Activity
From 16.02.2010 to 17.03.2010
Today
- 18:51 Revision f0da32c5: Introduced ipsec.conf NTLM keyword for NT hashes
- Introduced ipsec.conf NTLM keyword for NT hashes
- 18:50 Revision a7fb418e: EAP-MSCHAPv2 can use stored NT hashes in addition to plaintext passwords
- EAP-MSCHAPv2 can use stored NT hashes in addition to plaintext passwords
- 10:08 Revision d266e895: lookup exclusion for several arbitrary routing tables
- lookup exclusion for several arbitrary routing tables
16.03.2010
- 17:31 Revision 228d7fa5: Do not indent the source file lists in Android.mk files so we can easily compa...
- Do not indent the source file lists in Android.mk files so we can easily compare them to the lists in the Makefile.am...
- 17:20 Revision 2a5b580d: Use wildcards to gather plugin source files.
- Use wildcards to gather plugin source files.
- 17:18 Revision 04d31a38: Adding support for the build of libcharon (and charon) on Android.
- Adding support for the build of libcharon (and charon) on Android.
- 12:42 Revision 7b1fc2f7: Fixing a compiler warning when building with -Wextra.
- Fixing a compiler warning when building with -Wextra.
- 11:06 Revision b9633887: Do not link libcharon to libstrongswan.
- Do not link libcharon to libstrongswan.
Linking to libstrongswan breaks the integrity-tests because libtool
relinks ... - 11:05 Revision d7f7ed5e: Explicitly link charon to libstrongswan.
- Explicitly link charon to libstrongswan.
Also fixed the reference to the pthread library. - 10:49 Revision a29e6c90: Don't indirectly link dependent libraries.
- Don't indirectly link dependent libraries.
The default behaviour for ld allows users to 'indirectly' link to require...
15.03.2010
- 15:13 Revision a3316c2b: setting the two most significant bits assures an RSA modulus of maximum bit size
- setting the two most significant bits assures an RSA modulus of maximum bit size
14.03.2010
- 19:41 Revision c0df187c: we don't accept a serial number with leading zeroes
- we don't accept a serial number with leading zeroes
12.03.2010
- 17:38 Revision e03cb882: Convert charon into libcharon.
- Convert charon into libcharon.
- 17:38 Revision fed653fa: Replacing the original charon with a small wrapper around libcharon.
- Replacing the original charon with a small wrapper around libcharon.
- 17:38 Revision 6c9ffe7f: Make integrity tests compatible with libcharon.
- Make integrity tests compatible with libcharon.
This does currently not work because libtool relinks libcharon on
in... - 17:38 Revision 358595db: Moving charon to libcharon.
- Moving charon to libcharon.
- 17:34 Revision d5f1b9b3: Reordered the name and sname construction.
- Reordered the name and sname construction.
- 17:28 Revision 01b87c2b: Fixed a bug in pluto's x509 handling.
- Fixed a bug in pluto's x509 handling.
This bug would have lead to a segmentation fault, if no public key could
have ... - 03:29 Revision 4cedab5a: deleted old strongSwan VIDs
- deleted old strongSwan VIDs
11.03.2010
- 21:53 Revision 0ef84e5e: enable build of socket-default plugin
- enable build of socket-default plugin
- 21:32 Revision 44f10247: mixed IKEv1/IKEv2 scenarios require socket-raw
- mixed IKEv1/IKEv2 scenarios require socket-raw
- 10:51 Revision 520f6b84: Added a very minimalistic SMTP client to send mails via a local Exim
- Added a very minimalistic SMTP client to send mails via a local Exim
- 08:52 Revision 0fa7d1ab: Do not disable the default-socket if it was enabled explicitly
- Do not disable the default-socket if it was enabled explicitly
- 08:50 Revision 81e9e759: Set a xy_given variable for a --enable/disable-xy option
- Set a xy_given variable for a --enable/disable-xy option
This additional variable allows a check if an option was
ex...
