GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 08:46:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,522 Commits 19 Branches 88 Tags
1ead0b33467981977ce14938eba8f02fae383221
Commit Graph

1522 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
04ec372f4f save MTU in main, and report it to occtl 2015-01-11 10:34:13 +01:00
Nikos Mavrogiannopoulos
730c95e30e doc update 2015-01-11 00:47:32 +01:00
Nikos Mavrogiannopoulos
3d7ac2c98c bind to the address we received UDP on 
That in addition allocates a new UDP socket per client,
and forwards the initial client hello to the worker
process as auxillary data. That, eliminates the need to
re-open the main server's UDP socket per client connection.
 2015-01-11 00:46:34 +01:00
Nikos Mavrogiannopoulos
cb56984e8d when compiling with gnutls 3.3.5 or later use the zero copy recv API 2015-01-07 22:33:12 +01:00
Nikos Mavrogiannopoulos
efe61fa48e radius: added safety checks in the parsing of Framed-IPv6-Prefix 2015-01-06 10:58:05 +01:00
Nikos Mavrogiannopoulos
a530330873 radius: use separate types for ipv4 and ipv6 2015-01-06 10:56:24 +01:00
Nikos Mavrogiannopoulos
e042e3edf9 configure: set seccomp as enabled by default 2015-01-06 10:38:09 +01:00
Nikos Mavrogiannopoulos
b097d8a3ff radius: handle Framed-IPv6-Prefix as routes to add 2015-01-01 01:22:32 +02:00
Nikos Mavrogiannopoulos
a1abcdbeae Allow prefixes in specifying the IPv4 network 2014-12-30 17:22:02 +02:00
Nikos Mavrogiannopoulos
674a690301 Disable route and DNS assignment in IPv6 for non-openconnect clients 
That is because anyconnect clients can handle the assignment
of an IPv6 address, but cannot handle routes or DNS in IPv6.
So we disable IPv6 after an IP is assigned.
 2014-12-30 14:14:22 +02:00
Nikos Mavrogiannopoulos
effc095f46 dockerfile: added missing haproxy 2014-12-29 20:22:07 +02:00
Nikos Mavrogiannopoulos
8de4a47e62 doc update 2014-12-29 20:18:01 +02:00
Nikos Mavrogiannopoulos
50f2fb88f6 simplify the input of IPv6 networks 
The prefix is specified as part of the network.
 2014-12-29 20:15:36 +02:00
Nikos Mavrogiannopoulos
90b0ac7932 radius: added support for Framed-IPv6-Prefix 2014-12-29 20:00:45 +02:00
Nikos Mavrogiannopoulos
73726d13a3 print IPv6 netmask only when in non-full mode 
Also use the network address if available to print netmask.
 2014-12-29 19:42:00 +02:00
Nikos Mavrogiannopoulos
27b9e91eb8 bail out if use-seccomp is set to true but there is no seccomp capability 2014-12-29 14:22:45 +02:00
Nikos Mavrogiannopoulos
c821a578a4 tests: enabled nuttcp when running in Fedora 2014-12-29 14:22:32 +02:00
Nikos Mavrogiannopoulos
e2192d546c full-test, unix-test: modified to operate in Fedora as well 
That also enables a check for ping in the IPv6 address.
 2014-12-29 14:19:05 +02:00
Nikos Mavrogiannopoulos
3edc36c137 Added protobuf-c dependency 2014-12-29 12:03:00 +02:00
Nikos Mavrogiannopoulos
ecb59fdf3e tests: separated the address ranges on full and unix tests and added IPv6 addresses 2014-12-29 11:56:32 +02:00
Nikos Mavrogiannopoulos
02734d8f54 send the Netmask when an IPv6 Address is assigned 2014-12-29 11:47:39 +02:00
Nikos Mavrogiannopoulos
0b47b5fb8f IPv6 fixes in ip-lease 
Issue discovered and fixed by sskaje.
