sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-11-04 00:00:51 -05:00
Code Issues Projects Releases Wiki Activity
10,228 Commits 103 Branches 331 Tags
Commit Graph

116 Commits

Author SHA1 Message Date
Andreas Steffen
133fb74841 add dlcose strongswan.conf option to tnc-imc/tnc-imv plugins 2012-12-09 19:40:13 +01:00
Andreas Steffen
742722e2f5 updated strongswan.conf man page 2012-11-12 10:45:38 +01:00
Andreas Steffen
ffd3556bad scanner imc/imv pair uses IETF VPN PA-TNC message subtype 2012-10-31 21:58:21 +01:00
Tobias Brunner
3689f0f6cc FQDNs are actually not resolved when loading secrets 2012-10-29 10:06:43 +01:00
Tobias Brunner
2380f3a830 Added documentation for NTLM secrets 2012-10-25 09:51:47 +02:00
Martin Willi
cd844e1c97 Remove obsolete pluto smartcard syntax in ipsec.secrets.5 2012-10-24 13:07:53 +02:00
Martin Willi
f6d8fb3687 Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcards 2012-10-24 13:07:53 +02:00
Martin Willi
05e266ea9d Add leftcert ipsec.conf.5 documentation about smartcard certificates 2012-10-24 13:07:53 +02:00
Martin Willi
5b2e669ba2 Add ipsec.conf.5 documentation for explicit PRFs in IKE proposals 2012-10-24 11:49:37 +02:00
Tobias Brunner
3c4d383443 Added an option to reload certificates from PKCS#11 tokens on SIGHUP 2012-10-18 14:42:09 +02:00
Tobias Brunner
b4f6c39e55 Terminate unused resolver threads after a timeout 2012-10-18 12:26:00 +02:00
Andreas Steffen
6ab1502519 implemented os_info_t class 2012-10-10 21:54:21 +02:00
Tobias Brunner
358104a47f Added description for flush_auth_cfg and acct_port plus some minor editorial changes 2012-09-25 12:22:05 +02:00
Tobias Brunner
31990a19cc Documentation about some time values clarified 2012-09-24 16:02:03 +02:00
Tobias Brunner
e8e9048fee Added an option to configure the interface on which virtual IP addresses are installed 2012-09-21 18:16:26 +02:00
Tobias Brunner
9513225e6b Added options and a lookup function that will allow filtering of network interfaces 2012-09-21 18:16:26 +02:00
Martin Willi
55f126fd55 Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with Unity 2012-09-18 17:17:48 +02:00
Tobias Brunner
b7a500e985 Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity> 2012-09-18 14:40:41 +02:00
Tobias Brunner
bc6ec4de73 Option added to enforce a configured destination address for DHCP packets 2012-09-13 10:59:24 +02:00
Tobias Brunner
629cdca82c Updates to strongswan.conf(5) man page (added several missing options) 2012-09-12 16:53:45 +02:00
Tobias Brunner
72970b458d Some updates to ipsec.conf(5) man page 2012-09-12 16:53:45 +02:00
Tobias Brunner
f4cc7ea11b Add uniqueids=never to ignore INITIAL_CONTACT notifies 
With uniqueids=no the daemon still deletes any existing IKE_SA with the
same peer if an INITIAL_CONTACT notify is received.  With this new option
it also ignores these notifies.
 2012-09-10 17:37:18 +02:00
Martin Willi
c51af950b1 Add random plugin options to strongswan.conf.5 2012-09-10 17:07:51 +02:00
Andreas Steffen
3b51f34040 added libimcv.assessment_result to strongswan.conf man page 2012-09-09 23:50:32 +02:00
Martin Willi
1323dc1138 Merge branch 'multi-vip' 
Brings support for multiple virtual IPs and multiple pools in
left/rigthsourceip definitions. Also introduces the new left/rightdns
options to configure requested DNS server address family and respond
with multiple connection specific servers.
 2012-08-31 12:55:56 +02:00
Tobias Brunner
5f6ef5d5ce Documentation for eap-dynamic added 2012-08-31 11:42:03 +02:00
Martin Willi
26bc695806 Updated ipsec.conf.5 with multiple left/rightsourceip support 2012-08-30 16:43:45 +02:00
Martin Willi
c60f1da424 Add a description of the leftdns option to ipsec.conf.5 2012-08-21 09:38:01 +02:00
Tobias Brunner
e4ef4c9877 Merge branch 'android-ndk' 
This branch comes with some preliminary changes for the user-land IPsec
implementation and the Android App.

