summaryrefslogtreecommitdiff
path: root/sbin/iked/iked.h
AgeCommit message (Expand)Author
2022-07-22Include an OpenIKED Vendor ID payload in the initial handshake. This willTobias Heider
2022-07-08Support sending certificate chains with intermediate CAs in multiple CERTTobias Heider
2022-03-14Improve retransmission of message fragments. RFC 7383 states that loss ofTobias Heider
2021-12-09Properly enable NAT-T without udpencap if mobike was negotiated without NAT.Tobias Heider
2021-12-09Move switch to NAT-T port and udpencap activation to ikev2_enable_natt().Tobias Heider
2021-12-01whitespace cleanup during review readTheo de Raadt
2021-11-29sys/param.h was included for MAX(), MIN() and roundup(). make localTheo de Raadt
2021-11-27Rename msg_id to msg_peerid now that we also have msg_localid.Tobias Heider
2021-11-26A peer sends both his local id and remote id he expects us to be. So far wePatrick Wildt
2021-11-24Unregister event on pfkey socket during pfkey_reply(). Using eventsTobias Heider
2021-11-24Pass env to pfkey API. Consistently call pfkey file descriptor fd.Tobias Heider
2021-10-26Make proto config option accept a list to allow specifying multipleTobias Heider
2021-10-12Change responder to prefer DH group from KE payload.Tobias Heider
2021-09-01Add client side support for DNS configuration. Use RTM_PROPOSAL_STATICTobias Heider
2021-06-23Factor out vroute_addr().tobhe
2021-05-13Refactor iked process shutdown and cleanup. Remember configuredtobhe
2021-04-20Move TAILQ initialization to files where they are used.dv
2021-03-05Print PFS group for rekeyed Child SAs.tobhe
2021-03-05Move policy printing code from parse.y to new print.ctobhe
2021-02-25Constify cipher API.tobhe
2021-02-22Don't pass 'id' as argument to make function signature match similartobhe
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe
2021-02-04Rename 'struct group' to 'struct dh_group' for more clarity andtobhe
2021-02-01Take flows into consideration for policy lookup as initiator.tobhe
2021-01-28Extern privsep_process. Fixes compilation with -fno-common.mortimer
2021-01-26Add support for RSA-PSS PKCS1 signatures. Don't enable them bytobhe
2021-01-21Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SAtobhe
2020-12-21Use policy_test() to reassign existing SAs to updated policies aftertobhe
2020-12-03Fix type mismatch. auth_method should be uint8_t.tobhe
2020-11-30We need to rekey every child SA (even if acquired): Otherwise we cantobhe
2020-11-29Add 'set stickyaddress' option. If this option is enabled, iked will trytobhe
2020-11-26Use a counter instead of random IV for AES-GCM. Security depends ontobhe
2020-11-25Fix proposal error handling. If a proposal contains an unknown transformtobhe
2020-11-21Clean up NATT hack. Pass 'frompeer' as parameter instead of manipulatingtobhe
2020-11-18Constify sa in ikev2_pld_eap(). The parser code must not change anytobhe
2020-10-30style(9)tobhe
2020-10-29Add initial support to request IP addresses as IKEv2 initiator.tobhe
2020-10-24Don't modify sa in ikev2_pld_cp. Store cp_type in msg until message hastobhe
2020-10-19Handle NO_PROPOSAL_CHOSEN as IKE_AUTH initiator.tobhe
2020-10-03React to DELETE notifications only in INFORMATIONAL messagestobhe
2020-09-23Add new 'set cert_partial_chain' config option to allow verification oftobhe
2020-09-16Move all the EAP logic from a single branch in the message parsing code totobhe
2020-08-28Rename ikev2_*_sa() functions to make clear they handle Child SAs.tobhe
2020-08-26Allow disabling DPD liveness checks by setting dpd_check_interval to 0.tobhe
2020-08-25Add dpd_check_interval configuration option. If for any IKE SA no IPsectobhe
2020-08-24Reduce the amount of boilerplate code and imsgs for config options bytobhe
2020-08-23Add a new configuration option to limit the number of connections fortobhe
2020-08-23Rename natt_mode to sc_nattmode for consistency.tobhe
2020-08-21Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid oftobhe
2020-08-18Add optional time-stamp validaten for ocsp. The new optional 'tolerate'tobhe