10.03.2010
- 15:09 Revision a3920abb: Add a getter for the HTTP referer
- Add a getter for the HTTP referer
- 10:46 Revision d12ad474: fix 64bit issue with time_t from database
- fix 64bit issue with time_t from database
09.03.2010
- 17:43 Revision a5166b16: Adding socket-default to the plugin list in all test cases.
- Adding socket-default to the plugin list in all test cases.
- 17:15 Revision 908d5717: Provide the Diffie Hellman parameters from a central location, so that we do n...
- Provide the Diffie Hellman parameters from a central location, so that we do not have to replicate them in every plug...
08.03.2010
- 17:21 Revision 38031382: Adding the OpenSSL plugin to the Android build.
- Adding the OpenSSL plugin to the Android build.
- 15:34 Revision 16c8442a: Fixing integrity tests after renaming the plugin constructors.
- Fixing integrity tests after renaming the plugin constructors.
- 15:34 Revision d14203b0: Replaced the deprecated RSA_generate_key with RSA_generate_key_ex.
- Replaced the deprecated RSA_generate_key with RSA_generate_key_ex.
- 15:34 Revision d543d9ca: Adding a helper function that translates single characters in a string.
- Adding a helper function that translates single characters in a string.
- 13:16 Revision 40f130da: Implemented the PRF_KEYED_SHA1 algorithm in the openssl plugin
- Implemented the PRF_KEYED_SHA1 algorithm in the openssl plugin
- 09:36 Revision 33e4ee59: Removed accidentally commited files from tree, ignore tarballs and patches
- Removed accidentally commited files from tree, ignore tarballs and patches
07.03.2010
- 21:11 Revision 31bd75ec: removed unwanted commits
- removed unwanted commits
- 20:51 Revision ceeb9bac: critical keyUsage extension must be parsed
- critical keyUsage extension must be parsed
- 17:52 Revision 469d4483: recognize strongSwan VID
- recognize strongSwan VID
- 17:27 Revision 1ec8f22d: set Certificate Sign and CRL Sign flags in keyUsage extension if CA is true
- set Certificate Sign and CRL Sign flags in keyUsage extension if CA is true
05.03.2010
- 14:59 Revision 3bcfb271: Make Android.mk depend on configure.in, so it gets rebuilt if the version numb...
- Make Android.mk depend on configure.in, so it gets rebuilt if the version number got changed.
- 14:59 Revision d6731a0f: parser.l includes y.tab.h, so it must be built first
- parser.l includes y.tab.h, so it must be built first
- 14:47 Revision de64e216: Ignore the generated Android.mk
- Ignore the generated Android.mk
- 14:47 Revision 73f5940b: Ignore the generated y.output.
- Ignore the generated y.output.
- 14:47 Revision 551b0202: Do not hardcode the path to the strongSwan sources.
- Do not hardcode the path to the strongSwan sources.
- 14:46 Revision 807c12ce: Generate the main Android.mk, so the version number is not hardcoded.
- Generate the main Android.mk, so the version number is not hardcoded.
We include the generated file in the distribut... - 11:05 Revision 0ace3528: Build libstrongswan before building any plugins during the non-monolithic buil...
- Build libstrongswan before building any plugins during the non-monolithic build (as it was before).
- 08:59 Bug #110 (Closed): disabling stroke compile error
> I.e., tools depends on stroke.
No, tools depends on libfreeswan. This dependency was missing, fixed with commi...- 08:52 Revision 23763c2c: scepclient still depends on libfreeswan
- scepclient still depends on libfreeswan
04.03.2010
- 17:22 Bug #83: auto=route fails to establish in transport mode
- I've retested above cases using strongswan-4.3.4 (with increased netlink response buffer
patch from git) and kernel ... - 15:13 Bug #110: disabling stroke compile error
- disabling pluto, tools and stroke results in no /usr/sbin/ipsec file.
