summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ike.c
AgeCommit message (Expand)Author
2023-08-07add support route based ipsec vpn negotiation with sec(4) via isakmpd.David Gwynne
2022-06-25Use in_addr for AF_INET.mbuhl
2017-10-27Support DH groups 19 to 21 and 25 to 30, just like iked(8) does.Martin Pieuchot
2015-12-09Remove plain DES encryption from IPsec.Christian Weisgerber
2015-05-25bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@Christian Weisgerber
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2013-08-25the comment that comma characters cannot be used in transformMike Belopuhov
2012-09-17unbreak the last commit by making sure that the transform nameMarkus Friedl
2012-09-15Encode the transform parameters in the transform name, too.Markus Friedl
2012-08-30Do not issue a spurious "force" when "group none" is specified.Christian Weisgerber
2012-07-13Change the configuration format fed to the isakmpd FIFO to be ableMike Belopuhov
2012-07-10Rename "life" to "lifetime" to match iked.Lawrence Teo
2012-07-09Fix typo in warning message.Lawrence Teo
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2011-11-08allow the path to isakmpd's fifo to be specified (aka changed) on theHenning Brauer
2010-10-15fixup generation of suites string for isakmpd wrt "group none"Mike Belopuhov
2010-09-22Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2009-10-04When IKE is operating in dynamic mode and no srcid is given, the hostnameJoel Sing
2009-08-04Specify an ID-type of IPV4_ADDR or IPV6_ADDR if the srcid or dstid isJoel Sing
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
2008-07-01Isakmpd acquire mode did not work with a config generated fromAlexander Bluhm
2008-02-22Support for specifying aes-{128,192,256}. Originial idea by PrabhuHans-Joerg Hoexer
2008-01-04Strip off trailing '/32' when address type is IPV4_ADDR as isakmpd doesHans-Joerg Hoexer
2007-03-16move autodetection of the ID type to the parser. this way theMarkus Friedl
2007-02-19Bits for ESP+NULL encryption. This is useful, when AH can not beHans-Joerg Hoexer
2006-12-18call ike_setup_ids from a more appropriate location.Mathieu Sauve-Frankel
2006-11-30typo: wrong rid for protocolMarkus Friedl
2006-11-30use rmv to unregister ipsec connections; ok hshoexer, hoMarkus Friedl
2006-11-30handle multiple SAs with different same src/dst but different port;Markus Friedl
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-11-24fix typo for remote port; from Brian CandlerMarkus Friedl
2006-11-21do not delete sections that might be shared with other connectionsMarkus Friedl
2006-11-01KNF unrelated to previous commit.Ryan Thomas McBride
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
2006-09-18KNF and clean some trailing white spaces, no binary change.Hans-Joerg Hoexer
2006-08-30actually use the right value for USER_FQDNMathieu Sauve-Frankel
2006-08-29add support for ufqdn ids in ike rulesMathieu Sauve-Frankel
2006-08-29Add support for IKE AH rules to ipsecctl. Man page input by jmc@.Christian Weisgerber
2006-07-21When no peer is specified, no peer address is defined, thus do not use it.Hans-Joerg Hoexer
2006-06-18add group "none"; when choosen, pfs will be disabled.Hans-Joerg Hoexer
2006-06-16add a missing "force"Hans-Joerg Hoexer
2006-06-15be careful when touch the peer component of a rule. It is notHans-Joerg Hoexer
2006-06-13For IKE, allow main mode SHA2 and quick mode AESCTR transforms,Christian Weisgerber
2006-06-10switch back to original defaults regarding DH groups. modp3072 is toHans-Joerg Hoexer
2006-06-08fix some indentation, noticed by david@Hans-Joerg Hoexer
2006-06-08Add a transport mode specifier to ike rules. Tunnel mode remains the default.Christian Weisgerber
2006-06-08allocate enough storage via sockaddr_storage for sockaddr_in6,Todd T. Fries
2006-06-08Fix a typo: When testing for quick mode lifetimes, make sure toHans-Joerg Hoexer
2006-06-02support tcp/udp port modifiers in ike rulesChristian Weisgerber
2006-06-02allow to specify phase 1 and 2 lifetimes. Right now, these valuesHans-Joerg Hoexer