GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-06 06:47:41 +08:00
Code Issues Packages Projects Releases Wiki Activity
906 Commits 16 Branches 89 Tags
936fefd79d77b0c5765eea0074d7ab9c85c02353
Commit Graph

906 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nikos Mavrogiannopoulos
936fefd79d distribute test-stress 2014-02-16 10:13:06 +01:00
Nikos Mavrogiannopoulos
0f0683b7fd released 0.3.1 ocserv_0_3_1 2014-02-16 09:34:20 +01:00
Nikos Mavrogiannopoulos
17f3fb8518 check for auth context presence when locating a previous session 2014-02-16 08:40:51 +01:00
Nikos Mavrogiannopoulos
a329982c97 removed the periodic printing of TCP MSS 2014-02-15 21:08:00 +01:00
Nikos Mavrogiannopoulos
55de932cdb corrected typo 2014-02-15 15:25:00 +01:00
Nikos Mavrogiannopoulos
ac5a9062c6 added example of IPv6 route 2014-02-15 15:19:13 +01:00
Nikos Mavrogiannopoulos
0faee9fbbf print errors when an invalid IPv6 prefix is found. 2014-02-15 15:16:19 +01:00
Nikos Mavrogiannopoulos
489da30c93 doc update 2014-02-15 13:53:21 +01:00
Nikos Mavrogiannopoulos
3b9971b7e8 Added support for the "new" type of IP6 support in AnyConnect. 
If the client sends "X-CSTP-Full-IPv6-Capability: true", then we
use the headers:
     X-CSTP-Address-IP6: 2001:db8:1000:1000::1/64
     X-CSTP-Split-Include-IP6: 2001:db8:1000:1001::/64
     X-CSTP-Split-Include-IP6: 2001:db8:1000:1002::/64

(see corresponding openconnect change)
 2014-02-15 13:51:03 +01:00
Nikos Mavrogiannopoulos
4e8d7e7a58 corrected typo 2014-02-15 13:44:05 +01:00
Nikos Mavrogiannopoulos
c8986508c0 doc update 2014-02-15 09:58:07 +01:00
Nikos Mavrogiannopoulos
8ffca1fcd9 eliminate small leak 2014-02-15 09:57:52 +01:00
Nikos Mavrogiannopoulos
828814862b Added stress test 2014-02-15 09:53:57 +01:00
Nikos Mavrogiannopoulos
dd3bd9dcdd Do not enforce safe negotiation on the main TLS channel. 
This is only set when in CISCO compatibility mode, as CISCO clients
come from the past.
 2014-02-14 21:35:41 +01:00
Nikos Mavrogiannopoulos
452ff7973a simplified type usage 2014-02-14 12:47:22 +01:00
Nikos Mavrogiannopoulos
ea39d512dc switch to strtok_r() and other small fixes. 2014-02-14 12:43:54 +01:00
Nikos Mavrogiannopoulos
af6714605b when a user is rejected due to multiple connections set an appropriate status. 2014-02-14 10:37:35 +01:00
Nikos Mavrogiannopoulos
f8f30bffa4 set a reasonable default rekey time 2014-02-12 11:07:14 +01:00
Nikos Mavrogiannopoulos
6d8841cae7 sample.conf update 2014-02-12 11:05:14 +01:00
Nikos Mavrogiannopoulos
c8a9ab3191 removed exclamation mark 2014-02-12 11:05:11 +01:00
Nikos Mavrogiannopoulos
22ffb526dd DTLS rekey time and method was aligned with CSTP. 2014-02-12 10:48:10 +01:00
Nikos Mavrogiannopoulos
001fd57c71 Allow rehandshakes on the DTLS channel. 2014-02-11 16:18:08 +01:00
Nikos Mavrogiannopoulos
8f559e89e5 doc update 2014-02-11 15:48:55 +01:00
Nikos Mavrogiannopoulos
c92925e727 Rekey time is now configurable and can be disabled. 2014-02-11 15:47:20 +01:00
Nikos Mavrogiannopoulos
fa4b24ddac removed unused label 2014-02-11 15:30:25 +01:00
Nikos Mavrogiannopoulos
266b06f7d2 when the tcp channel is terminated attempt to close the DTLS channel as well. 2014-02-10 09:45:12 +01:00
Nikos Mavrogiannopoulos
295a87b8ab bumped version 2014-02-05 19:27:44 +01:00
Nikos Mavrogiannopoulos
638228e284 Use brackets in DEL macro 2014-02-05 09:56:06 +01:00
Nikos Mavrogiannopoulos
eb5f78c748 seccomp will make the forbidden system calls to return an error. 2014-02-02 09:45:34 +01:00
Nikos Mavrogiannopoulos
cfc10eec81 reduced the number of allowed ioctl() to the ones used. 2014-02-02 09:44:09 +01:00
Nikos Mavrogiannopoulos
5bf791bdfa doc update 2014-02-01 19:03:33 +01:00
Nikos Mavrogiannopoulos
91ceefb1f3 Added the split-dns config option. 2014-02-01 18:59:50 +01:00
Nikos Mavrogiannopoulos
311d5ddd20 Added configuration option to send custom headers to client. 2014-02-01 18:55:27 +01:00
Nikos Mavrogiannopoulos
0ec67882c0 Added support for multiple DNS and NBNS servers. 
This patch also combines ipv4-dns and ipv6-dns options
that are now handled as aliases to dns.

