------------------------------------------------------------------------
r788 | mgrooms | 2011-01-10 06:06:37 +0000 (Mon, 10 Jan 2011) | 2 lines
Modify the Linux/BSD/OSX VPN Access manager to correctly mangle
duplicate site names. This was broken in a previous commit.
------------------------------------------------------------------------
r787 | mgrooms | 2011-01-10 05:53:46 +0000 (Mon, 10 Jan 2011) | 1 line
Add support for public site configurations on Windows platforms. This
allows sites to be designated as public which are accessible by all
users on the system. Only a user with administrative access can create
or remove a public profile.
------------------------------------------------------------------------
r786 | mgrooms | 2011-01-06 04:51:46 +0000 (Thu, 06 Jan 2011) | 2 lines
Modify the Linux/BSD/OSX VPN Access manager to not request updated site
configurations to be saved to the original file during import
operations.
------------------------------------------------------------------------
r785 | mgrooms | 2011-01-06 04:47:44 +0000 (Thu, 06 Jan 2011) | 1 line
Modify libike to correct a few issues. Include the site configuration
manager in the CLIENT class so it is initialized when the client starts.
Add an option to the file based site configuration load function to
avoid writing version update configuration changes to a file when
loaded. Lastly, modify the latest configuation version update to not
clobber certificate information when reading a previously exported file
with an older configuration version.
------------------------------------------------------------------------
r784 | mgrooms | 2011-01-05 08:45:09 +0000 (Wed, 05 Jan 2011) | 2 lines
Modify the Linux/BSD/OSX VPN Access Manager to store certificate and key
data directly in the site configuration. A user selects the file
location for the contents to be embedded instead of using a reference to
the file location.
------------------------------------------------------------------------
r783 | mgrooms | 2011-01-05 06:28:30 +0000 (Wed, 05 Jan 2011) | 1 line
Modify libike to support migration of sites from the registry to files.
This only occurs once when the users 'AppData\Shrew Soft VPN' folder is
created. Site configurations are not currently deleted from the registry
for backward compatibility. The final 2.2.0 release version will remove
registry data.
------------------------------------------------------------------------
r782 | mgrooms | 2011-01-04 07:59:54 +0000 (Tue, 04 Jan 2011) | 5 lines
Modify libike to allow a client to send the actual certificate and key
data instead of a path to a file containing the data when passing a site
configuration to the ike daemon. The site configuration manager now
imports all certificate files into the related configuration files
during startup for legacy configs. This means all certificate data for a
given configuration will always be embedded in the site configuration
file.
Modify iked to support reading password protected pem and pkcs12 from
OpenSSL BIO memory buffers. While here, correct a few problems with
certificate password handling. More testing is needed. The list of DH
groups and message auth algorithms used for automatic proposal
negotiation were also trimmed to avoid very large packet fragments.
These will need to be selected manually.
Modify the libidb BDATA class to support loading and saving data
directly from a file or an open file handle.
------------------------------------------------------------------------
r781 | mgrooms | 2010-12-31 06:56:31 +0000 (Fri, 31 Dec 2010) | 2 lines
Modify the Linux/BSD/OSX UI components to support dh groups 16, 17 and
18.
------------------------------------------------------------------------
r780 | mgrooms | 2010-12-31 06:47:19 +0000 (Fri, 31 Dec 2010) | 1 line
Modify iked to support dh groups 16, 17 and 18. These primes are also
known as modp-4096, modp-6144 and modp-8192. Requested by Serge on the
vpn-devel mailing list.
------------------------------------------------------------------------
r779 | mgrooms | 2010-12-31 03:34:09 +0000 (Fri, 31 Dec 2010) | 2 lines
Remove the site configuration upgrade functionality from the Windows VPN
Access Manager application. This is now handled by the cross platform
configuration manager class. Make sure the configuration manager uses a
null terminated value when storing path information on Linux/BSD/OSX
platforms.
------------------------------------------------------------------------
r778 | mgrooms | 2010-12-31 03:17:33 +0000 (Fri, 31 Dec 2010) | 1 line
Make sure the configuration manager uses a null terminated value when
storing path information on windows platforms.
------------------------------------------------------------------------
r777 | mgrooms | 2010-12-31 02:40:29 +0000 (Fri, 31 Dec 2010) | 1 line
Modify the cross platform configuration manager class to handle site
configuration upgrades automatically at load time. This allows us to
remove the upgrade functions from the platform specific VPN Access
manager applications.
------------------------------------------------------------------------
r776 | mgrooms | 2010-12-30 23:51:13 +0000 (Thu, 30 Dec 2010) | 2 lines
Modify the Linux/BSD libike and user interface components to track
recent modification to the client interface.
------------------------------------------------------------------------
r775 | mgrooms | 2010-12-30 21:44:42 +0000 (Thu, 30 Dec 2010) | 1 line
Modify the site configuration and manager classes to push file path
handling into the manager class for normal load and save operations. The
generic client class has also been updated to follow suit.
------------------------------------------------------------------------
r774 | mgrooms | 2010-12-25 06:12:29 +0000 (Sat, 25 Dec 2010) | 1 line
Modify libike to cast a value used in an OpenSSL function to avoid a
compiler warning on x64 Windows builds.
