summaryrefslogtreecommitdiff
path: root/sbin/iked/ikev2.c
AgeCommit message (Expand)Author
2022-07-22Include an OpenIKED Vendor ID payload in the initial handshake. This willTobias Heider
2022-07-08Support sending certificate chains with intermediate CAs in multiple CERTTobias Heider
2022-07-04Fix error in the comparison of the Child SA nonces to decide whichTobias Heider
2022-05-28Since 'sa' can be freed inside the loop, RB_FOREACH_SAFE is required.Gerhard Roth
2022-03-14Improve retransmission of message fragments. RFC 7383 states that loss ofTobias Heider
2022-02-13SKEEYSEED -> SKEYSEEDmbuhl
2021-12-09Properly enable NAT-T without udpencap if mobike was negotiated without NAT.Tobias Heider
2021-12-09Move switch to NAT-T port and udpencap activation to ikev2_enable_natt().Tobias Heider
2021-12-06Logging received addresses and DNS configuration only makes sense forTobias Heider
2021-12-04Send out dstid as initiator if configured. This makes it easier forTobias Heider
2021-12-01whitespace cleanup during review readTheo de Raadt
2021-11-30whitespaceTobias Heider
2021-11-29sys/param.h was included for MAX(), MIN() and roundup(). make localTheo de Raadt
2021-11-27Rename msg_id to msg_peerid now that we also have msg_localid.Tobias Heider
2021-11-26Fix ikev2_child_sa_rekey() warnings. The SPI can't be printed without aTobias Heider
2021-11-24Pass env to pfkey API. Consistently call pfkey file descriptor fd.Tobias Heider
2021-11-23Add logging for rekey failures.Tobias Heider
2021-11-22MOBIKE is RFC 4555.Tobias Heider
2021-11-16Zero all copies of pre-shared key.Tobias Heider
2021-11-15styleTobias Heider
2021-11-10Look for INVALID_KE group from IKE_SA_INIT in IKE transforms,Tobias Heider
2021-10-12Change responder to prefer DH group from KE payload.Tobias Heider
2021-10-12Make sure all copies of MSCHAPv2 passphrase are zeroed after use.Tobias Heider
2021-09-07Fix leak of msg_cert.id_buf. ikev2_msg_cleanup() frees id_buf if weTobias Heider
2021-09-01Add client side support for DNS configuration. Use RTM_PROPOSAL_STATICTobias Heider
2021-06-29Send AUTHENTICATION_FAILED in case of unexpected auth method or authtobhe
2021-06-17Skip flows in ikev2_cp_addr() if they don't contain a dynamic (0.0.0.0)tobhe
2021-06-11Revert previous change in ikev2_cp_fixaddr().tobhe
2021-05-31Don't fail hard in ikev2_cp_fixaddr() if no address pool is found.tobhe
2021-05-31Prevent address underflow with /32 config address prefix.tobhe
2021-05-13Refactor iked process shutdown and cleanup. Remember configuredtobhe
2021-03-23Don't send DELETE notify if IKE SA is replaced because oftobhe
2021-03-15Ignore msg_ke in CREATE_CHILD_SA if DH negotiation results in grouptobhe
2021-03-14Log errors with log level info and SPI.tobhe
2021-03-09Also log transforms on IKE SA rekey.tobhe
2021-03-07Log ESN for child SAs if enabled.tobhe
2021-03-06whitespacetobhe
2021-03-05Print PFS group for rekeyed Child SAs.tobhe
2021-03-05Log transforms of established IKE and Child SAs.tobhe
2021-03-04Derive config netmask from address pool if not explicitly configured.tobhe
2021-02-20Fail on invalid address family.tobhe
2021-02-18Save one allocation by passing msg_nonce ownership instead of usingtobhe
2021-02-18Pass ownership instead of duplicating ibuf msg_ke.tobhe
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe
2021-02-11Explicitly unset IKED_REQ_CERTVALID before sending cert to ca process.tobhe
2021-02-10Delay deletion of IKE SAs on rekey when stickyaddress is enabled to maketobhe
2021-02-09Add optional 'group none' transform for child SAs and fix handling oftobhe
2021-02-04Rename 'struct group' to 'struct dh_group' for more clarity andtobhe
2021-02-04Upgrade to OpenSSL 1.1 compatible crypto API. Add additionaltobhe
2021-02-01Take flows into consideration for policy lookup as initiator.tobhe
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 12:13:35 +0000