1. 09 Oct, 2018 3 commits
  2. 05 Oct, 2018 1 commit
  3. 25 Sep, 2018 1 commit
  4. 23 Sep, 2018 1 commit
  5. 22 Sep, 2018 2 commits
  6. 21 Sep, 2018 3 commits
  7. 19 Sep, 2018 2 commits
  8. 17 Sep, 2018 13 commits
  9. 07 Sep, 2018 1 commit
  10. 05 Sep, 2018 1 commit
  11. 01 Sep, 2018 1 commit
  12. 28 Aug, 2018 1 commit
  13. 27 Aug, 2018 1 commit
  14. 21 Aug, 2018 1 commit
  15. 13 Aug, 2018 1 commit
  16. 12 Aug, 2018 1 commit
  17. 10 Aug, 2018 6 commits
    • Francesco Giudici's avatar
    • Francesco Giudici's avatar
      all: expose IKEv2 mode in GUI · 6874028d
      Francesco Giudici authored
      Not all the single options will be available (yet), just expose a simple
      certificate-based IKEv2 template on the UI.
      6874028d
    • Francesco Giudici's avatar
      utils: add "nm-configured=yes" in Libreswan configuration · 0a9d2285
      Francesco Giudici authored
      When writing Libreswan configuration, add the nm-configured paramter to
      let Libreswan know that NetworkManager is taking care of the connection.
      0a9d2285
    • Francesco Giudici's avatar
      all: add support to the "left" libreswan option · c5b5c7a6
      Francesco Giudici authored
      Till now the value "%defaultroute" was always enforced. Let it be the
      default but allow also to specify a different one if needed.
      c5b5c7a6
    • Francesco Giudici's avatar
      utils: add intial support to rsasigkeys and certificates · 392fd894
      Francesco Giudici authored
      Introduce support to the 'leftrsasigkey', 'rightrsasigkey' and
      'leftcert' libreswan options.
      The certificate or the RSA private key referenced in the options should
      be already installed in the NSS database in order to allow the plugin to
      connect successfully.
      392fd894
    • Francesco Giudici's avatar
      utils: change the default crypto · b527765e
      Francesco Giudici authored
      When the esp and ike options were not specified, we forced
      ike=aes-sha1 and esp=aes-sha1;modp1024
      These ciphers today are quite a low security standard. In particular the
      DH group 2 (modp1024) has been downgraded to "SHOULD NOT" in RFC 8247 and
      will be completely removed from libreswan 3.26.
      So, we need to update the default crypto, also if it will affect existing
      connections.
      
      Let the default crypto be unspecified: this will allow libreswan to use
      as default many sets of crypto proposals, to be negotiated with the remote
      peer. Do this for IKEv2 and IKEv1 in main mode.
      An exception should be made for IKEv1 connections in aggressive mode:
      there the DH group in the crypto phase1 proposal must be just one; moreover
      a total of 4 proposal only may be specified.
      So, when IKEv1 aggressive mode is configured, use "ike=aes256-sha1;modp1536"
      and "esp=aes256-sha1", that should be accepted by all obsolete VPN SW/HW
      acting as a remote access VPN server and is supported in the forthcoming
      version of libreswan.
      b527765e