summaryrefslogtreecommitdiff
path: root/sbin/iked/iked.h
AgeCommit message (Expand)Author
2020-08-26Allow disabling DPD liveness checks by setting dpd_check_interval to 0.tobhe
2020-08-25Add dpd_check_interval configuration option. If for any IKE SA no IPsectobhe
2020-08-24Reduce the amount of boilerplate code and imsgs for config options bytobhe
2020-08-23Add a new configuration option to limit the number of connections fortobhe
2020-08-23Rename natt_mode to sc_nattmode for consistency.tobhe
2020-08-21Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid oftobhe
2020-08-18Add optional time-stamp validaten for ocsp. The new optional 'tolerate'tobhe
2020-08-16Clean up unused parameters.tobhe
2020-08-11Prioritize incoming certificate requests by the order of CERTEQ payloadstobhe
2020-07-21Handle TEMPORARY_FAILURE notification on IKESA rekeying.tobhe
2020-07-15Make CERT and CERTREQ payloads optional for public key authentication.tobhe
2020-06-03Pass sockaddr instead of sockaddr_storage to sa_address.tobhe
2020-05-26Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe
2020-05-14Stricter return value checking for EVP_Cipher* calls.tobhe
2020-05-13Remove dead 'iked_flow' member 'flow_type'.tobhe
2020-05-08Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buftobhe
2020-04-23Add support for switching rdomain on IPsec encryption/decryption.tobhe
2020-04-20Remove unused 'dsa_cert' variable.tobhe
2020-04-13Try to send a DELETE message if the SA is reset with 'ikectl reset id'.tobhe
2020-04-11If we haven't received any IKE message from our partner for sometobhe
2020-04-10Only make the type part of the idstring lowercase when looking for certs intobhe
2020-04-09Simplify socket creation logic. Normally iked needs two sockets, onetobhe
2020-04-08Prevent multiple ibuf leaks. Clean up on proccess shutdown.tobhe
2020-04-02Store USE_TRANSPORTMODE in iked_message until the full message was parsedtobhe
2020-04-01Properly handle multiple CERTREQ payloads in CA process. Only for thetobhe
2020-03-31Log summary of certificates in cert store when iked fails to find atobhe
2020-03-24Add ikev2_print_static_id() to print static IDs in log_debug() output.tobhe
2020-03-10Relookup policy based on received cryptographic parameter proposal.tobhe
2020-03-01When the proposals are first matched the responder doestobhe
2020-02-21Add transport mode for child SAs. This is useful for GRE over IPsec andtobhe
2020-02-13Constify "buf" argument in print_hex and print_hexval.tobhe
2020-01-16Add '-p' command line option which allows to configuretobhe
2020-01-14Remove IPsec flow blocking unencrypted IPv6 traffic which wastobhe
2020-01-07Link ESP-SA and IPcomp-SA using GRPSPIS instead of using a self-builttobhe
2019-12-10We can receive a delete and free an SA that is referenced in sa_nextr.tobhe
2019-12-03Correctly represent flows as traffic selectors as described in RFC 7296. Thistobhe
2019-11-30Log loaded SPIs and flows.tobhe
2019-11-28Move Notify and Certreq payload handlers after the parser. Modify SA statetobhe
2019-11-13Log reason whenever a child SA is freed. This makes it easier totobhe
2019-11-11Cleanup message retransmission handling with new helper functions.tobhe
2019-08-14Fix NAT traversal detection bug when "local" option is not explicitlytobhe
2019-08-12Prepend SPI to send and recv log messages to see which line belongs totobhe
2019-05-11Add support for IKEv2 Message Fragmentation as defined in RFC 7383.Patrick Wildt
2019-05-10Enforce messages after IKE_SA_INIT exchange to contain onlyPatrick Wildt
2018-08-06Remove cpath pledge(2) promise. We decided that not deleting the unix controlRicardo Mestre
2018-03-16Consistently spell "IPsec" in comments and debug outputs.Martin Pieuchot
2017-11-30Add support for rejecting IKE SA messages. This means that we can replyPatrick Wildt
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-04-26cope with IP address changes. before, we were trying to resend the msgHenning Brauer
2017-04-13Add a NAT-T keepalive timer in case we are behind a NAT gateway.Patrick Wildt
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-26 21:39:27 +0000