summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ike.c
AgeCommit message (Collapse)Author
2006-12-18call ike_setup_ids from a more appropriate location.Mathieu Sauve-Frankel
ok hshoexer@
2006-11-30typo: wrong rid for protocolMarkus Friedl
2006-11-30use rmv to unregister ipsec connections; ok hshoexer, hoMarkus Friedl
2006-11-30handle multiple SAs with different same src/dst but different port;Markus Friedl
store IKE connection string and phase2 IDs in the ipsec rule; cleanup internal API: pass rules around instead of rule members; report Brian Candler; fix with hshoexer, msf; ok hshoexer
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@
2006-11-24fix typo for remote port; from Brian CandlerMarkus Friedl
2006-11-21do not delete sections that might be shared with other connectionsMarkus Friedl
however, this workaround might leak config entries in isakmpd; ok (for now) hshoexer
2006-11-01KNF unrelated to previous commit.Ryan Thomas McBride
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
ok hshoexer
2006-09-18KNF and clean some trailing white spaces, no binary change.Hans-Joerg Hoexer
2006-08-30actually use the right value for USER_FQDNMathieu Sauve-Frankel
ok hshoexer@
2006-08-29add support for ufqdn ids in ike rulesMathieu Sauve-Frankel
ok hshoexer@
2006-08-29Add support for IKE AH rules to ipsecctl. Man page input by jmc@.Christian Weisgerber
ok hshoexer@
2006-07-21When no peer is specified, no peer address is defined, thus do not use it.Hans-Joerg Hoexer
Noticed by Alexey E. Suslikov <cruel@texnika.com.ua>, thanks!
2006-06-18add group "none"; when choosen, pfs will be disabled.Hans-Joerg Hoexer
ok david msf
2006-06-16add a missing "force"Hans-Joerg Hoexer
2006-06-15be careful when touch the peer component of a rule. It is notHans-Joerg Hoexer
necessarily set anymore, as now the peer can be left out.
2006-06-13For IKE, allow main mode SHA2 and quick mode AESCTR transforms,Christian Weisgerber
which were recently added to isakmpd. ok hshoexer@, markus@
2006-06-10switch back to original defaults regarding DH groups. modp3072 is toHans-Joerg Hoexer
heavyweight. Testing by Jason George, thanks!
2006-06-08fix some indentation, noticed by david@Hans-Joerg Hoexer
2006-06-08Add a transport mode specifier to ike rules. Tunnel mode remains the default.Christian Weisgerber
"looks right" hshoexer@
2006-06-08allocate enough storage via sockaddr_storage for sockaddr_in6,Todd T. Fries
fixes ike29.in in regress looks right hshoexer@, ok naddy@
2006-06-08Fix a typo: When testing for quick mode lifetimes, make sure toHans-Joerg Hoexer
reference quick mode lifetimes, too, not main mode lifetimes. Otherwise we might dereference a NULL pointer...
2006-06-02support tcp/udp port modifiers in ike rulesChristian Weisgerber
"put it in if it doesn't break regress" hshoexer@
2006-06-02allow to specify phase 1 and 2 lifetimes. Right now, these valuesHans-Joerg Hoexer
can only be set globally (ie. Default-phase-[12]-lifetime).
2006-06-02Simplify main/quick mode parsing and generation of the actual ike config.Hans-Joerg Hoexer
2006-06-01change the local-ID section name to always be unique as we may want to use ↵Mathieu Sauve-Frankel
more than one ISAKMP ID on the local peer. ok hshoexer@
2006-06-01knfHans-Joerg Hoexer
2006-06-01permit feeding isakmpd.fifo IPv6 addressesTodd T. Fries
ok hshoexer@
2006-06-01Generate correct configuration for default peers.Hans-Joerg Hoexer
2006-05-31Small function header knf.Hans-Joerg Hoexer
2006-05-31Prepare for handling unnamed remote peers.Hans-Joerg Hoexer
2006-05-28matching brackets are usefulTodd T. Fries
ok dlg@
2006-05-27allow to specify groups to be used IKEHans-Joerg Hoexer
2006-05-15delete weird CTheo de Raadt
2006-04-13Add support for "local" to ike rules. Allows to specify the local IP to beHans-Joerg Hoexer
used on a multi-homed machine. Also, relax order of peer/local keywords. ok markus@
2006-03-31allow do delete dynamic rulesHans-Joerg Hoexer
ok reyk@
2006-03-31allow specification of encapsulated protocol for ike; ok hshoexerMarkus Friedl
2006-03-31allow specification of encapsulated protocol for flows; ok hshoexerMarkus Friedl
2006-03-20When being verbose while deleting ike rules (-dv), print deletions instead ofHans-Joerg Hoexer
additions. Suggested by david@
2006-03-20When adding a connection, do not explicitly start that connectionHans-Joerg Hoexer
using "t" and "c" fifo commands. This is prone to a race when adding several tunnels between the same peers. Just let isakmpd start that connection on its own (using the connection checker).
2006-03-07add an ike option for road warrior setups (hosts with dynamic ipReyk Floeter
addresses). "ike dynamic esp" will use the system's hostname as the fqdn source id (instead of the ip address) by default and enable dpd (dead peer detection) to allow smooth reconnects after an ip address change (i.e. forced reconnect with consumer adsl lines). ok hshoexer@, looks fine markus@, jmc@
2006-02-03override authentication tag as well; ok hshoexer@Christian Weisgerber
2006-02-02Two fixes: generate default main mode config when using PSK, added missingHans-Joerg Hoexer
force (with naddy@) ok reyk@ naddy@
2006-01-17spacingTheo de Raadt
2006-01-16add support for pre-shared keys with "ike esp" using the new keywordReyk Floeter
"psk". rsa-sig is recommended and will still be used by default. ok hshoexer@, manpage ok jmc@
2005-12-28no close() after fdopen(); ok hshoexer@Christian Weisgerber
2005-12-28make sure isakmpd fifo is actually a fifo.Hans-Joerg Hoexer
2005-12-12use err() instead of errx()Hans-Joerg Hoexer
2005-11-24Remove old-style keyed sha1/md5. We only support hmac-sha1/md5.Hans-Joerg Hoexer
Noticed the hard way by <raff at brodewicz dot pl>
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-21 13:28:40 +0000