926e Some updates in ipsec.conf(5) for 5.0.0 2012-06-26 12:39:53 +02:00
Andreas Steffen
2045a9d36d added secret as valid authby argument 2012-06-18 22:11:18 +02:00
Martin Willi
7c4214bd38 Add documentation for signature hash algorithm enforcing to man ipsec.conf 2012-06-12 15:01:39 +02:00
Tobias Brunner
95e41fb80a starter: Drop support for %defaultroute. 2012-06-11 17:33:29 +02:00
Tobias Brunner
18dac73f02 Updated ipsec.conf(5) to reflect changes to IPComp support. 2012-05-24 15:32:28 +02:00
Martin Willi
b24be29646 Merge branch 'ikev1' 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/encoding/generator.c
	src/libcharon/encoding/payloads/notify_payload.c
	src/libcharon/encoding/payloads/notify_payload.h
	src/libcharon/encoding/payloads/payload.c
	src/libcharon/network/receiver.c
	src/libcharon/sa/authenticator.c
	src/libcharon/sa/authenticator.h
	src/libcharon/sa/ikev2/tasks/ike_init.c
	src/libcharon/sa/task_manager.c
	src/libstrongswan/credentials/auth_cfg.c
 2012-05-02 11:12:31 +02:00
Andreas Steffen
0293f09597 updated supported EAP methods 2012-03-30 11:15:10 +02:00
Martin Willi
b1f2f05c92 Merge branch 'ikev1-clean' into ikev1-master 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/daemon.c
	src/libcharon/plugins/eap_ttls/eap_ttls_peer.c
	src/libcharon/plugins/eap_radius/eap_radius_accounting.c
	src/libcharon/plugins/eap_radius/eap_radius_forward.c
	src/libcharon/plugins/farp/farp_listener.c
	src/libcharon/sa/ike_sa.c
	src/libcharon/sa/keymat.c
	src/libcharon/sa/task_manager.c
	src/libcharon/sa/trap_manager.c
	src/libstrongswan/plugins/x509/x509_cert.c
	src/libstrongswan/utils.h

Applied lost changes of moved files keymat.c and task_manager.c.
Updated listener_t.message hook signature in new plugins.
 2012-03-20 17:57:53 +01:00
Martin Willi
75e3d90d43 Updated ipsec.conf man page for the use of IKEv1 with pluto 2012-03-20 17:31:39 +01:00
Martin Willi
c8d46f2959 Dropped support of deprecated authby=eap and eap= options 2012-03-20 17:31:38 +01:00
Tobias Brunner
54d096a712 Added ASN debug group to log low-level encoding/decoding (ASN.1, X.509). 
This will allow us to remove quite some clutter from the LIB debug group
for higher debug levels.
 2011-12-16 16:44:38 +01:00
Tobias Brunner
49b44c98c1 Charon also supports type=passthrough|drop. 2011-12-14 19:01:39 +01:00
Tobias Brunner
b768d6a4a5 Documented xauth_identity in ipsec.conf(5) man page. 2011-12-14 18:04:39 +01:00
Tobias Brunner
de13eab0e6 Documented the strict flag (!) for ike and esp options in ipsec.conf. 2011-09-26 17:51:53 +02:00
Tobias Brunner
7213abcbfb PTS log group documented in man pages. 2011-09-12 15:07:20 +02:00
Tobias Brunner
5b217e4994 Document charon's default log levels in ipsec.conf(5). 2011-09-12 15:07:20 +02:00
Tobias Brunner
f3bb1bd039 Fixed common misspellings. 
Mostly found by 'codespell'.
 2011-07-20 16:14:10 +02:00
Martin Willi
4876f896a4 Added documentation and NEWS for closeaction 2011-06-07 12:07:22 +02:00
Tobias Brunner
bf870ffbe7 Default value for keyingtries documented properly. 2011-05-31 09:03:23 +02:00
Tobias Brunner
bf3c371531 Note about certificates added to CA section in ipsec.conf man page. 2011-05-05 10:30:51 +02:00
Martin Willi
378219546c Updated ipsec.conf.5 with new ESN options 2011-04-20 12:26:58 +02:00
Tobias Brunner
84545f6e7c Some typos fixed. 2011-02-07 11:39:41 +01:00
Martin Willi
44e513a320 Added support for trustchain key strength checking to rightauth option 2011-01-07 15:51:35 +01:00
Martin Willi
6367de28ad Added a left/rightcertpolicy keyword to specify certificatePolicy requirements 2011-01-07 15:51:35 +01:00
Martin Willi
6c302616f1 Added a tfc ipsec.conf keyword to control Traffic Flow Confidentiality 2010-12-20 09:45:39 +01:00
Tobias Brunner
a5477a6fa3 Changed some minor stuff in ipsec.conf(5) man page. 
Also added some "links" to strongswan.conf(5).
 2010-10-19 17:18:30 +02:00
Tobias Brunner
6bcf6016e6 Added accepted values to all options in ipsec.conf(5) man page. 2010-10-19 17:16:07 +02:00
Tobias Brunner
a6f8100812 Removed unsupported options from ipsec.conf(5) man page. 2010-10-19 17:06:57 +02:00
Tobias Brunner
8207a74200 Fixed SEE ALSO references in main man pages. 2010-10-19 10:53:54 +02:00
Tobias Brunner
9f8ceffbd9 Added notes about expiry and rekey to ipsec.conf(5) man page. 2010-10-19 10:53:54 +02:00