summaryrefslogtreecommitdiff
path: root/sbin/iked/ikev2.c
AgeCommit message (Expand)Author
2021-06-29Send AUTHENTICATION_FAILED in case of unexpected auth method or authtobhe
2021-06-17Skip flows in ikev2_cp_addr() if they don't contain a dynamic (0.0.0.0)tobhe
2021-06-11Revert previous change in ikev2_cp_fixaddr().tobhe
2021-05-31Don't fail hard in ikev2_cp_fixaddr() if no address pool is found.tobhe
2021-05-31Prevent address underflow with /32 config address prefix.tobhe
2021-05-13Refactor iked process shutdown and cleanup. Remember configuredtobhe
2021-03-23Don't send DELETE notify if IKE SA is replaced because oftobhe
2021-03-15Ignore msg_ke in CREATE_CHILD_SA if DH negotiation results in grouptobhe
2021-03-14Log errors with log level info and SPI.tobhe
2021-03-09Also log transforms on IKE SA rekey.tobhe
2021-03-07Log ESN for child SAs if enabled.tobhe
2021-03-06whitespacetobhe
2021-03-05Print PFS group for rekeyed Child SAs.tobhe
2021-03-05Log transforms of established IKE and Child SAs.tobhe
2021-03-04Derive config netmask from address pool if not explicitly configured.tobhe
2021-02-20Fail on invalid address family.tobhe
2021-02-18Save one allocation by passing msg_nonce ownership instead of usingtobhe
2021-02-18Pass ownership instead of duplicating ibuf msg_ke.tobhe
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe
2021-02-11Explicitly unset IKED_REQ_CERTVALID before sending cert to ca process.tobhe
2021-02-10Delay deletion of IKE SAs on rekey when stickyaddress is enabled to maketobhe
2021-02-09Add optional 'group none' transform for child SAs and fix handling oftobhe
2021-02-04Rename 'struct group' to 'struct dh_group' for more clarity andtobhe
2021-02-04Upgrade to OpenSSL 1.1 compatible crypto API. Add additionaltobhe
2021-02-01Take flows into consideration for policy lookup as initiator.tobhe
2021-01-31Ignore addresses that are not 0/32 (dynamic) in ikev2_cp_fixaddr()tobhe
2021-01-31Don't leak flows if ikev2_cp_fixflow() fails.tobhe
2021-01-23Fix typos.tobhe
2021-01-21Handle NO_PROPOSAL_CHOSEN for CREATE_CHILD_SA.tobhe
2021-01-21Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SAtobhe
2021-01-20Make sure to enforce matching dstid as initiator. Use policy lookuptobhe
2021-01-18Sync SA configuration payload to new SA after IKE SA rekeying.tobhe
2020-12-27Fix "any" and "dynamic" keywords for flows and add proper IPv6 support.tobhe
2020-12-21Use policy_test() to reassign existing SAs to updated policies aftertobhe
2020-11-30We need to rekey every child SA (even if acquired): Otherwise we cantobhe
2020-11-29Add 'set stickyaddress' option. If this option is enabled, iked will trytobhe
2020-11-28Add support for multiple address pools. The parser already allowstobhe
2020-11-27Remove redundant state change. ikev2_ikesa_delete() sets the correct state.tobhe
2020-11-25Fix proposal error handling. If a proposal contains an unknown transformtobhe
2020-11-24Fix duplicate sa->sa_cp assignment.tobhe
2020-11-21Clean up NATT hack. Pass 'frompeer' as parameter instead of manipulatingtobhe
2020-11-17Remove redundant indirection via msg_parent. This is only needed intobhe
2020-11-16Reenable ikev2_init_auth() return value check. Make sure sa_stateok()tobhe
2020-11-16Backout ikev2_init_auth() return check to fix regression withtobhe
2020-11-14Make sure not to replace 0.0.0.0 with dynamic address if it is a a networktobhe
2020-11-13addr_net is already checked in ikev2_cp_setaddr() before sessingtobhe
2020-11-12Close SA if ikev2_init_auth() fails.tobhe
2020-11-12Fail if ikev2_init_ike_auth() is entered with invalid state.tobhe
2020-11-07Implement 'from dynamic', which installs flows where 'dynamic' is replacedtobhe
2020-11-06Set correct netmask on patched addresses for debug printing.tobhe
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 15:26:25 +0000