aboutsummaryrefslogtreecommitdiff
path: root/net/strongswan/files/swanctl.init
Commit message (Collapse)AuthorAge
* strongswan: Add missing declarations in swanctlPhilip Prindeville2024-05-06
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: trigger reload when interfaces are specifiedJoel Low2023-12-18
| | | | | | | | | | Fixes #20848 Add interface triggers if interfaces to listen to are specified in `/etc/config/ipsec`. This fixes the "running with no instances" scenario after rebooting a router. Signed-off-by: Joel Low <joel@joelsplace.sg>
* strongswan: swanctl: add support for replay windowTiago Gaspar2023-11-17
| | | | | | Add support for replay window configuration in UCI. Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
* strongswan: make parsing more consistentPhilip Prindeville2023-06-15
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: local_gateway unused in swanctl.initPhilip Prindeville2023-04-22
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: add support for remote cacertsGlen Huang2023-04-10
| | | | Signed-off-by: Glen Huang <me@glenhuang.com>
* strongswan: add support for pools sectionGlen Huang2023-04-10
| | | | Signed-off-by: Glen Huang <me@glenhuang.com>
* strongswan: simplify indentationPhilip Prindeville2023-03-26
| | | | | | Allow passing multiple config lines with the same indent level. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Fix indent for hw_offload, interface, priorityPhilip Prindeville2023-03-26
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: Fix PSK's when using multiple connectionsPhilip Prindeville2022-11-08
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: support child rekey by bytes and packetsJoel Low2022-05-09
| | | | | | | This adds support for the child SA to be rekeyed through the byte/packet threshold. The default is blank (which disables the byte/packet thresholds). Signed-off-by: Joel Low <joel@joelsplace.sg>
* strongswan: add priority optionPhilip Prindeville2021-06-27
| | | | | | Also from Vincent Wiemann <vincent.wiemann@ironai.com>. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: add ipcomp supportPhilip Prindeville2021-06-27
| | | | | | Also from Vincent Wiemann <vincent.wiemann@ironai.com>. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: add interface option for childrenPhilip Prindeville2021-06-27
| | | | | | | | This option sets the interface of the policy. Also from Vincent Wiemann <vincent.wiemann@ironai.com>. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: add support for hw_offloadPhilip Prindeville2021-06-27
| | | | | | Also from Vincent Wiemann <vincent.wiemann@ironai.com>. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: miscellaneous cleanup of config file, etcPhilip Prindeville2021-06-27
| | | | | | | | | | | | | | | | | Use list's where appropriate for multi-value config variables. Forbid absolute/relative paths for certificate and key files. Get rid of last remnants of left/right naming. Factor invariant code paths. Drop redundant secrets.rsa.filename section. Thanks to Vincent Wiemann <vincent.wiemann@ironai.com> for calling out many of these improvements. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: rename config functionsPhilip Prindeville2021-06-27
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: fix PSK config generationVincent Wiemann2021-06-18
| | | | | | | There were closing curly braces missing and it was checking for empty strings while it should have been checking for non-empty strings. Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com>
* strongswan: fix sharing of ipsec section variablesPhilip Prindeville2021-06-17
| | | | | | | | | | Variables set in config_ipsec() need to be shared with do_postamble() function, so change scoping to parent (prepare_env()). Also, remove unused settings like "remote_sourceip", "reqid", and "packet_marker". Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: start charon directly from swanctlPhilip Prindeville2021-06-02
| | | | | | | | | | | ipsec uses starter, and reads /etc/ipsec.conf (which then includes /var/ipsec/ipsec.conf, etc). This is overly complicated, and can be problematic if you're using both swanctl and ipsec for migration. Running charon directly from procd via the init.d script avoid all of this. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: swanctl init script doesn't load connectionsPhilip Prindeville2021-05-05
| | | | | | Fixes issue #15446 Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: handle chacha20poly1305 as AEADPhilip Prindeville2021-04-13
| | | | | | | | | chacha20policy1305 is also an AEAD cipher, and hence does not permit a hash algorithm. Fixes issue #15397. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: fail on serious configuration errorsPhilip Prindeville2021-04-13
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: drop subshell when possiblePhilip Prindeville2021-04-13
| | | | | | | A subshell caused by $(...) can't persistently modify globals as a side-effect. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* strongswan: migrate to swanctl configsPhilip Prindeville2021-04-04
Derived from the ipsec initd script, with the following changes: (1) various code improvements, corrections (get rid of left/right updown scripts, since there's only one), etc; (2) add reauth and fragmentation parameters; (3) add x.509 certificate-based authentication; and other minor changes. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Powered by cgit, Themed by Ted Yin.