summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2017-03-27Add support to reflect the responder IKEv2 COOKIE.Reyk Floeter
2017-03-27Add support for RFC4754 (ECDSA) and RFC7427 authentication.Reyk Floeter
2017-03-23set ps_noaction to not fork uneeded children when checking config with -nJonathan Gray
2017-03-21From a syslog perspective it does not make sense to log fatal andAlexander Bluhm
2017-03-13Resolve simultaneous Child SA rekeyingMike Belopuhov
2017-03-13Resolve simultaneous IKE SA rekeyingMike Belopuhov
2017-03-13Make sure that proposal contains a DH group when rekeying with PFS enabledReyk Floeter
2017-03-13NAT-T improvementsReyk Floeter
2017-03-13Don't rekey acquired Child SAsMike Belopuhov
2017-03-13Clarify iked.conf(5) manpage in regards to IP compression.Patrick Wildt
2017-03-13When setting up IPcomp flows for the networks 'A' and 'B' betweenPatrick Wildt
2017-03-13When freeing a Child SA make sure it's peer no longer points to itMike Belopuhov
2017-03-13Fix and improve the IKE SA rekeying timeout, add a randomized jitter.Reyk Floeter
2017-03-13Improve reporting of authentication errorsMike Belopuhov
2017-03-13flow_cmp() must compare the same flow-attributes as the kernel,Patrick Wildt
2017-03-13We need to call policy_ref() for policies that have refcountingPatrick Wildt
2017-02-28Depending on the addresses, ipsecctl(8) automatically groups saAlexander Bluhm
2017-02-24In a scenario where a config reload happens during an IKE_AUTH exchange,Patrick Wildt
2017-02-03Stop assuming that in_{addr,port}_t are typedefed in <sys/types.h> andPhilip Guenther
2017-01-20Add a warning when the address pool is exhaustedMike Belopuhov
2017-01-20Constify the data argument for ibuf_newMike Belopuhov
2017-01-20Reset various pointers in ikev2_msg_cleanupMike Belopuhov
2017-01-20Make sure to free reference to the public key after decodingMike Belopuhov
2017-01-20Closed SAs should never be treated as validMike Belopuhov
2017-01-20Check bounds of the flows array when configuring traffic selectorsMike Belopuhov
2017-01-20Verify the certificate imsg payload sizeMike Belopuhov
2017-01-20Include only found SPIs into the PAYLOAD_DELETE messageMike Belopuhov
2017-01-20Minor formatting fixMike Belopuhov
2017-01-20New RFC7383 defineMike Belopuhov
2017-01-17Nuke some whitespace that keeps poking me in the eye as I try toKenneth R Westerback
2017-01-09Stop accessing verbose and debug variables from log.c directly.Reyk Floeter
2017-01-09Replace hand-rolled for(;;) traversal of ctl_conns TAILQ withKenneth R Westerback
2017-01-08Sync log.c with the latest version from vmd/log.c that preserves errnoReyk Floeter
2017-01-05Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQKenneth R Westerback
2017-01-04Remove modular exponential groups specified in RFC5114Mike Belopuhov
2017-01-03Fix pledge of the ca process by calling the right function on startup.Reyk Floeter
2016-11-28ikelifetime time spec is the same the one for lifetimeMike Belopuhov
2016-10-12copy updated log.c from vmd: for correctness, save errno when doingReyk Floeter
2016-09-26Pass the flags argument of recvfromto down to the underlying recvmsgJeremie Courreges-Anglas
2016-09-13Disable the timer event before attempting to change itMike Belopuhov
2016-09-04Forward IMSG_CTL_VERBOSE via the parent; this fixes a crash when doingReyk Floeter
2016-09-04Now that we have IP_SENDSRCADDR, add sendtofrom().Vincent Gross
2016-09-03Add the missing bits to have NAT on enc(4) support in iked.Vincent Gross
2016-08-06Unbreak PSK authentication, broken by previous.Pascal Stumpf
2016-07-20When parsing the configuration. initialize the auth structureReyk Floeter
2016-06-21do not allow whitespace in macro names, i.e. "this is" = "a variable".Sebastian Benoit
2016-06-02Use the last 32-bits of the IPv6 address to dynamically assignPatrick Wildt
2016-06-01Implement a second address pool specifically for IPv6, so thatPatrick Wildt
2016-06-01ikev2_cp_fixaddr() is called to replace unspecified (e.g. 0.0.0.0)Patrick Wildt
2016-03-07http -> https for IETF/IANA URLs in commentsmmcc