aboutsummaryrefslogtreecommitdiff
path: root/net/strongswan/Makefile
Commit message (Collapse)AuthorAge
* strongswan: fix local_gateway discoveryPhilip Prindeville2021-02-16
| | | | | | | | | | | | | | | This has been observed by myself and @luizluca: ip route get is appending uid0 to the output, as seen from: root@OpenWrt2:~# ip route get 1.1.1.1 1.1.1.1 via 174.27.160.1 dev eth3 src 174.27.182.184 uid 0 cache root@OpenWrt2:~# so the fix is an anchored match, discarding all else. Also, using ip -o means never having to do multiline matches... Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: include /etc/swanctl/conf.d/ directoryPhilip Prindeville2021-02-08
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: bump to 5.9.1Stijn Tintel2020-11-30
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.9.0Stijn Tintel2020-09-02
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.8.4Stijn Tintel2020-05-08
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: move ipsec.* to strongswan-ipsecStijn Tintel2020-03-30
| | | | | | | | | | | When building with strongswan-ipsec disabled, strongswan fails to build because the ipsec.conf file does not exist. Fix this by moving the ipsec.* files and directories to the strongswan-ipsec package. Closes #10879 while keeping ipsec.conf to avoid breaking existing setups, as opposed to #11709. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: add conffiles for swanctl utilSven Roederer2020-03-25
| | | | | Add a conffiles-section for the /etc/swanctl folder, which is used by the swanctl util. This will keep the configfiles during an sysupgrade. Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
* strongswan: bump to 5.8.2Stijn Tintel2020-01-17
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* treewide: add PKG_CPE_ID for better cvescanner coverageJan Pavlinec2019-09-17
| | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* strongswan: bump to 5.8.1Stijn Tintel2019-09-16
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* treewide: Change .*GPL.*+ licenses to SPDX compatible identifierSven Eckelmann2019-09-10
| | | | | | | | The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL licenses. But a lot of packages did use a different, non-SPDX style with a "+" at the end instead of "-or-later". Signed-off-by: Sven Eckelmann <sven@narfation.org>
* strongswan: update to 5.8.0Lucian Cristian2019-05-23
| | | | Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* strongswan: collapse menu itemsMoritz Warning2019-03-27
| | | | Signed-off-by: Moritz Warning <moritzwarning@web.de>
* strongswan: bump to 5.7.2Stijn Tintel2019-01-02
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.7.1Stijn Tintel2018-10-19
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.7.0Stijn Tintel2018-10-07
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: backport upstream fixes for CVEs in gmp pluginMagnus Kroken2018-10-06
| | | | | | | | | | | | | This fixes: * CVE-2018-16151 * CVE-2018-16152 * CVE-2018-17540 Details: https://strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html https://strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* Merge pull request #6423 from micmac1/strongswan-uclibc-iconvStijn Tintel2018-08-02
|\ | | | | strongswan: fix uclibc build issue
| * strongswan: include nls.mk for mysql pluginSebastian Kemper2018-07-13
| | | | | | | | | | | | ibmariadb 10.2 needs to be linked in together with iconv. Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* | strongswan: add openwrt hotplug script handlingFlorian Eckert2018-07-16
|/ | | | | | | | Ipsec user script (/etc/ipsec.user) now get called indirectly by openwrt "/sbin/hotplug-call". So other packages could also install their scripts in "/etc/hotplug.d/ipsec". Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* strongswan: bump to 5.6.3Stijn Tintel2018-05-28
| | | | | | | | Fixes the following CVEs: - CVE-2018-5388 - CVE-2018-10811 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.6.2Stijn Tintel2018-02-27
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: add interface uci listHans Dedecker2017-12-13
| | | | | | | | | | | | | The interface config option allows users to configure logical OpenWRT interface names in the ipsec section; it allows StrongSwan to listen and send traffic on specified interface(s). It translates to interfaces_use StrongSwan option which is a comma sepearted list of network devices that should be used by charon. Since StrongSwan can only be started when one of the specified logical OpenWRT interface is up procd interface triggers are installed to trigger the reload script. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* strongswan: bump to 5.6.1Stijn Tintel2017-11-30
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.6.0Stijn Tintel2017-08-28
| | | | | | Fixes CVE-2017-11185. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: add charon-cmd utilityStijn Tintel2017-08-07
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: add missing charon config filesStijn Tintel2017-08-07
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: add swanctl utilityStijn Tintel2017-08-07
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: add vici pluginStijn Tintel2017-08-07
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: rename -utils to -ipsecStijn Tintel2017-08-07
| | | | | | | Since the strongswan-utils package now only contains the aging ipsec utility, rename it to strongswan-ipsec. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: split scepclient into separate packageStijn Tintel2017-08-07
| | | | | | | | | | | | We currently include the SCEP client in strongswan-utils, which is a dependency of the strongswan-default meta-package. As it's generally not recommended to generate keys on embedded devices due to lack of entropy, move the SCEP client to a separate package, and only depend on it in the strongswan-full meta-package. While at it, add scepclient.conf to the package. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: split PKI tool into separate packageStijn Tintel2017-08-07
| | | | | | | | | | | | We currently include the PKI tool in strongswan-utils, which is a dependency of the strongswan-default meta-package. As it's generally not recommended to generate keys on embedded devices due to lack of entropy, move the PKI tool to a separate package, and only depend on it in the strongswan-full meta-package. While at it, add pki.conf to the package. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: fix typoStijn Tintel2017-05-30
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: add curve25519 pluginStijn Tintel2017-05-30
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.5.3Stijn Tintel2017-05-30
| | | | | | Fixes CVE-2017-9022, CVE-2017-9023. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.5.2Stijn Tintel2017-04-26
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* Merge pull request #3585 from dedeckeh/strongswan_uciStijn Tintel2017-03-09
|\ | | | | strongswan: UCI support
| * strongswan: uci config supportHans Dedecker2017-01-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support to configure strongswan via uci. uci support is based on the following sections -ipsec : Global config items belonging in the strongswan.conf file -remote : Defines the remote peer(s) -tunnel : Defines the IPSec connections in tunnel mode -transport : Defines the IPSec connections in transport mode -crypto_proposal : Defines the different crypto proposals Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com> Signed-off-by: Gino Peeters <peeters.gino@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* | strongswan: enable IKEv2 Mediation ExtensionStijn Tintel2017-01-30
|/ | | | | | Closes #3905. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: take over maintainershipStijn Tintel2016-10-31
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.5.1Stijn Tintel2016-10-31
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: preserve /etc/strongswan.d during upgradeStijn Tintel2016-10-31
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.5.0 (#2976)Stijn Tintel2016-07-18
| | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: bump to 5.4.0Stijn Tintel2016-07-06
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: add forecast pluginStijn Tintel2016-07-06
| | | | | | Closes #1868. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: fix alignment in connmark pluginStijn Tintel2016-07-06
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* strongswan: run sleep with integer argumentStijn Tintel2016-07-06
| | | | | | | | | | | | The default busybox config used by OpenWrt does not enable floating point number support for the sleep applet. This can cause an error when stopping or restarting strongswan: sleep: invalid number '0.1' Replace the float with an integer to fix this. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* net: Fix typos (found by codespell)Stefan Weil2016-04-10
| | | | Signed-off-by: Stefan Weil <sw@weilnetz.de>
* strongswan: bump to 5.3.5Steven Barth2016-01-20
| | | | Signed-off-by: Steven Barth <steven@midlink.org>
* strongswan: preserve /etc/ipsec.d during upgradeStijn Tintel2016-01-19
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Powered by cgit, Themed by Ted Yin.