I was hoping to be able to still start charon... - 14:06 Bug #110 (Closed): disabling stroke compile error
- --disable-stroke option is a show stopper.
I'm trying to minimize the footprint as I intend to use strongSwan on ... - 08:44 Revision 3eb633e1: Remove the invalid cast in time() parameter, as reported by Marius Tomaschewski.
- Remove the invalid cast in time() parameter, as reported by Marius Tomaschewski.
03.03.2010
- 17:37 Revision f9622e8c: Disabling warnings about arithmethic with void* on Android.
- Disabling warnings about arithmethic with void* on Android.
- 17:35 Revision ea2f2c4b: Fixing a bug on platforms where size_t is unsigned.
- Fixing a bug on platforms where size_t is unsigned.
- 17:34 Revision 465ccdc8: The parsed timeval is unsigned.
- The parsed timeval is unsigned.
- 17:34 Revision fc1afcc8: The return value of snprintf is int not size_t.
- The return value of snprintf is int not size_t.
- 16:53 Revision d0230850: Add braces around empty body in if statement
- Add braces around empty body in if statement
- 16:44 Bug #108: V 4.3.6 'responding to Quick Mode' causing INVALID_HASH_INFORMATION
- It's line 5079 in function quick_inI1_outR1_tail() that seems to be the problem:
nat_traversal_add_natoa(ISAKMP_NEX... - 15:59 Revision a5a4b6c9: Added charon.send/receive_delay options to simulate different RTTs
- Added charon.send/receive_delay options to simulate different RTTs
- 15:52 Revision 24f058ac: Migrated receiver_t to METHOD/INIT macros
- Migrated receiver_t to METHOD/INIT macros
- 15:46 Revision eb1aa4c5: Migrated sender_t to METHOD/INIT macros
- Migrated sender_t to METHOD/INIT macros
- 14:39 Bug #107: Unencrypted L2TP packets
- Changed source in ./pluto/connections.c according to my last update:
function find_client_connection()
line 3897, ... - 12:29 Bug #109 (Closed): Vendor checking in EAP authenticator missing
> please apply the patch shown below
Thanks for the patch, applied to master.
> Btw: thanks for adding get_sa...- 12:28 Revision aa59a7f2: Check if we are not using a vendor EAP method in EAP_IDENTITY comparison.
- Check if we are not using a vendor EAP method in EAP_IDENTITY comparison.
Bug reported by Ingo Kubbilun with a patch... - 12:10 Bug #109: Vendor checking in EAP authenticator missing
- Sorry, patch was nuked. Added as attachment.
- 12:06 Bug #109 (Closed): Vendor checking in EAP authenticator missing
- Dear strongSwan developers,
please apply the patch shown below to the EAP authenticator (vendor checking was missi... - 10:44 Revision 1abab9ec: Use "static const", some GCCs don't like "const static"
- Use "static const", some GCCs don't like "const static"
- 10:18 Revision 1be32988: Adding Android.mk files to build charon and libstrongswan with the Android bui...
- Adding Android.mk files to build charon and libstrongswan with the Android build system.
02.03.2010
- 12:13 Bug #107: Unencrypted L2TP packets
- Changed and tested my setup without nat and all worked well
Changed and tested with only strongswan-server (responder... - 12:13 Bug #107: Unencrypted L2TP packets
- Delayed update caused me to double post next
- 12:03 Revision afb364ff: Reverting eba28948a584b9d02474cf5d256b04b8d2adbe6a which was only necessary wh...
- Reverting eba28948a584b9d02474cf5d256b04b8d2adbe6a which was only necessary when cross-compiling the plugins for Andr...
- 10:40 Revision 4e657051: Streamlined the source file list formatting in plugin makefiles.
- Streamlined the source file list formatting in plugin makefiles.
- 10:38 Revision fac3bfa5: Fixing some includes by replacing <> with "".
- Fixing some includes by replacing <> with "".
