Hi, I posted the following PR some time ago (late November) and it's languishing:
https://github.com/openwrt/packages/pull/14028 Can I get some reviews of it? X.509 authentication is a more attractive alternative to simple PSK authentication (more entropy, less susceptible to dictionary attacks, etc). It's a short series of commits that do: * suppress multiple logging in /var/log/messages for authentication messages; * adds the /etc/swanctl/conf.d/ which is read from /etc/swanctl/swanctl.conf but doesn't exist; * cleans up some of the UCI and corrects the handling of the "updown" and "firewall" scripts (there is no "left" or "right" version, since it's always local by definition); * adds new parameters "reauth", "fragmentation", "closeaction", "mobile" for greater completeness; * the X.509 support, which is the most important part of this PR, but is actually a fairly trivial change; * add support for a global "setup" config section, which contains the "cachecrls", "charondebug", "strictcrlpolicy", and "uniqueids" parameters; It's all Shell and UCI changes, and the relevant .conf generation. Pretty straightforward. Thanks, -Philip _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
