| Age | Commit message (Expand) | Author |
|---|
| 2019-11-18 | Enable ESP UDP-encapsulation with '-t' flag. | tobhe |
| 2019-11-15 | IKEv2 message fragments of the same message have the same msg_id. When | tobhe |
| 2019-11-13 | Log reason whenever a child SA is freed. This makes it easier to | tobhe |
| 2019-11-11 | Cleanup message retransmission handling with new helper functions. | tobhe |
| 2019-09-26 | Use SPI_SA() instead of __func__ in all logging calls. Use log_info | tobhe |
| 2019-08-29 | Remove redundant ikev2_msg_valid_ike_sa() call. | tobhe |
| 2019-08-24 | Fix conflict when IKE SA and Child SA rekeying happen at the same time. | tobhe |
| 2019-08-14 | Fix NAT traversal detection bug when "local" option is not explicitly | tobhe |
| 2019-08-12 | Prepend SPI to send and recv log messages to see which line belongs to | tobhe |
| 2019-05-11 | Add support for IKEv2 Message Fragmentation as defined in RFC 7383. | Patrick Wildt |
| 2019-05-10 | Set the IKED_REQ_INFORMATIONAL flag when sending a delete request | Patrick Wildt |
| 2019-05-10 | Enforce messages after IKE_SA_INIT exchange to contain only | Patrick Wildt |
| 2019-02-27 | update RFC references, from tobias_heider at genua.de, ok claudio@ | Stuart Henderson |
| 2019-02-26 | Fix sending IKEV2_CFG_INTERNAL_IP6_DNS, IKEV2_CFG_INTERNAL_IP6_NBNS, | Patrick Wildt |
| 2018-03-05 | Outsource enabling/disabling the DPD and keepalive timers for SAs into | Patrick Wildt |
| 2017-12-23 | Since ikev2_init_recv() is supposed to only handle responses to an | Patrick Wildt |
| 2017-12-05 | When sending out a proposal we create an SA/SPI for the Child SAs if we | Patrick Wildt |
| 2017-12-04 | Initialize variable, otherwise the pointer might contain stack garbage. | Patrick Wildt |
| 2017-12-03 | If we wanted to send out more proposals than just one, we need to set a | Patrick Wildt |
| 2017-12-03 | The RFC specifies that to accept a proposal, we must select a transform | Patrick Wildt |
| 2017-12-01 | Turns out that, as specified in the RFC, the initial Child SA does not | Patrick Wildt |
| 2017-11-30 | Add support for rejecting IKE SA messages. This means that we can reply | Patrick Wildt |
| 2017-11-27 | Implement MOBIKE (RFC 4555) support in iked(8), with us acting as | Patrick Wildt |
| 2017-11-08 | For IPcomp we need to load explicit ESP-flows for the IPIP or IPCOMP | Patrick Wildt |
| 2017-10-27 | In the final RFC 5903 the computation for the DH shared secret changed. | Patrick Wildt |
| 2017-06-01 | Expand $eapid in iked tags, allowing PF rules to be written based on EAP | Stuart Henderson |
| 2017-04-26 | cope with IP address changes. before, we were trying to resend the msg | Henning Brauer |
| 2017-04-13 | Add a NAT-T keepalive timer in case we are behind a NAT gateway. | Patrick Wildt |
| 2017-03-30 | Only close the SA if an error happens before ikev2_msg_init() was called | Patrick Wildt |
| 2017-03-28 | Don't send informational responses before we're having the key material. | Reyk Floeter |
| 2017-03-28 | Returning -1 in an imsg handler like ikev2_dispatch_cert aborts iked. | Reyk Floeter |
| 2017-03-27 | Don't cache the DH group in the policy | Mike Belopuhov |
| 2017-03-27 | Factor out flows into separate configuration messages | Mike Belopuhov |
| 2017-03-27 | spacing | Reyk Floeter |
| 2017-03-27 | Fix another iked leak of SAs in pfkey_sa(), copy tags correctly. | Reyk Floeter |
| 2017-03-27 | Add support to reflect the responder IKEv2 COOKIE. | Reyk Floeter |
| 2017-03-27 | Add support for RFC4754 (ECDSA) and RFC7427 authentication. | Reyk Floeter |
| 2017-03-13 | Resolve simultaneous Child SA rekeying | Mike Belopuhov |
| 2017-03-13 | Resolve simultaneous IKE SA rekeying | Mike Belopuhov |
| 2017-03-13 | Make sure that proposal contains a DH group when rekeying with PFS enabled | Reyk Floeter |
| 2017-03-13 | NAT-T improvements | Reyk Floeter |
| 2017-03-13 | Don't rekey acquired Child SAs | Mike Belopuhov |
| 2017-03-13 | When setting up IPcomp flows for the networks 'A' and 'B' between | Patrick Wildt |
| 2017-03-13 | Fix and improve the IKE SA rekeying timeout, add a randomized jitter. | Reyk Floeter |
| 2017-03-13 | Improve reporting of authentication errors | Mike Belopuhov |
| 2017-03-13 | flow_cmp() must compare the same flow-attributes as the kernel, | Patrick Wildt |
| 2017-02-24 | In a scenario where a config reload happens during an IKE_AUTH exchange, | Patrick Wildt |
| 2017-01-20 | Add a warning when the address pool is exhausted | Mike Belopuhov |
| 2017-01-20 | Verify the certificate imsg payload size | Mike Belopuhov |
| 2016-06-02 | Use the last 32-bits of the IPv6 address to dynamically assign | Patrick Wildt |
