summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2017-04-26cope with IP address changes. before, we were trying to resend the msgHenning Brauer
2017-04-24Fix configuration of ASN1_DN IDs.Reyk Floeter
2017-04-18use freezero()Theo de Raadt
2017-04-13Add a NAT-T keepalive timer in case we are behind a NAT gateway.Patrick Wildt
2017-03-30Only close the SA if an error happens before ikev2_msg_init() was calledPatrick Wildt
2017-03-28Add helpful debug messages to tell us why public key authentication failed.Reyk Floeter
2017-03-28Remove RSA from the list of keywords, lookup is now done in a table.Reyk Floeter
2017-03-28Don't send informational responses before we're having the key material.Reyk Floeter
2017-03-28Returning -1 in an imsg handler like ikev2_dispatch_cert aborts iked.Reyk Floeter
2017-03-27Don't cache the DH group in the policyMike Belopuhov
2017-03-27correct verb pattern;Jason McIntyre
2017-03-27Factor out flows into separate configuration messagesMike Belopuhov
2017-03-27spacingReyk Floeter
2017-03-27Fix another iked leak of SAs in pfkey_sa(), copy tags correctly.Reyk Floeter
2017-03-27Add support to reflect the responder IKEv2 COOKIE.Reyk Floeter
2017-03-27Add support for RFC4754 (ECDSA) and RFC7427 authentication.Reyk Floeter
2017-03-23set ps_noaction to not fork uneeded children when checking config with -nJonathan Gray
2017-03-21From a syslog perspective it does not make sense to log fatal andAlexander Bluhm
2017-03-13Resolve simultaneous Child SA rekeyingMike Belopuhov
2017-03-13Resolve simultaneous IKE SA rekeyingMike Belopuhov
2017-03-13Make sure that proposal contains a DH group when rekeying with PFS enabledReyk Floeter
2017-03-13NAT-T improvementsReyk Floeter
2017-03-13Don't rekey acquired Child SAsMike Belopuhov
2017-03-13Clarify iked.conf(5) manpage in regards to IP compression.Patrick Wildt
2017-03-13When setting up IPcomp flows for the networks 'A' and 'B' betweenPatrick Wildt
2017-03-13When freeing a Child SA make sure it's peer no longer points to itMike Belopuhov
2017-03-13Fix and improve the IKE SA rekeying timeout, add a randomized jitter.Reyk Floeter
2017-03-13Improve reporting of authentication errorsMike Belopuhov
2017-03-13flow_cmp() must compare the same flow-attributes as the kernel,Patrick Wildt
2017-03-13We need to call policy_ref() for policies that have refcountingPatrick Wildt
2017-02-28Depending on the addresses, ipsecctl(8) automatically groups saAlexander Bluhm
2017-02-24In a scenario where a config reload happens during an IKE_AUTH exchange,Patrick Wildt
2017-02-03Stop assuming that in_{addr,port}_t are typedefed in <sys/types.h> andPhilip Guenther
2017-01-20Add a warning when the address pool is exhaustedMike Belopuhov
2017-01-20Constify the data argument for ibuf_newMike Belopuhov
2017-01-20Reset various pointers in ikev2_msg_cleanupMike Belopuhov
2017-01-20Make sure to free reference to the public key after decodingMike Belopuhov
2017-01-20Closed SAs should never be treated as validMike Belopuhov
2017-01-20Check bounds of the flows array when configuring traffic selectorsMike Belopuhov
2017-01-20Verify the certificate imsg payload sizeMike Belopuhov
2017-01-20Include only found SPIs into the PAYLOAD_DELETE messageMike Belopuhov
2017-01-20Minor formatting fixMike Belopuhov
2017-01-20New RFC7383 defineMike Belopuhov
2017-01-17Nuke some whitespace that keeps poking me in the eye as I try toKenneth R Westerback
2017-01-09Stop accessing verbose and debug variables from log.c directly.Reyk Floeter
2017-01-09Replace hand-rolled for(;;) traversal of ctl_conns TAILQ withKenneth R Westerback
2017-01-08Sync log.c with the latest version from vmd/log.c that preserves errnoReyk Floeter
2017-01-05Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQKenneth R Westerback
2017-01-04Remove modular exponential groups specified in RFC5114Mike Belopuhov
2017-01-03Fix pledge of the ca process by calling the right function on startup.Reyk Floeter