A side-effect of this patch is that the local keyword is no
longer supported.
 2014-02-01 14:50:52 +01:00
Nikos Mavrogiannopoulos
5c49678568 doc update 2014-02-01 10:27:49 +01:00
Nikos Mavrogiannopoulos
51c0e1bee1 Added untested code to set an IPv6 on FreeBSD. 2014-02-01 10:25:41 +01:00
Nikos Mavrogiannopoulos
97c2a4428f separated linux-specific code to allow easier portability fixes. 2014-02-01 09:57:18 +01:00
Nikos Mavrogiannopoulos
16f731bd2e on systems without IPv6 support remove the IPv6 lease. 2014-02-01 09:49:10 +01:00
Nikos Mavrogiannopoulos
ea02f38a04 if the loading of default config in the new location fails, try the old default file. 2014-02-01 09:24:52 +01:00
Nikos Mavrogiannopoulos
a22b846ece use linux/types.h for __u32 2014-02-01 09:12:41 +01:00
Nikos Mavrogiannopoulos
28e5d62f3f The worker process receives the client's IPs from the main process. 
That eliminates the need to read the IP address from the tun device
(which can be quite tricky to implement in a clean portable way).
 2014-01-31 20:53:45 +01:00
Nikos Mavrogiannopoulos
f715cf08f0 doc update 2014-01-31 13:28:58 +01:00
Nikos Mavrogiannopoulos
798eb38eb0 remove socket and pid files prior to waiting for kill. 2014-01-31 13:28:11 +01:00
Nikos Mavrogiannopoulos
a51de1cb0c Get real-time netlink information rather than using the cache. 2014-01-30 22:15:42 +01:00
Nikos Mavrogiannopoulos
4ce8365873 updated netlink handling. 2014-01-30 20:51:00 +01:00
Nikos Mavrogiannopoulos
ab7a5623ad better error messages 2014-01-30 20:03:13 +01:00
Nikos Mavrogiannopoulos
4dfa0e560b doc update 2014-01-30 19:25:38 +01:00
Nikos Mavrogiannopoulos
313f1b67fd When not reading from a tty use getline(). 2014-01-30 19:22:02 +01:00
Nikos Mavrogiannopoulos
aeb0b40221 use etc/ocserv as config directory 2014-01-30 19:13:23 +01:00
Nikos Mavrogiannopoulos
2254ba554b Set a default password file if one is not specified in ocpasswd. 2014-01-30 19:12:02 +01:00