I changed only the includes needed to fix the build on Android, which ... - 10:38 Revision 6ec60bb9: Link all enabled libstrongswan plugins into the library, link all enabled char...
- Link all enabled libstrongswan plugins into the library, link all enabled charon plugins into libcharon.
- 09:10 Revision 3372ad14: Adding an option to build libstrongswan and charon monolithically.
- Adding an option to build libstrongswan and charon monolithically.
- 09:10 Revision 3724668b: Enabling the plugin loader to be able to load plugins without explicitly loadi...
- Enabling the plugin loader to be able to load plugins without explicitly loading a shared object file first.
- 09:10 Revision 9ce567f8: Changed plugin constructors from plugin_create to plugin_name_plugin_create.
- Changed plugin constructors from plugin_create to plugin_name_plugin_create.
- 09:10 Revision 6cc13cd9: Removing the plugin constructor declarations from the header files.
- Removing the plugin constructor declarations from the header files.
27.02.2010
- 22:16 Revision 3cfbc91a: renewed Authorization Authority certificate
- renewed Authorization Authority certificate
26.02.2010
- 11:57 Revision 3e6b50ed: NEWS about the android plugin
- NEWS about the android plugin
- 11:52 Revision 00c60592: NEWS about the dynamic socket implementation
- NEWS about the dynamic socket implementation
- 11:49 Revision 5acb97ce: Link libstrongswan to the new plugins, too
- Link libstrongswan to the new plugins, too
- 11:44 Revision 9ed1bb48: Added an initiator-only socket implementation which binds ports on demand
- Added an initiator-only socket implementation which binds ports on demand
- 11:44 Revision 40706b60: Removed obsolete daemon kill
- Removed obsolete daemon kill
- 11:44 Revision f16ca9e8: Add support for dynamic ports in load tester
- Add support for dynamic ports in load tester
- 11:44 Revision da2303ca: Fixed starter left-/rightikeport keyword
- Fixed starter left-/rightikeport keyword
- 11:44 Revision b3b74e47: Set UDP encapsulation option on all sockets
- Set UDP encapsulation option on all sockets
- 11:44 Revision ed5fc4ca: Use message instead of attributes in hook
- Use message instead of attributes in hook
- 11:44 Revision 347488bd: Process ike_vendor task before ike_init, fixes support for private algs in IKE
- Process ike_vendor task before ike_init, fixes support for private algs in IKE
- 11:44 Revision af2c43fd: Include ports in ike_cfg equality check
- Include ports in ike_cfg equality check
- 11:44 Revision 9cb2360e: Added locking to dynamic socket list
- Added locking to dynamic socket list
- 11:44 Revision 4e18490e: Store custom IKE src/dst ports on ike_cfg
- Store custom IKE src/dst ports on ike_cfg
- 11:44 Revision cc2eadde: Use src/dst ports as configured in ike_cfg
- Use src/dst ports as configured in ike_cfg
- 11:44 Revision 54f81859: Pass sockets to bypass to kernel interface, allowing us to register them dynam...
- Pass sockets to bypass to kernel interface, allowing us to register them dynamically
- 11:44 Revision 2d49f74e: Migrated kernel_interface wrapper to METHOD/INIT macros
- Migrated kernel_interface wrapper to METHOD/INIT macros
- 11:44 Revision 98ed9c6c: Migrated kernel_netlink_ipsec to METHOD/INIT macros
- Migrated kernel_netlink_ipsec to METHOD/INIT macros
- 11:44 Revision 44791b75: Migrated kernel_pfkey_ipsec to METHOD/INIT macros
- Migrated kernel_pfkey_ipsec to METHOD/INIT macros
- 11:44 Revision 3e631491: Migrated kernel_klips_ipsec to METHOD/INIT macros
- Migrated kernel_klips_ipsec to METHOD/INIT macros
- 11:44 Revision d6a27ec6: Do not kill daemon, just not use pluggable kernel interface if initialization ...