One important change is that the UDP ports used by the socket-default plugin
were made configurable (either via ./configure or strongswan.conf).
Also, the plugin does randomly allocate a port if it is configured to 0,
which is useful for client implementations.  A consequence of these
changes is that the local UDP port used when creating ike_cfg_t objects has
to be fetched from the socket.
 2012-08-13 10:45:39 +02:00
Tobias Brunner
9ede42e112 Documentation fixes regarding xauth-pam/eap-gtc plugins 2012-08-11 16:05:05 +02:00
Andreas Steffen
da21793679 make max_message_size parameter consistent with similar options 2012-08-09 14:11:08 +02:00
Tobias Brunner
6fbf4472ea Added option to prevent socket-default from setting the source address on outbound packets 2012-08-08 15:39:07 +02:00
Tobias Brunner
224ab4c59b socket-default plugin allocates random ports if configured to 0. 
Also added strongswan.conf options to change the ports.
 2012-08-08 15:30:27 +02:00
Tobias Brunner
56d07af3be Added ESP log group for libipsec log messages. 2012-08-08 15:12:25 +02:00
Tobias Brunner
162621ed57 Moved Android specific logger to separate plugin. 
This is mainly because the other parts of the existing android plugin
can not be built in the NDK (access to keystore and system properties are
not part of the stable NDK libraries).
 2012-08-08 15:07:43 +02:00
Martin Willi
46df61dff7 Add an ipsec.conf leftgroups2 parameter for the second authentication round 2012-07-26 11:51:58 +02:00
Andreas Steffen
be735f0148 added PA-TNC max_msg_len option to man page 2012-07-13 11:02:23 +02:00
Andreas Steffen
d7dcbc95a9 make maximum PB-TNC batch size configurable 2012-07-11 17:09:05 +02:00
Andreas Steffen
c8aabefd08 added charon.plugins.eap-tnc.protocol option 2012-07-11 17:09:05 +02:00
Andreas Steffen
4492ffc907 EAP-TNC does not support fragmentation 2012-07-11 17:09:04 +02:00
Andreas Steffen
87efdef35b configure size of ITA Dummy PA-TNC attribute 2012-07-11 17:09:04 +02:00
Andreas Steffen
3bd452f8f3 max_message_count = 0 disables limit 2012-07-11 17:09:04 +02:00
Tobias Brunner
66e12b926e Some updates in ipsec.conf(5) for 5.0.0 2012-06-26 12:39:53 +02:00
Andreas Steffen
c38d6905a2 added charon.cisco_unity to strongswan.conf.5 man page 2012-06-25 11:47:40 +02:00
Andreas Steffen
2045a9d36d added secret as valid authby argument 2012-06-18 22:11:18 +02:00
Martin Willi
7c4214bd38 Add documentation for signature hash algorithm enforcing to man ipsec.conf 2012-06-12 15:01:39 +02:00
Tobias Brunner
95e41fb80a starter: Drop support for %defaultroute. 2012-06-11 17:33:29 +02:00
Tobias Brunner
60c82591c5 Retry IKE_SA initiation if DNS resolution failed. 
This is disabled by default and can be enabled with the
charon.retry_initiate_interval option in strongswan.conf.
 2012-05-30 15:32:52 +02:00
Tobias Brunner
18dac73f02 Updated ipsec.conf(5) to reflect changes to IPComp support. 2012-05-24 15:32:28 +02:00
Martin Willi
b24be29646 Merge branch 'ikev1' 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/encoding/generator.c
	src/libcharon/encoding/payloads/notify_payload.c
	src/libcharon/encoding/payloads/notify_payload.h
	src/libcharon/encoding/payloads/payload.c
	src/libcharon/network/receiver.c
	src/libcharon/sa/authenticator.c
	src/libcharon/sa/authenticator.h
	src/libcharon/sa/ikev2/tasks/ike_init.c
	src/libcharon/sa/task_manager.c
	src/libstrongswan/credentials/auth_cfg.c
 2012-05-02 11:12:31 +02:00