| Age | Commit message (Expand) | Author |
|---|
| 2019-08-29 | Remove redundant ikev2_msg_valid_ike_sa() call. | tobhe |
| 2019-08-24 | Fix conflict when IKE SA and Child SA rekeying happen at the same time. | tobhe |
| 2019-08-14 | Fix NAT traversal detection bug when "local" option is not explicitly | tobhe |
| 2019-08-12 | Prepend SPI to send and recv log messages to see which line belongs to | tobhe |
| 2019-05-11 | Add support for IKEv2 Message Fragmentation as defined in RFC 7383. | Patrick Wildt |
| 2019-05-10 | Set the IKED_REQ_INFORMATIONAL flag when sending a delete request | Patrick Wildt |
| 2019-05-10 | Enforce messages after IKE_SA_INIT exchange to contain only | Patrick Wildt |
| 2019-02-27 | update RFC references, from tobias_heider at genua.de, ok claudio@ | Stuart Henderson |
| 2019-02-26 | Fix sending IKEV2_CFG_INTERNAL_IP6_DNS, IKEV2_CFG_INTERNAL_IP6_NBNS, | Patrick Wildt |
| 2018-03-05 | Outsource enabling/disabling the DPD and keepalive timers for SAs into | Patrick Wildt |
| 2017-12-23 | Since ikev2_init_recv() is supposed to only handle responses to an | Patrick Wildt |
| 2017-12-05 | When sending out a proposal we create an SA/SPI for the Child SAs if we | Patrick Wildt |
| 2017-12-04 | Initialize variable, otherwise the pointer might contain stack garbage. | Patrick Wildt |
| 2017-12-03 | If we wanted to send out more proposals than just one, we need to set a | Patrick Wildt |
| 2017-12-03 | The RFC specifies that to accept a proposal, we must select a transform | Patrick Wildt |
| 2017-12-01 | Turns out that, as specified in the RFC, the initial Child SA does not | Patrick Wildt |
| 2017-11-30 | Add support for rejecting IKE SA messages. This means that we can reply | Patrick Wildt |
| 2017-11-27 | Implement MOBIKE (RFC 4555) support in iked(8), with us acting as | Patrick Wildt |
| 2017-11-08 | For IPcomp we need to load explicit ESP-flows for the IPIP or IPCOMP | Patrick Wildt |
| 2017-10-27 | In the final RFC 5903 the computation for the DH shared secret changed. | Patrick Wildt |
| 2017-06-01 | Expand $eapid in iked tags, allowing PF rules to be written based on EAP | Stuart Henderson |
| 2017-04-26 | cope with IP address changes. before, we were trying to resend the msg | Henning Brauer |
| 2017-04-13 | Add a NAT-T keepalive timer in case we are behind a NAT gateway. | Patrick Wildt |
| 2017-03-30 | Only close the SA if an error happens before ikev2_msg_init() was called | Patrick Wildt |
| 2017-03-28 | Don't send informational responses before we're having the key material. | Reyk Floeter |
| 2017-03-28 | Returning -1 in an imsg handler like ikev2_dispatch_cert aborts iked. | Reyk Floeter |
| 2017-03-27 | Don't cache the DH group in the policy | Mike Belopuhov |
| 2017-03-27 | Factor out flows into separate configuration messages | Mike Belopuhov |
| 2017-03-27 | spacing | Reyk Floeter |
| 2017-03-27 | Fix another iked leak of SAs in pfkey_sa(), copy tags correctly. | Reyk Floeter |
| 2017-03-27 | Add support to reflect the responder IKEv2 COOKIE. | Reyk Floeter |
| 2017-03-27 | Add support for RFC4754 (ECDSA) and RFC7427 authentication. | Reyk Floeter |
| 2017-03-13 | Resolve simultaneous Child SA rekeying | Mike Belopuhov |
| 2017-03-13 | Resolve simultaneous IKE SA rekeying | Mike Belopuhov |
| 2017-03-13 | Make sure that proposal contains a DH group when rekeying with PFS enabled | Reyk Floeter |
| 2017-03-13 | NAT-T improvements | Reyk Floeter |
| 2017-03-13 | Don't rekey acquired Child SAs | Mike Belopuhov |
| 2017-03-13 | When setting up IPcomp flows for the networks 'A' and 'B' between | Patrick Wildt |
| 2017-03-13 | Fix and improve the IKE SA rekeying timeout, add a randomized jitter. | Reyk Floeter |
| 2017-03-13 | Improve reporting of authentication errors | Mike Belopuhov |
| 2017-03-13 | flow_cmp() must compare the same flow-attributes as the kernel, | Patrick Wildt |
| 2017-02-24 | In a scenario where a config reload happens during an IKE_AUTH exchange, | Patrick Wildt |
| 2017-01-20 | Add a warning when the address pool is exhausted | Mike Belopuhov |
| 2017-01-20 | Verify the certificate imsg payload size | Mike Belopuhov |
| 2016-06-02 | Use the last 32-bits of the IPv6 address to dynamically assign | Patrick Wildt |
| 2016-06-01 | Implement a second address pool specifically for IPv6, so that | Patrick Wildt |
| 2016-06-01 | ikev2_cp_fixaddr() is called to replace unspecified (e.g. 0.0.0.0) | Patrick Wildt |
| 2015-10-22 | iked hereby pledges that it will run with restricted system | Reyk Floeter |
| 2015-10-19 | Remove the ikev1 stub - Since I started iked, it has an empty privsep | Reyk Floeter |
| 2015-10-15 | Remove some unnecessary NULL-checks before free(). Change two bzero() | mmcc |
