Age | Commit message (Expand) | Author |
2012-11-29 | use Nm instead of Xr to self; | Jason McIntyre |
2012-11-29 | Prevent VPN traffic leakages in dual-stack hosts/networks. | Reyk Floeter |
2012-11-16 | promote some debug messages to warnings; ok reyk | Mike Belopuhov |
2012-10-25 | Include the license and copyright notice in the generated files. | Reyk Floeter |
2012-10-25 | Move the arrays of default IKE and ESP transforms into parse.y instead | Reyk Floeter |
2012-10-23 | Change the order of variables just to shrink the diff to the (not yet | Reyk Floeter |
2012-10-23 | Allow to overwrite a few more definitions like file paths from the | Reyk Floeter |
2012-10-23 | Add a cast for input to inet_pton() to silence a possible but harmless | Reyk Floeter |
2012-10-22 | tweak previous; | Jason McIntyre |
2012-10-22 | Fix NAT-T support in iked, both on the initiator and the responder | Reyk Floeter |
2012-10-11 | The RSA public keys will be found in a subdirectory of /etc/iked/ | Reyk Floeter |
2012-10-09 | "If srcid is omitted, the default is to use the hostname of the local | Reyk Floeter |
2012-09-25 | Correct DPADD to not list libssl which is not used by iked. | Brad Smith |
2012-09-22 | last stage of rfc changes, using consistent Rs/Re blocks, and moving the | Jason McIntyre |
2012-09-18 | update email addresses to match reality. | Reyk Floeter |
2012-07-08 | if you use nitems() in userland, you must define it yourself | Theo de Raadt |
2012-07-05 | when rekeying ike sa copy more info from the old one; | Mike Belopuhov |
2012-07-03 | Improve the key derivation function to produce correct keying material | Mike Belopuhov |
2012-07-02 | checking state flags make sense only when processing a response | Mike Belopuhov |
2012-07-02 | augment every sa_free call with a debugging log message | Mike Belopuhov |
2012-07-02 | Don't close IKE SA immediately after creating a new one when rekeying. | Mike Belopuhov |
2012-07-02 | a state machine is not worth the trouble when you've got a flag. doh! | Mike Belopuhov |
2012-06-30 | enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESP | Christian Weisgerber |
2012-06-29 | Add missing ESN bits | Mike Belopuhov |
2012-06-27 | leftover code re-enqueued the same item on the list multiple times | Mike Belopuhov |
2012-06-27 | prevent an endless loop | Mike Belopuhov |
2012-06-26 | improve ikev2_msg_retransmit_timeout | Mike Belopuhov |
2012-06-26 | close SA when IKE_SA_INIT or IKE_AUTH exchanges fail; | Mike Belopuhov |
2012-06-26 | compare exchange types as well when looking up a message; | Mike Belopuhov |
2012-06-22 | Add initial support for retransmition timeouts and response retries. | Mike Belopuhov |
2012-06-22 | decouple timer initialization from timer_register | Mike Belopuhov |
2012-06-04 | Rounding up a number of bytes in a bignum returned by the BN_num_bytes() | Mike Belopuhov |
2012-05-30 | more timer changes | Mike Belopuhov |
2012-05-30 | when changing peer's address in the SA, remove the old entry from the | Mike Belopuhov |
2012-05-30 | pass a file descriptor in the msg_fd instead of a function argument | Mike Belopuhov |
2012-05-29 | improve timer framework; will be needed soon | Mike Belopuhov |
2012-05-24 | don't increment the next expected message id when sending a response back. | Mike Belopuhov |
2012-05-23 | fixup from/to specification | Mike Belopuhov |
2012-05-23 | remove hardcoded values for esp and let ikev2_add_proposals decide | Mike Belopuhov |
2012-05-23 | factor out proposal matching code from ikev2_sa_negotiate and eliminate | Mike Belopuhov |
2012-05-08 | When setting up NAT-T notify payloads, make sure to supply an | Mike Belopuhov |
2012-05-08 | rename espxforms to ipsecxforms for clarity | Mike Belopuhov |
2012-05-07 | fixup formatting in the generated files | Mike Belopuhov |
2012-05-07 | Sync up several defines with RFC 5996. IANA has changed the existing | Mike Belopuhov |
2012-04-24 | take a stab at documenting when arguments need quoted, and valid macro | Jason McIntyre |
2012-04-18 | undo an error introduced by myself in previous; | Jason McIntyre |
2012-04-05 | rate-limit accepting of new connections while we are experiencing | Theo de Raadt |
2012-03-24 | fix some leaks | Jonathan Gray |
2011-09-03 | make -column lists pretty again; | Jason McIntyre |
2011-08-27 | Under certain circumstances iked can be tricked to bypass a signature | Mike Belopuhov |