- Do not kill daemon, just not use pluggable kernel interface if initialization failed
- 11:44 Revision 667b7372: Added left-/rightikeport ipsec.conf options to use custom IKE ports
- Added left-/rightikeport ipsec.conf options to use custom IKE ports
- 11:44 Revision dab05604: Moved socket and socket-raw implementations to plugins
- Moved socket and socket-raw implementations to plugins
- 11:44 Revision 147dd963: Migrated packet_t to METHOD/INIT macros
- Migrated packet_t to METHOD/INIT macros
- 11:44 Revision deac3a0a: Migrated ike_cfg_t to METHOD/INIT macros
- Migrated ike_cfg_t to METHOD/INIT macros
- 11:21 Revision 3da5b449: Add support for dynamic ports in load tester
- Add support for dynamic ports in load tester
- 11:07 Revision 1defa886: Process ike_vendor task before ike_init, fixes support for private algs in IKE
- Process ike_vendor task before ike_init, fixes support for private algs in IKE
- 11:07 Bug #107: Unencrypted L2TP packets
- Created new issue regarding my previous input and reverted to
Server: Linux strongSwan U4.3.6rc2/K2.6.27.25-78.2.56.... - 10:24 Bug #108 (New): V 4.3.6 'responding to Quick Mode' causing INVALID_HASH_INFORMATION
- Server running Linux strongSwan U4.3.6/K2.6.31.12-174.2.22.fc12.i686
Client running XP, L2TP-IPSec
After updating...
25.02.2010
- 13:51 Revision eba28948: Link all plugins to libstrongswan.
- Link all plugins to libstrongswan.
- 13:51 Revision c711687c: Force libdl if the android plugin is enabled. AC_SEARCH_LIBS thinks it's not r...
- Force libdl if the android plugin is enabled. AC_SEARCH_LIBS thinks it's not required, but on Android 2.0 it is.
- 09:37 Revision 9f2808d2: Use message instead of attributes in hook
- Use message instead of attributes in hook
- 09:26 Revision 608af0a4: Avoid a race condition that could lead to a segmentation fault.
- Avoid a race condition that could lead to a segmentation fault.
Let's assume the callback function of a callback job...
24.02.2010
- 15:51 Bug #107: Unencrypted L2TP packets
- Creating my own rules in iptables did not help
I have set up a new server from scratch and installed fc12 and update... - 15:11 Revision 7daf429f: Set UDP encapsulation option on all sockets
- Set UDP encapsulation option on all sockets
- 14:49 Revision 450a0fc0: Fixed starter left-/rightikeport keyword
- Fixed starter left-/rightikeport keyword
- 11:45 Revision a5189481: Added locking to dynamic socket list
- Added locking to dynamic socket list
- 11:07 Revision 402b4eda: Include ports in ike_cfg equality check
- Include ports in ike_cfg equality check
- 10:58 Revision 22178c85: Added an initiator-only socket implementation which binds ports on demand
- Added an initiator-only socket implementation which binds ports on demand
23.02.2010
- 17:59 Revision 42e10c5b: Removed obsolete daemon kill
- Removed obsolete daemon kill
- 17:49 Revision d9fc8af7: Do not kill daemon, just not use pluggable kernel interface if initialization ...
- Do not kill daemon, just not use pluggable kernel interface if initialization failed
- 17:29 Revision 80f97c50: Pass sockets to bypass to kernel interface, allowing us to register them dynam...
