index
:
src
cvs/HEAD
kms/intel
kms/radeon
master
OpenBSD base system
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
sbin
/
iked
/
iked.h
Age
Commit message (
Expand
)
Author
2022-07-22
Include an OpenIKED Vendor ID payload in the initial handshake. This will
Tobias Heider
2022-07-08
Support sending certificate chains with intermediate CAs in multiple CERT
Tobias Heider
2022-03-14
Improve retransmission of message fragments. RFC 7383 states that loss of
Tobias Heider
2021-12-09
Properly enable NAT-T without udpencap if mobike was negotiated without NAT.
Tobias Heider
2021-12-09
Move switch to NAT-T port and udpencap activation to ikev2_enable_natt().
Tobias Heider
2021-12-01
whitespace cleanup during review read
Theo de Raadt
2021-11-29
sys/param.h was included for MAX(), MIN() and roundup(). make local
Theo de Raadt
2021-11-27
Rename msg_id to msg_peerid now that we also have msg_localid.
Tobias Heider
2021-11-26
A peer sends both his local id and remote id he expects us to be. So far we
Patrick Wildt
2021-11-24
Unregister event on pfkey socket during pfkey_reply(). Using events
Tobias Heider
2021-11-24
Pass env to pfkey API. Consistently call pfkey file descriptor fd.
Tobias Heider
2021-10-26
Make proto config option accept a list to allow specifying multiple
Tobias Heider
2021-10-12
Change responder to prefer DH group from KE payload.
Tobias Heider
2021-09-01
Add client side support for DNS configuration. Use RTM_PROPOSAL_STATIC
Tobias Heider
2021-06-23
Factor out vroute_addr().
tobhe
2021-05-13
Refactor iked process shutdown and cleanup. Remember configured
tobhe
2021-04-20
Move TAILQ initialization to files where they are used.
dv
2021-03-05
Print PFS group for rekeyed Child SAs.
tobhe
2021-03-05
Move policy printing code from parse.y to new print.c
tobhe
2021-02-25
Constify cipher API.
tobhe
2021-02-22
Don't pass 'id' as argument to make function signature match similar
tobhe
2021-02-13
Add dynamic address configuration for roadwarrior clients.
tobhe
2021-02-04
Rename 'struct group' to 'struct dh_group' for more clarity and
tobhe
2021-02-01
Take flows into consideration for policy lookup as initiator.
tobhe
2021-01-28
Extern privsep_process. Fixes compilation with -fno-common.
mortimer
2021-01-26
Add support for RSA-PSS PKCS1 signatures. Don't enable them by
tobhe
2021-01-21
Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SA
tobhe
2020-12-21
Use policy_test() to reassign existing SAs to updated policies after
tobhe
2020-12-03
Fix type mismatch. auth_method should be uint8_t.
tobhe
2020-11-30
We need to rekey every child SA (even if acquired): Otherwise we can
tobhe
2020-11-29
Add 'set stickyaddress' option. If this option is enabled, iked will try
tobhe
2020-11-26
Use a counter instead of random IV for AES-GCM. Security depends on
tobhe
2020-11-25
Fix proposal error handling. If a proposal contains an unknown transform
tobhe
2020-11-21
Clean up NATT hack. Pass 'frompeer' as parameter instead of manipulating
tobhe
2020-11-18
Constify sa in ikev2_pld_eap(). The parser code must not change any
tobhe
2020-10-30
style(9)
tobhe
2020-10-29
Add initial support to request IP addresses as IKEv2 initiator.
tobhe
2020-10-24
Don't modify sa in ikev2_pld_cp. Store cp_type in msg until message has
tobhe
2020-10-19
Handle NO_PROPOSAL_CHOSEN as IKE_AUTH initiator.
tobhe
2020-10-03
React to DELETE notifications only in INFORMATIONAL messages
tobhe
2020-09-23
Add new 'set cert_partial_chain' config option to allow verification of
tobhe
2020-09-16
Move all the EAP logic from a single branch in the message parsing code to
tobhe
2020-08-28
Rename ikev2_*_sa() functions to make clear they handle Child SAs.
tobhe
2020-08-26
Allow disabling DPD liveness checks by setting dpd_check_interval to 0.
tobhe
2020-08-25
Add dpd_check_interval configuration option. If for any IKE SA no IPsec
tobhe
2020-08-24
Reduce the amount of boilerplate code and imsgs for config options by
tobhe
2020-08-23
Add a new configuration option to limit the number of connections for
tobhe
2020-08-23
Rename natt_mode to sc_nattmode for consistency.
tobhe
2020-08-21
Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid of
tobhe
2020-08-18
Add optional time-stamp validaten for ocsp. The new optional 'tolerate'
tobhe
[next]