 2014-12-29 11:39:52 +02:00
Nikos Mavrogiannopoulos
0f1599a64a use libsystemd instead of systemd-daemon 2014-12-28 09:57:06 +02:00
Nikos Mavrogiannopoulos
660311d74d enable IPv6 in Anyconnect clients, and send the prefix 2014-12-28 09:55:35 +02:00
Nikos Mavrogiannopoulos
620c40fba3 doc update 2014-12-27 21:37:31 +02:00
Nikos Mavrogiannopoulos
33c45d73e0 doc update 2014-12-27 11:19:10 +02:00
Nikos Mavrogiannopoulos
071a8ae05f Do print error when pam_authenticate or pam_acct_mgmt fail 2014-12-27 11:17:41 +02:00
Nikos Mavrogiannopoulos
496f563686 doc update 2014-12-27 11:11:06 +02:00
Nikos Mavrogiannopoulos
b38a1bb39a override the default ipv6_prefix only if ipv6_prefix is set 2014-12-26 20:23:12 +02:00
Nikos Mavrogiannopoulos
80459cfbd5 the default strings will enforce PFS 2014-12-25 10:56:19 +02:00
Nikos Mavrogiannopoulos
6d331584c1 radius: optimize "parse" of route 2014-12-14 20:55:04 +01:00
Nikos Mavrogiannopoulos
4cf2797afc radius: use Framed-Route and Framed-IPv6-Route 
That is read and if format is the expected, they are forwarded to client.
 2014-12-14 20:37:50 +01:00
Nikos Mavrogiannopoulos
3bbee0b069 more strlcpy() related changes 2014-12-14 20:12:08 +01:00
Nikos Mavrogiannopoulos
9fc8568107 ensure that stats are only updated if they increase 
That is, transferred bytes will not decrease in an update
due to miscommunication between main and workers.
 2014-12-14 20:00:33 +01:00
Nikos Mavrogiannopoulos
07e01d06b5 use strlcpy() instead of snprintf() where it make sense 
That should reduce wasted cycles.
 2014-12-14 19:24:14 +01:00
Nikos Mavrogiannopoulos
853f7876cd radius: increase the info sent during accounting requests 
Based on suggestions by Niels Peen. That adds:
Calling-Station-Id in auth message, and Service-Type,
Framed-Protocol, Framed-IP-Address, Acct-Authentic,
NAS-Port-Type, Acct-Session-Time in acct messages.
 2014-12-14 15:03:59 +01:00
Nikos Mavrogiannopoulos
113ae94f13 removed unused option 2014-12-14 14:06:03 +01:00
Nikos Mavrogiannopoulos
d5a975d5e6 removed redundant checks 2014-12-14 07:30:14 +01:00
Nikos Mavrogiannopoulos
64637b9f78 check for a suitable freeradius-client 2014-12-13 22:26:51 +01:00
Nikos Mavrogiannopoulos
640211d8ea simplify radius usage 2014-12-13 22:23:44 +01:00
Nikos Mavrogiannopoulos
173301744c updated radius documentation 2014-12-13 22:22:28 +01:00
Nikos Mavrogiannopoulos
a32c5db859 Added README.radius 2014-12-11 12:09:56 +01:00
Nikos Mavrogiannopoulos
b18eeb7d74 first set amod and then use it 
That fixes a crash with PAM module on startup.
Reported by Ismail Donmez.
 2014-12-11 11:58:23 +01:00
Nikos Mavrogiannopoulos
6989b6a0c4 do not utilize radius symbols if radius is disabled 
Reported by Ismail Donmez
 2014-12-11 05:37:16 +01:00
Nikos Mavrogiannopoulos
209937e7b1 bumped version 2014-12-11 05:27:42 +01:00
Nikos Mavrogiannopoulos
27cf16b5f9 doc update 2014-12-10 20:01:45 +01:00
Nikos Mavrogiannopoulos
816663fab1 Merge branch 'radius' 
That merges all the changes needed for radius support.
 2014-12-10 19:59:36 +01:00
Nikos Mavrogiannopoulos
3307793e34 test-unix: correct copy of file ocserv_0_8_9 2014-12-10 19:55:12 +01:00
Nikos Mavrogiannopoulos
1f2726feb7 bumped version 2014-12-10 19:33:22 +01:00
Nikos Mavrogiannopoulos
065753bd57 undid ed5b177691 
It is not currently possible to reload only a part of the
configuration. If the back-end module changes, the server will
bail out instead.
 2014-12-10 15:28:14 +01:00