Age | Commit message (Expand) | Author |
2015-12-09 | Remove plain DES encryption from IPsec. | Christian Weisgerber |
2015-05-25 | bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@ | Christian Weisgerber |
2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt |
2013-08-25 | the comment that comma characters cannot be used in transform | Mike Belopuhov |
2012-09-17 | unbreak the last commit by making sure that the transform name | Markus Friedl |
2012-09-15 | Encode the transform parameters in the transform name, too. | Markus Friedl |
2012-08-30 | Do not issue a spurious "force" when "group none" is specified. | Christian Weisgerber |
2012-07-13 | Change the configuration format fed to the isakmpd FIFO to be able | Mike Belopuhov |
2012-07-10 | Rename "life" to "lifetime" to match iked. | Lawrence Teo |
2012-07-09 | Fix typo in warning message. | Lawrence Teo |
2012-06-30 | enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESP | Christian Weisgerber |
2011-11-08 | allow the path to isakmpd's fifo to be specified (aka changed) on the | Henning Brauer |
2010-10-15 | fixup generation of suites string for isakmpd wrt "group none" | Mike Belopuhov |
2010-09-22 | Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMAC | Mike Belopuhov |
2009-10-04 | When IKE is operating in dynamic mode and no srcid is given, the hostname | Joel Sing |
2009-08-04 | Specify an ID-type of IPV4_ADDR or IPV6_ADDR if the srcid or dstid is | Joel Sing |
2009-01-20 | Add support to isakmpd(8) and ipsecctl(8) to install SA's with a | Marco Pfatschbacher |
2008-07-01 | Isakmpd acquire mode did not work with a config generated from | Alexander Bluhm |
2008-02-22 | Support for specifying aes-{128,192,256}. Originial idea by Prabhu | Hans-Joerg Hoexer |
2008-01-04 | Strip off trailing '/32' when address type is IPV4_ADDR as isakmpd does | Hans-Joerg Hoexer |
2007-03-16 | move autodetection of the ID type to the parser. this way the | Markus Friedl |
2007-02-19 | Bits for ESP+NULL encryption. This is useful, when AH can not be | Hans-Joerg Hoexer |
2006-12-18 | call ike_setup_ids from a more appropriate location. | Mathieu Sauve-Frankel |
2006-11-30 | typo: wrong rid for protocol | Markus Friedl |
2006-11-30 | use rmv to unregister ipsec connections; ok hshoexer, ho | Markus Friedl |
2006-11-30 | handle multiple SAs with different same src/dst but different port; | Markus Friedl |
2006-11-24 | add support to tag ipsec traffic belonging to specific IKE-initiated | Reyk Floeter |
2006-11-24 | fix typo for remote port; from Brian Candler | Markus Friedl |
2006-11-21 | do not delete sections that might be shared with other connections | Markus Friedl |
2006-11-01 | KNF unrelated to previous commit. | Ryan Thomas McBride |
2006-11-01 | Add support for aggressive mode (from the k2k6 IPsec hackathon). | Ryan Thomas McBride |
2006-09-18 | KNF and clean some trailing white spaces, no binary change. | Hans-Joerg Hoexer |
2006-08-30 | actually use the right value for USER_FQDN | Mathieu Sauve-Frankel |
2006-08-29 | add support for ufqdn ids in ike rules | Mathieu Sauve-Frankel |
2006-08-29 | Add support for IKE AH rules to ipsecctl. Man page input by jmc@. | Christian Weisgerber |
2006-07-21 | When no peer is specified, no peer address is defined, thus do not use it. | Hans-Joerg Hoexer |
2006-06-18 | add group "none"; when choosen, pfs will be disabled. | Hans-Joerg Hoexer |
2006-06-16 | add a missing "force" | Hans-Joerg Hoexer |
2006-06-15 | be careful when touch the peer component of a rule. It is not | Hans-Joerg Hoexer |
2006-06-13 | For IKE, allow main mode SHA2 and quick mode AESCTR transforms, | Christian Weisgerber |
2006-06-10 | switch back to original defaults regarding DH groups. modp3072 is to | Hans-Joerg Hoexer |
2006-06-08 | fix some indentation, noticed by david@ | Hans-Joerg Hoexer |
2006-06-08 | Add a transport mode specifier to ike rules. Tunnel mode remains the default. | Christian Weisgerber |
2006-06-08 | allocate enough storage via sockaddr_storage for sockaddr_in6, | Todd T. Fries |
2006-06-08 | Fix a typo: When testing for quick mode lifetimes, make sure to | Hans-Joerg Hoexer |
2006-06-02 | support tcp/udp port modifiers in ike rules | Christian Weisgerber |
2006-06-02 | allow to specify phase 1 and 2 lifetimes. Right now, these values | Hans-Joerg Hoexer |
2006-06-02 | Simplify main/quick mode parsing and generation of the actual ike config. | Hans-Joerg Hoexer |
2006-06-01 | change the local-ID section name to always be unique as we may want to use mo... | Mathieu Sauve-Frankel |
2006-06-01 | knf | Hans-Joerg Hoexer |