summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2012-11-29use Nm instead of Xr to self;Jason McIntyre
2012-11-29Prevent VPN traffic leakages in dual-stack hosts/networks.Reyk Floeter
2012-11-16promote some debug messages to warnings; ok reykMike Belopuhov
2012-10-25Include the license and copyright notice in the generated files.Reyk Floeter
2012-10-25Move the arrays of default IKE and ESP transforms into parse.y insteadReyk Floeter
2012-10-23Change the order of variables just to shrink the diff to the (not yetReyk Floeter
2012-10-23Allow to overwrite a few more definitions like file paths from theReyk Floeter
2012-10-23Add a cast for input to inet_pton() to silence a possible but harmlessReyk Floeter
2012-10-22tweak previous;Jason McIntyre
2012-10-22Fix NAT-T support in iked, both on the initiator and the responderReyk Floeter
2012-10-11The RSA public keys will be found in a subdirectory of /etc/iked/Reyk Floeter
2012-10-09"If srcid is omitted, the default is to use the hostname of the localReyk Floeter
2012-09-25Correct DPADD to not list libssl which is not used by iked.Brad Smith
2012-09-22last stage of rfc changes, using consistent Rs/Re blocks, and moving theJason McIntyre
2012-09-18update email addresses to match reality.Reyk Floeter
2012-07-08if you use nitems() in userland, you must define it yourselfTheo de Raadt
2012-07-05when rekeying ike sa copy more info from the old one;Mike Belopuhov
2012-07-03Improve the key derivation function to produce correct keying materialMike Belopuhov
2012-07-02checking state flags make sense only when processing a responseMike Belopuhov
2012-07-02augment every sa_free call with a debugging log messageMike Belopuhov
2012-07-02Don't close IKE SA immediately after creating a new one when rekeying.Mike Belopuhov
2012-07-02a state machine is not worth the trouble when you've got a flag. doh!Mike Belopuhov
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-06-29Add missing ESN bitsMike Belopuhov
2012-06-27leftover code re-enqueued the same item on the list multiple timesMike Belopuhov
2012-06-27prevent an endless loopMike Belopuhov
2012-06-26improve ikev2_msg_retransmit_timeoutMike Belopuhov
2012-06-26close SA when IKE_SA_INIT or IKE_AUTH exchanges fail;Mike Belopuhov
2012-06-26compare exchange types as well when looking up a message;Mike Belopuhov
2012-06-22Add initial support for retransmition timeouts and response retries.Mike Belopuhov
2012-06-22decouple timer initialization from timer_registerMike Belopuhov
2012-06-04Rounding up a number of bytes in a bignum returned by the BN_num_bytes()Mike Belopuhov
2012-05-30more timer changesMike Belopuhov
2012-05-30when changing peer's address in the SA, remove the old entry from theMike Belopuhov
2012-05-30pass a file descriptor in the msg_fd instead of a function argumentMike Belopuhov
2012-05-29improve timer framework; will be needed soonMike Belopuhov
2012-05-24don't increment the next expected message id when sending a response back.Mike Belopuhov
2012-05-23fixup from/to specificationMike Belopuhov
2012-05-23remove hardcoded values for esp and let ikev2_add_proposals decideMike Belopuhov
2012-05-23factor out proposal matching code from ikev2_sa_negotiate and eliminateMike Belopuhov
2012-05-08When setting up NAT-T notify payloads, make sure to supply anMike Belopuhov
2012-05-08rename espxforms to ipsecxforms for clarityMike Belopuhov
2012-05-07fixup formatting in the generated filesMike Belopuhov
2012-05-07Sync up several defines with RFC 5996. IANA has changed the existingMike Belopuhov
2012-04-24take a stab at documenting when arguments need quoted, and valid macroJason McIntyre
2012-04-18undo an error introduced by myself in previous;Jason McIntyre
2012-04-05rate-limit accepting of new connections while we are experiencingTheo de Raadt
2012-03-24fix some leaksJonathan Gray
2011-09-03make -column lists pretty again;Jason McIntyre
2011-08-27Under certain circumstances iked can be tricked to bypass a signatureMike Belopuhov