summaryrefslogtreecommitdiff
path: root/sbin/iked/iked.conf.5
AgeCommit message (Expand)Author
2021-08-03Increase default data bytes limit for Child SAs to 4 GB.tobhe
2021-04-11Document 'request' option to request additional configuration payloads.tobhe
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe
2021-01-24hmac-sha2-384 and hmac-sha2-512 are enabled by default.tobhe
2021-01-23Fix typos.tobhe
2020-12-28Add back keyword "any" to match any IP address, which actually workstobhe
2020-12-11The keyword "any" does not actually work properly for traffic selectors.tobhe
2020-11-15Document new 'dynamic' keyword to create flows from or to a dynamicallytobhe
2020-09-23Add new 'set cert_partial_chain' config option to allow verification oftobhe
2020-08-26Allow disabling DPD liveness checks by setting dpd_check_interval to 0.tobhe
2020-08-25Add dpd_check_interval configuration option. If for any IKE SA no IPsectobhe
2020-08-23Add a new configuration option to limit the number of connections fortobhe
2020-08-21Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid oftobhe
2020-08-18Add optional time-stamp validaten for ocsp. The new optional 'tolerate'tobhe
2020-07-21Provide GRE over transport mode examplekn
2020-07-10table fix;Jason McIntyre
2020-07-10Document which crypto transforms are enabled by default.tobhe
2020-05-26Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe
2020-05-01Clarify global 'set active' and 'set passive' options and how theytobhe
2020-04-28Remove support for insecure EC2N groups. Clarify which Diffie-Hellmantobhe
2020-04-27Add curve25519 IANA group number.tobhe
2020-04-23 ce examples of "Ar arg Ar arg" with "Ar arg arg" and stop the spread;Jason McIntyre
2020-04-23Add support for switching rdomain on IPsec encryption/decryption.tobhe
2020-02-21Add transport mode for child SAs. This is useful for GRE over IPsec andtobhe
2020-02-16Quote variables in pf tag stringskn
2020-02-10briefly mention /etc/examples/ in the FILES section of all theIngo Schwarze
2019-12-01Explain how ipcomp can be enabled.tobhe
2019-11-12fix a formatting warning;Jason McIntyre
2019-11-12Add configuration options to explicitly specify ESN support for child SAs.tobhe
2019-08-24Clarify "protected-subnet" option.tobhe
2019-08-16Add explanation for the [IKE/ESP only] column of the transform table.tobhe
2019-05-11Add support for IKEv2 Message Fragmentation as defined in RFC 7383.Patrick Wildt
2019-04-02When curve25519 was added to iked, it was based on the internet-draft andStuart Henderson
2018-01-31Add support for specifying multiple transforms within a single proposal.Patrick Wildt
2018-01-24Implement support for specifying multiple proposals. This means we canPatrick Wildt
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-06-01Expand $eapid in iked tags, allowing PF rules to be written based on EAPStuart Henderson
2017-03-27correct verb pattern;Jason McIntyre
2017-03-27Add support for RFC4754 (ECDSA) and RFC7427 authentication.Reyk Floeter
2017-03-13Clarify iked.conf(5) manpage in regards to IP compression.Patrick Wildt
2017-01-04Remove modular exponential groups specified in RFC5114Mike Belopuhov
2016-11-28ikelifetime time spec is the same the one for lifetimeMike Belopuhov
2015-12-09Remove plain DES encryption from IPsec.Christian Weisgerber
2015-11-04Support Chacha20-Poly1305 for Child SAs; ok reykMike Belopuhov
2015-11-01replace "can not" with "cannot";Jason McIntyre
2015-10-31pastoChristian Weisgerber
2015-10-19break long lines in examples; ok jmc@Christian Weisgerber
2015-07-14clarification from trondd;Jason McIntyre
2015-02-28Reduce usage of predefined strings in manpages.Anthony J. Bentley
2015-01-15tell the truth about DES.Igor Sobrado
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 09:48:03 +0000