Age | Commit message (Expand) | Author |
2017-03-27 | Add support to reflect the responder IKEv2 COOKIE. | Reyk Floeter |
2017-03-27 | Add support for RFC4754 (ECDSA) and RFC7427 authentication. | Reyk Floeter |
2017-03-23 | set ps_noaction to not fork uneeded children when checking config with -n | Jonathan Gray |
2017-03-21 | From a syslog perspective it does not make sense to log fatal and | Alexander Bluhm |
2017-03-13 | Resolve simultaneous Child SA rekeying | Mike Belopuhov |
2017-03-13 | Resolve simultaneous IKE SA rekeying | Mike Belopuhov |
2017-03-13 | Make sure that proposal contains a DH group when rekeying with PFS enabled | Reyk Floeter |
2017-03-13 | NAT-T improvements | Reyk Floeter |
2017-03-13 | Don't rekey acquired Child SAs | Mike Belopuhov |
2017-03-13 | Clarify iked.conf(5) manpage in regards to IP compression. | Patrick Wildt |
2017-03-13 | When setting up IPcomp flows for the networks 'A' and 'B' between | Patrick Wildt |
2017-03-13 | When freeing a Child SA make sure it's peer no longer points to it | Mike Belopuhov |
2017-03-13 | Fix and improve the IKE SA rekeying timeout, add a randomized jitter. | Reyk Floeter |
2017-03-13 | Improve reporting of authentication errors | Mike Belopuhov |
2017-03-13 | flow_cmp() must compare the same flow-attributes as the kernel, | Patrick Wildt |
2017-03-13 | We need to call policy_ref() for policies that have refcounting | Patrick Wildt |
2017-02-28 | Depending on the addresses, ipsecctl(8) automatically groups sa | Alexander Bluhm |
2017-02-24 | In a scenario where a config reload happens during an IKE_AUTH exchange, | Patrick Wildt |
2017-02-03 | Stop assuming that in_{addr,port}_t are typedefed in <sys/types.h> and | Philip Guenther |
2017-01-20 | Add a warning when the address pool is exhausted | Mike Belopuhov |
2017-01-20 | Constify the data argument for ibuf_new | Mike Belopuhov |
2017-01-20 | Reset various pointers in ikev2_msg_cleanup | Mike Belopuhov |
2017-01-20 | Make sure to free reference to the public key after decoding | Mike Belopuhov |
2017-01-20 | Closed SAs should never be treated as valid | Mike Belopuhov |
2017-01-20 | Check bounds of the flows array when configuring traffic selectors | Mike Belopuhov |
2017-01-20 | Verify the certificate imsg payload size | Mike Belopuhov |
2017-01-20 | Include only found SPIs into the PAYLOAD_DELETE message | Mike Belopuhov |
2017-01-20 | Minor formatting fix | Mike Belopuhov |
2017-01-20 | New RFC7383 define | Mike Belopuhov |
2017-01-17 | Nuke some whitespace that keeps poking me in the eye as I try to | Kenneth R Westerback |
2017-01-09 | Stop accessing verbose and debug variables from log.c directly. | Reyk Floeter |
2017-01-09 | Replace hand-rolled for(;;) traversal of ctl_conns TAILQ with | Kenneth R Westerback |
2017-01-08 | Sync log.c with the latest version from vmd/log.c that preserves errno | Reyk Floeter |
2017-01-05 | Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ | Kenneth R Westerback |
2017-01-04 | Remove modular exponential groups specified in RFC5114 | Mike Belopuhov |
2017-01-03 | Fix pledge of the ca process by calling the right function on startup. | Reyk Floeter |
2016-11-28 | ikelifetime time spec is the same the one for lifetime | Mike Belopuhov |
2016-10-12 | copy updated log.c from vmd: for correctness, save errno when doing | Reyk Floeter |
2016-09-26 | Pass the flags argument of recvfromto down to the underlying recvmsg | Jeremie Courreges-Anglas |
2016-09-13 | Disable the timer event before attempting to change it | Mike Belopuhov |
2016-09-04 | Forward IMSG_CTL_VERBOSE via the parent; this fixes a crash when doing | Reyk Floeter |
2016-09-04 | Now that we have IP_SENDSRCADDR, add sendtofrom(). | Vincent Gross |
2016-09-03 | Add the missing bits to have NAT on enc(4) support in iked. | Vincent Gross |
2016-08-06 | Unbreak PSK authentication, broken by previous. | Pascal Stumpf |
2016-07-20 | When parsing the configuration. initialize the auth structure | Reyk Floeter |
2016-06-21 | do not allow whitespace in macro names, i.e. "this is" = "a variable". | Sebastian Benoit |
2016-06-02 | Use the last 32-bits of the IPv6 address to dynamically assign | Patrick Wildt |
2016-06-01 | Implement a second address pool specifically for IPv6, so that | Patrick Wildt |
2016-06-01 | ikev2_cp_fixaddr() is called to replace unspecified (e.g. 0.0.0.0) | Patrick Wildt |
2016-03-07 | http -> https for IETF/IANA URLs in comments | mmcc |