------------------------------------------------------------------------
r773 | mgrooms | 2010-12-25 05:27:31 +0000 (Sat, 25 Dec 2010) | 2 lines
Correct the build on Linux/BSD systems. Correct reading vpn files that
contain the Windows CR/LF end of line markers.
------------------------------------------------------------------------
r772 | mgrooms | 2010-12-25 04:40:57 +0000 (Sat, 25 Dec 2010) | 1 line
Modify the generic libike CLIENT class to be compatible with windows.
With any luck, we will convert the Windows VPN Connect application to
use this so that Linux/BSD, OSX and Windows all use the same code path.
------------------------------------------------------------------------
r771 | mgrooms | 2010-12-25 04:20:32 +0000 (Sat, 25 Dec 2010) | 2 lines
Add the two new files that contain the generic CLIENT class
functionality. They were missed in a previous commit.
------------------------------------------------------------------------
r770 | mgrooms | 2010-12-25 04:06:54 +0000 (Sat, 25 Dec 2010) | 2 lines
Now that the generic client class is now named CLIENT and not IKEC,
rename the command line version files to ikec.cpp and ikec.h and rename
the command line class to IKEC.
------------------------------------------------------------------------
r769 | mgrooms | 2010-12-25 04:00:48 +0000 (Sat, 25 Dec 2010) | 2 lines
Really remove the files that contain the generic IKEC class. This has
been moved to libike.
------------------------------------------------------------------------
r768 | mgrooms | 2010-12-25 03:58:10 +0000 (Sat, 25 Dec 2010) | 2 lines
Move the generic IKEC class into libike and rename it to the CLIENT
class. Modify the ikec and qikec projects to use the generic CLIENT
class that now lives in libike.
------------------------------------------------------------------------
r767 | mgrooms | 2010-12-25 03:29:25 +0000 (Sat, 25 Dec 2010) | 1 line
Modify the site configuration class functions to fix a few more const
char issues.
------------------------------------------------------------------------
r766 | mgrooms | 2010-12-25 03:18:16 +0000 (Sat, 25 Dec 2010) | 2 lines
Update the unified site configuration hanler classes recently added to
libike to work on Linux/BSD. Update ikec, qikec and qikea programs to
use these classes and remove the Linux/BSD specific version from the
ikec folder.
------------------------------------------------------------------------
r765 | mgrooms | 2010-12-25 03:15:17 +0000 (Sat, 25 Dec 2010) | 2 lines
Update the Linux/BSD iked file configuration parser to support the new
SHA2 options.
------------------------------------------------------------------------
r764 | mgrooms | 2010-12-25 01:56:16 +0000 (Sat, 25 Dec 2010) | 1 line
Merge the site configuration management functions into libike. This is
the first step in merging the Linux/BSD configuration functions with the
Windows versions.
------------------------------------------------------------------------
r763 | mgrooms | 2010-12-22 21:35:36 +0000 (Wed, 22 Dec 2010) | 1 line
Modify iked and libpfk to ensure key buffer lengths are long enough to
support the new sha2 512 bit option. This was causing a buffer overflow
when 384 or 512 bit sha2 was selected.
------------------------------------------------------------------------
r762 | mgrooms | 2010-12-22 19:55:16 +0000 (Wed, 22 Dec 2010) | 1 line
Modify libpfk and the IKE daemon to support SHA2 algorithms. We now
include hash and hmac options for the 256, 384 and 512 bit variants.
------------------------------------------------------------------------
r761 | mgrooms | 2010-12-22 18:47:52 +0000 (Wed, 22 Dec 2010) | 2 lines
Correct a regression in the Linux/BSD VPN Access manager. The phase2
transforms were missing the 'esp-' prefixes which made importing from a
windows vpn file problematic.
------------------------------------------------------------------------
r760 | mgrooms | 2010-12-20 04:38:20 +0000 (Mon, 20 Dec 2010) | 1 line
Correct a problem with DHCP over IPsec. Some time ago we changed the way
the xconf flags were used so that rqst values only specified the options
to be requested and opts values specified the options actually
negotiated. The DHCP code was never updated to reflect this. This
problem was reported by Noach Summer. Also, change some parameter names
in the modecfg get and set functions to more accurately reflect what
they are used for.
------------------------------------------------------------------------
r759 | mgrooms | 2010-12-17 08:22:55 +0000 (Fri, 17 Dec 2010) | 1 line
Refine the libith generic overlapped send and receive operations a bit.
When an overlapped operation is aborted, we react as if the file
descriptor is no longer usable. This should not have any adverse effect
on callers. It does solve an issue with the libvflt and libvnet
interfaces where the descriptor should be closed if the kernel aborts an
operation. This allows both drivers to shutdown properly while services
are still running.
------------------------------------------------------------------------
r758 | mgrooms | 2010-12-13 07:32:04 +0000 (Mon, 13 Dec 2010) | 1 line
Modify liblog to not pass the raw log input as the formatted string.
This can cause a crash when the log level is turned up to debug and the
input contains chars that would be incorrectly interpreted as expansion
values.
------------------------------------------------------------------------