summaryrefslogtreecommitdiff
path: root/sbin/iked/iked.conf.5
AgeCommit message (Expand)Author
2024-11-04add a "natt" option that forces negotiation of nat-t (and udpencap).David Gwynne
2024-07-13grammar/macro fixes for the radius text;Jason McIntyre
2024-07-13Add RADIUS support. Authentication, accounting, and "DynamicYASUOKA Masahiko
2024-04-13document "psk file path" notation; from josh rickmarJason McIntyre
2022-07-22add missing full stop;Jason McIntyre
2022-07-22Include an OpenIKED Vendor ID payload in the initial handshake. This willTobias Heider
2022-04-13Document sntrup761x25519 key exchange.Tobias Heider
2022-02-06remove please from manual pagesJonathan Gray
2021-11-13The key/nonce disclaimers were copied from ipsec.conf.5 but aren't relevantTobias Heider
2021-11-09Use more sensible transforms in example config.Tobias Heider
2021-11-05Clarify iface option.Tobias Heider
2021-11-04Clarify "aes" will accept keys which length is in 128:256 bits. AlsoYASUOKA Masahiko
2021-10-26Make proto config option accept a list to allow specifying multipleTobias Heider
2021-08-03Increase default data bytes limit for Child SAs to 4 GB.tobhe
2021-04-11Document 'request' option to request additional configuration payloads.tobhe
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe
2021-01-24hmac-sha2-384 and hmac-sha2-512 are enabled by default.tobhe
2021-01-23Fix typos.tobhe
2020-12-28Add back keyword "any" to match any IP address, which actually workstobhe
2020-12-11The keyword "any" does not actually work properly for traffic selectors.tobhe
2020-11-15Document new 'dynamic' keyword to create flows from or to a dynamicallytobhe
2020-09-23Add new 'set cert_partial_chain' config option to allow verification oftobhe
2020-08-26Allow disabling DPD liveness checks by setting dpd_check_interval to 0.tobhe
2020-08-25Add dpd_check_interval configuration option. If for any IKE SA no IPsectobhe
2020-08-23Add a new configuration option to limit the number of connections fortobhe
2020-08-21Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid oftobhe
2020-08-18Add optional time-stamp validaten for ocsp. The new optional 'tolerate'tobhe
2020-07-21Provide GRE over transport mode examplekn
2020-07-10table fix;Jason McIntyre
2020-07-10Document which crypto transforms are enabled by default.tobhe
2020-05-26Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe
2020-05-01Clarify global 'set active' and 'set passive' options and how theytobhe
2020-04-28Remove support for insecure EC2N groups. Clarify which Diffie-Hellmantobhe
2020-04-27Add curve25519 IANA group number.tobhe
2020-04-23 ce examples of "Ar arg Ar arg" with "Ar arg arg" and stop the spread;Jason McIntyre
2020-04-23Add support for switching rdomain on IPsec encryption/decryption.tobhe
2020-02-21Add transport mode for child SAs. This is useful for GRE over IPsec andtobhe
2020-02-16Quote variables in pf tag stringskn
2020-02-10briefly mention /etc/examples/ in the FILES section of all theIngo Schwarze
2019-12-01Explain how ipcomp can be enabled.tobhe
2019-11-12fix a formatting warning;Jason McIntyre
2019-11-12Add configuration options to explicitly specify ESN support for child SAs.tobhe
2019-08-24Clarify "protected-subnet" option.tobhe
2019-08-16Add explanation for the [IKE/ESP only] column of the transform table.tobhe
2019-05-11Add support for IKEv2 Message Fragmentation as defined in RFC 7383.Patrick Wildt
2019-04-02When curve25519 was added to iked, it was based on the internet-draft andStuart Henderson
2018-01-31Add support for specifying multiple transforms within a single proposal.Patrick Wildt
2018-01-24Implement support for specifying multiple proposals. This means we canPatrick Wildt
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-06-01Expand $eapid in iked tags, allowing PF rules to be written based on EAPStuart Henderson