summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ike.c
AgeCommit message (Expand)Author
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-11-24fix typo for remote port; from Brian CandlerMarkus Friedl
2006-11-21do not delete sections that might be shared with other connectionsMarkus Friedl
2006-11-01KNF unrelated to previous commit.Ryan Thomas McBride
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
2006-09-18KNF and clean some trailing white spaces, no binary change.Hans-Joerg Hoexer
2006-08-30actually use the right value for USER_FQDNMathieu Sauve-Frankel
2006-08-29add support for ufqdn ids in ike rulesMathieu Sauve-Frankel
2006-08-29Add support for IKE AH rules to ipsecctl. Man page input by jmc@.Christian Weisgerber
2006-07-21When no peer is specified, no peer address is defined, thus do not use it.Hans-Joerg Hoexer
2006-06-18add group "none"; when choosen, pfs will be disabled.Hans-Joerg Hoexer
2006-06-16add a missing "force"Hans-Joerg Hoexer
2006-06-15be careful when touch the peer component of a rule. It is notHans-Joerg Hoexer
2006-06-13For IKE, allow main mode SHA2 and quick mode AESCTR transforms,Christian Weisgerber
2006-06-10switch back to original defaults regarding DH groups. modp3072 is toHans-Joerg Hoexer
2006-06-08fix some indentation, noticed by david@Hans-Joerg Hoexer
2006-06-08Add a transport mode specifier to ike rules. Tunnel mode remains the default.Christian Weisgerber
2006-06-08allocate enough storage via sockaddr_storage for sockaddr_in6,Todd T. Fries
2006-06-08Fix a typo: When testing for quick mode lifetimes, make sure toHans-Joerg Hoexer
2006-06-02support tcp/udp port modifiers in ike rulesChristian Weisgerber
2006-06-02allow to specify phase 1 and 2 lifetimes. Right now, these valuesHans-Joerg Hoexer
2006-06-02Simplify main/quick mode parsing and generation of the actual ike config.Hans-Joerg Hoexer
2006-06-01change the local-ID section name to always be unique as we may want to use mo...Mathieu Sauve-Frankel
2006-06-01knfHans-Joerg Hoexer
2006-06-01permit feeding isakmpd.fifo IPv6 addressesTodd T. Fries
2006-06-01Generate correct configuration for default peers.Hans-Joerg Hoexer
2006-05-31Small function header knf.Hans-Joerg Hoexer
2006-05-31Prepare for handling unnamed remote peers.Hans-Joerg Hoexer
2006-05-28matching brackets are usefulTodd T. Fries
2006-05-27allow to specify groups to be used IKEHans-Joerg Hoexer
2006-05-15delete weird CTheo de Raadt
2006-04-13Add support for "local" to ike rules. Allows to specify the local IP to beHans-Joerg Hoexer
2006-03-31allow do delete dynamic rulesHans-Joerg Hoexer
2006-03-31allow specification of encapsulated protocol for ike; ok hshoexerMarkus Friedl
2006-03-31allow specification of encapsulated protocol for flows; ok hshoexerMarkus Friedl
2006-03-20When being verbose while deleting ike rules (-dv), print deletions instead ofHans-Joerg Hoexer
2006-03-20When adding a connection, do not explicitly start that connectionHans-Joerg Hoexer
2006-03-07add an ike option for road warrior setups (hosts with dynamic ipReyk Floeter
2006-02-03override authentication tag as well; ok hshoexer@Christian Weisgerber
2006-02-02Two fixes: generate default main mode config when using PSK, added missingHans-Joerg Hoexer
2006-01-17spacingTheo de Raadt
2006-01-16add support for pre-shared keys with "ike esp" using the new keywordReyk Floeter
2005-12-28no close() after fdopen(); ok hshoexer@Christian Weisgerber
2005-12-28make sure isakmpd fifo is actually a fifo.Hans-Joerg Hoexer
2005-12-12use err() instead of errx()Hans-Joerg Hoexer
2005-11-24Remove old-style keyed sha1/md5. We only support hmac-sha1/md5.Hans-Joerg Hoexer
2005-11-12spacingTheo de Raadt
2005-11-06Improved address and address mask handling, derived from pfctl stuff.Hans-Joerg Hoexer
2005-11-06better handling of ip addresses, prepare for v6. Partially derived from diffHans-Joerg Hoexer
2005-10-28more error message cleanupHans-Joerg Hoexer