sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-06 00:00:47 -04:00
Code Issues Projects Releases Wiki Activity
9,119 Commits 101 Branches 327 Tags
Commit Graph

9119 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
7beb31aae4 Fixed IPv6 source address lookup 
Because Linux kernels prior to 3.0 do not support RTA_PREFSRC for
IPv6 routes we didn't use NLM_F_DUMP to get all routes.
Still routes installed with policies are installed also for IPv6.
So since only one route is returned without DUMP, and we ignore
all routes from our own routing table, no source address was found
during roaming if DST of the installed route included the IKE peer.

With newer kernels we can now use DUMP as we did for IPv4 already,
for older kernels we do so if our own routes are installed in a
separate routing table, otherwise we still use GET.
 2012-06-25 16:29:59 +02:00
Andreas Steffen
5d476b4266 updated default configuration of UML hosts to 5.0.0 2012-06-25 13:04:55 +02:00
Andreas Steffen
c38d6905a2 added charon.cisco_unity to strongswan.conf.5 man page 2012-06-25 11:47:40 +02:00
Andreas Steffen
554a697a84 support Cisco Unity VID 2012-06-25 11:09:06 +02:00
Tobias Brunner
720ba902c5 Enable xauth-generic by default but don't build it if IKEv1 is disabled 2012-06-25 11:07:49 +02:00
Tobias Brunner
2e4c807bf3 Remove CREDITS from distribution 2012-06-25 11:07:35 +02:00
Tobias Brunner
20bda203f9 The AUTHORS file is required by automake 2012-06-25 10:59:27 +02:00
Tobias Brunner
d50b9be571 LICENSE file updated 2012-06-25 10:52:16 +02:00
Tobias Brunner
c236f19e50 ldaphost and ldapbase ca section keywords are deprecated 2012-06-25 10:52:16 +02:00
Tobias Brunner
693805cc98 Removed pluto-specifics from ipsec script 2012-06-25 10:52:16 +02:00
Tobias Brunner
f5a3b95a39 README file cleaned up and updated 2012-06-25 10:52:16 +02:00
Martin Willi
0ba1ddaa24 Enforce uniqueids=keep based on XAuth identity 2012-06-25 10:18:35 +02:00
Martin Willi
f145ea29e0 Don't send XAUTH_OK if a hook prevents SA to establish 2012-06-25 10:18:35 +02:00
Martin Willi
0c32b9c62f Enforce uniqueids=keep only for non-XAuth Main/Agressive Modes 2012-06-25 10:18:35 +02:00
Martin Willi
dd1381e7d3 Show EAP/XAuth identity in "ipsec status", if available 2012-06-25 10:18:35 +02:00
Martin Willi
0fbfcf2a3a Use XAuth/EAP remote identity for uniqueness check 2012-06-25 10:18:34 +02:00
Martin Willi
de5e8fb4e0 Add missing XAuth name variable when complaining about missing XAuth backend 2012-06-25 10:09:27 +02:00
Andreas Steffen
f84180bb89 removed AUTHORS and CREDITS 2012-06-25 08:45:10 +02:00
Andreas Steffen
a7b8e380dc some copyright additions 2012-06-23 12:09:29 +02:00
Andreas Steffen
e398dfb4c3 update copyright 2012-06-23 11:57:42 +02:00
Andreas Steffen
83c75fd10f version bump to 5.0.0 2012-06-23 11:32:54 +02:00
Tobias Brunner
e91157a4b6 Fix SIGSEGV if kernel install fails during Quick Mode as responder. 2012-06-22 11:34:38 +02:00
Andreas Steffen
fc16296391 adapted description to IKEv2 2012-06-22 09:53:37 +02:00
Tobias Brunner
aa8898bc45 Fixed compile error because of charon->name in certexpire plugin. 2012-06-21 13:59:18 +02:00
Andreas Steffen
bf577b6714 fixed typo 2012-06-20 11:15:09 +02:00
Andreas Steffen
0802b8359e added ipv6/rw-ip6-in-ip4-ikev1 scenario 2012-06-20 11:13:20 +02:00
Andreas Steffen
36988a0a37 added ipv6/rw-ip6-in-ip4-ikev2 scenario 2012-06-20 11:03:51 +02:00
Martin Willi
e2dd114f37 Select requested virtual IP family based on remote TS, if no local TS available 2012-06-20 10:02:01 +02:00
Andreas Steffen
f2fc138e8e upgraded UML options to 5.0.0 2012-06-19 19:34:26 +02:00
Tobias Brunner
5d227c79a9 Doxygen fix in PKCS#7 wrapper 2012-06-19 13:32:59 +02:00
Andreas Steffen
87f8ff168b sleep one second more 2012-06-19 06:18:05 +02:00
Andreas Steffen
e4012ae386 use socket-default in scenario 2012-06-19 06:17:37 +02:00
Andreas Steffen
bc60bb8bf4 added ikev1/xauth-id-rsa-hybrid scenario 2012-06-18 22:51:50 +02:00
Andreas Steffen
771a66c6a0 added ikev1/xauth-id-rsa-aggressive scenario 2012-06-18 22:30:26 +02:00
Andreas Steffen
2045a9d36d added secret as valid authby argument 2012-06-18 22:11:18 +02:00
Andreas Steffen
8b8f5c6141 rsasig is not recognized as authentication method 2012-06-18 22:03:36 +02:00
Andreas Steffen
49d18a8e06 enable potentially unsafe aggressive mode 2012-06-18 21:34:48 +02:00
Andreas Steffen
7a892288fb change ikev1/xauth scenarios to modern notation 2012-06-18 21:22:01 +02:00
Tobias Brunner
6d3702ed61 testing: List IPv6 routing table in IPv6 test cases. 2012-06-15 16:46:27 +02:00
Tobias Brunner
5c1332bf7c NLM_F_DUMP includes NLM_F_ROOT. 2012-06-15 16:46:27 +02:00
Tobias Brunner
8ec51f83e5 Don't create roam jobs based on cached/cloned routes. 2012-06-15 16:44:18 +02:00
Tobias Brunner
9896b6bd58 Don't compare ports when comparing cached routes. 
At least src_ip has a port set sometimes.
 2012-06-15 16:44:07 +02:00
Tobias Brunner
31bcaf604a starter: Fixed parsing of %defaultroute. 2012-06-15 10:46:56 +02:00
Martin Willi
af518b450e Adopt children as XAuth initiator (which is IKE responder) 2012-06-14 14:49:19 +02:00
Martin Willi
794cdbc53f Added 5.0 NEWS about IKEv1 in charon 2012-06-14 10:57:29 +02:00
Martin Willi
e36497700c Print the kind of *Swan during starter startup 2012-06-14 10:25:48 +02:00
Martin Willi
137035cc78 Show what kind of *Swan we run in "ipsec status" 2012-06-14 10:25:48 +02:00
Martin Willi
b31a56f128 Require a scary option to respond to Aggressive Mode PSK requests 
While Aggressive Mode PSK is widely used, it is known to be subject
to dictionary attacks by passive attackers. We don't complain as
initiator to be compatible with existing (insecure) setups, but
require a scary strongswan.conf option if someone wants to use it
as responder.
 2012-06-14 10:25:48 +02:00
Andreas Steffen
e49f18f74d thanks to narrowing treat right|leftsubnetwithin as synonyms for right|leftsubnet 2012-06-14 07:55:12 +02:00
Andreas Steffen
daa857029f removed plutostart parameter 2012-06-13 21:19:05 +02:00