summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2020-03-01When the proposals are first matched the responder doestobhe
2020-02-21Add transport mode for child SAs. This is useful for GRE over IPsec andtobhe
2020-02-16Quote variables in pf tag stringskn
2020-02-14Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit()tobhe
2020-02-13Constify "buf" argument in print_hex and print_hexval.tobhe
2020-02-10briefly mention /etc/examples/ in the FILES section of all theIngo Schwarze
2020-01-22delete wasteful ;;Theo de Raadt
2020-01-21use an underscore for -p's argument, rather than hyphen: matches SYNOPSISJason McIntyre
2020-01-16Add '-p' command line option which allows to configuretobhe
2020-01-15Support multiple x509 extensions and extensions with multipletobhe
2020-01-15s/deprecated/ignored/ in the warning message if -6 is used; the optionStuart Henderson
2020-01-15If we don't find a certificate signed by a trusted CAtobhe
2020-01-14Remove IPsec flow blocking unencrypted IPv6 traffic which wastobhe
2020-01-08Unify duplicate NOTIFY payload construction code in ikev2_add_notify andtobhe
2020-01-07Link ESP-SA and IPcomp-SA using GRPSPIS instead of using a self-builttobhe
2019-12-28Refactor child SA cleanup.tobhe
2019-12-10We can receive a delete and free an SA that is referenced in sa_nextr.tobhe
2019-12-03Correctly represent flows as traffic selectors as described in RFC 7296. Thistobhe
2019-12-01Explain how ipcomp can be enabled.tobhe
2019-11-30The message sent in config_setmode starts the handshake in the ikev2 processtobhe
2019-11-30Log loaded SPIs and flows.tobhe
2019-11-29Change the default security level for incoming IPsec flows fromtobhe
2019-11-28Merge host_v{4,6}() into host_ip(), simplify host()kn
2019-11-28Introduce copy_sockaddrtoipa() and set_ipmask() bits from pfctlkn
2019-11-28Move Notify and Certreq payload handlers after the parser. Modify SA statetobhe
2019-11-18Enable ESP UDP-encapsulation with '-t' flag.tobhe
2019-11-15IKEv2 message fragments of the same message have the same msg_id. Whentobhe
2019-11-15Fix error handling in ikev2_msg_send.tobhe
2019-11-13Log reason whenever a child SA is freed. This makes it easier totobhe
2019-11-12fix a formatting warning;Jason McIntyre
2019-11-12Add configuration options to explicitly specify ESN support for child SAs.tobhe
2019-11-11Cleanup message retransmission handling with new helper functions.tobhe
2019-09-26Use SPI_SA() instead of __func__ in all logging calls. Use log_infotobhe
2019-09-26Fix leaks by cleaning up after configuration parser.tobhe
2019-08-29Remove redundant ikev2_msg_valid_ike_sa() call.tobhe
2019-08-26Fix file descriptor leak in config parser. Inspired by bgpd parse.y.tobhe
2019-08-24Clarify "protected-subnet" option.tobhe
2019-08-24Fix conflict when IKE SA and Child SA rekeying happen at the same time.tobhe
2019-08-16Add explanation for the [IKE/ESP only] column of the transform table.tobhe
2019-08-16Fix segfault in parser when specifying an invalid transform.tobhe
2019-08-14Fix NAT traversal detection bug when "local" option is not explicitlytobhe
2019-08-12Prepend SPI to send and recv log messages to see which line belongs totobhe
2019-07-03snprintf/vsnprintf return < 0 on error, rather than -1.Theo de Raadt
2019-06-28When system calls indicate an error they return -1, not some arbitraryTheo de Raadt
2019-05-11Add support for IKEv2 Message Fragmentation as defined in RFC 7383.Patrick Wildt
2019-05-10Set the IKED_REQ_INFORMATIONAL flag when sending a delete requestPatrick Wildt
2019-05-10Enforce messages after IKE_SA_INIT exchange to contain onlyPatrick Wildt
2019-04-02When curve25519 was added to iked, it was based on the internet-draft andStuart Henderson
2019-02-27update RFC references, from tobias_heider at genua.de, ok claudio@Stuart Henderson
2019-02-26Fix sending IKEV2_CFG_INTERNAL_IP6_DNS, IKEV2_CFG_INTERNAL_IP6_NBNS,Patrick Wildt
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-05 00:22:56 +0000