- Pass sockets to bypass to kernel interface, allowing us to register them dynamically
- 17:29 Revision e1ef6da1: Migrated kernel_klips_ipsec to METHOD/INIT macros
- Migrated kernel_klips_ipsec to METHOD/INIT macros
- 17:29 Revision f34c22dd: Migrated kernel_pfkey_ipsec to METHOD/INIT macros
- Migrated kernel_pfkey_ipsec to METHOD/INIT macros
- 17:29 Revision c4c175ed: Migrated kernel_netlink_ipsec to METHOD/INIT macros
- Migrated kernel_netlink_ipsec to METHOD/INIT macros
- 16:34 Revision a859813b: Migrated kernel_interface wrapper to METHOD/INIT macros
- Migrated kernel_interface wrapper to METHOD/INIT macros
22.02.2010
- 19:26 Revision 53555105: Added left-/rightikeport ipsec.conf options to use custom IKE ports
- Added left-/rightikeport ipsec.conf options to use custom IKE ports
- 18:34 Revision b4fc4bbf: Use src/dst ports as configured in ike_cfg
- Use src/dst ports as configured in ike_cfg
- 18:11 Revision cf96856d: Store custom IKE src/dst ports on ike_cfg
- Store custom IKE src/dst ports on ike_cfg
- 18:01 Revision 03f3336d: Migrated ike_cfg_t to METHOD/INIT macros
- Migrated ike_cfg_t to METHOD/INIT macros
- 17:51 Revision 2ebdc766: Migrated packet_t to METHOD/INIT macros
- Migrated packet_t to METHOD/INIT macros
- 16:47 Revision 7443eff8: Moved socket and socket-raw implementations to plugins
- Moved socket and socket-raw implementations to plugins
18.02.2010
- 17:38 Revision 3e35a6e7: Use side-channel secured mpz_powm_sec of libgmp 5, if available
- Use side-channel secured mpz_powm_sec of libgmp 5, if available
- 16:03 Bug #107: Unencrypted L2TP packets
- Looks like I have found out why send_netlink_msg() fails to setup policy
I have previously experimented width mult... - 10:54 Bug #107: Unencrypted L2TP packets
- linux_kernel_ops->raw_eroute = netlink_raw_eroute; (kernel_netlink.c, 1314)
calls netlink_policy() (kernel_netli... - 09:51 Revision 7d3a830a: Updated debian package for NetworkManager-strongswan-1.1.2
- Updated debian package for NetworkManager-strongswan-1.1.2
- 09:51 Revision e159cd1d: Version bump and NEWS for NetworkManager-strongswan-1.1.2 release
- Version bump and NEWS for NetworkManager-strongswan-1.1.2 release
- 09:51 Revision 0209179a: Updated german translation
- Updated german translation
- 09:20 Revision 7613a68f: Tooltips are translatable
- Tooltips are translatable
- 09:03 Revision d178eee8: Newer glade requires explicit vertical vboxes
- Newer glade requires explicit vertical vboxes
- 08:31 Revision 71070c88: Fixed lost renaimings in android plugin
- Fixed lost renaimings in android plugin
17.02.2010
- 18:24 Revision 55699f03: Added Android plugin, currently provides DNS handling on Android
- Added Android plugin, currently provides DNS handling on Android
- 18:23 Revision 63b0bc9c: Invoke missing message() hook for incoming responses
- Invoke missing message() hook for incoming responses
- 11:35 Bug #107: Unencrypted L2TP packets
- Lost 'Preview' button when in edit-mode?
Uploaded strongswan3.log
quote from mail:
Here is the inbound eroute whi... - 09:13 Bug #107: Unencrypted L2TP packets
- Yes we are aware of the problem and are working on it.
Update: File uploading should work now.
16.02.2010
- 21:24 Bug #107: Unencrypted L2TP packets
- No longer possible to upload attachements !!!
- 14:12 Bug #107: Unencrypted L2TP packets
- I don't see any IKEv1 negotiations in strongswan2.log
- 09:57 Bug #107: Unencrypted L2TP packets
- Andreas Steffen wrote:
> In ip xfrm policy the outbound policy is missing. Therefore it is not surprise that your ou... - 05:56 Bug #107: Unencrypted L2TP packets
- In ip xfrm policy the outbound policy is missing. Therefore it is not surprise that your output packets are in the cl...
Also available in: Atom