summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ipsec.conf.5
AgeCommit message (Expand)Author
2015-11-01replace "can not" with "cannot";Jason McIntyre
2015-05-25bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@Christian Weisgerber
2015-02-28Reduce usage of predefined strings in manpages.Anthony J. Bentley
2015-01-10tell the truth about DES.Igor Sobrado
2015-01-02PFS stands for Perfect Forward Secrecy.Igor Sobrado
2014-03-19Unify ipsec.conf(5)'s copy of the text dealing with multiline comments,Stuart Henderson
2013-11-01altq -> new queue in examplesHenning Brauer
2013-06-29do not use Sx for sections outwith the page;Jason McIntyre
2012-08-12Explicitly state that only two unit specifiers are recognized instead ofLawrence Teo
2012-07-13small tweak;Jason McIntyre
2012-07-13Change the configuration format fed to the isakmpd FIFO to be ableMike Belopuhov
2012-07-08Disallow manual security associations that use AES-CTR, AES-GCM,Christian Weisgerber
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-04-24take a stab at documenting when arguments need quoted, and valid macroJason McIntyre
2011-11-13provide a specific section reference; from Lawrence TeoJason McIntyre
2011-09-03make -column lists pretty again;Jason McIntyre
2011-08-19as with other list types, column lists generally do not need a Pp/-compactJason McIntyre
2011-07-07We can mention ipcomp, since it worksTheo de Raadt
2011-06-24wrap previous onto a second lineStuart Henderson
2011-06-24nat-to rules require a directionStuart Henderson
2010-10-06Retire SkipjackMike Belopuhov
2010-09-23change description for AES-GMAC a bit.Mike Belopuhov
2010-09-22Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2010-09-19more wacky macro fixing;Jason McIntyre
2010-06-07fix a quoting wobble for the srcnat keyword; verified by reykJason McIntyre
2010-06-03update the manpages for isakmpd(8) and ipsec.conf(5) to point to iked(8)Reyk Floeter
2010-01-02Various syntax errors in list headers, found by mandoc(1),Ingo Schwarze
2009-10-21nat -> match...nat-to in example PF rule. ok mpf@Stuart Henderson
2009-01-29tweak previous;Jason McIntyre
2009-01-28Allow to specify ike and flow explicitly without peer. The anyAlexander Bluhm
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
2008-11-29Explain how /32 changes the address type to IPV4_ADDR_SUBNET. From MitjaHans-Joerg Hoexer
2008-04-11add support for the "include" directive using code from pfctl/parse.y.Reyk Floeter
2008-02-22Support for specifying aes-{128,192,256}. Originial idea by PrabhuHans-Joerg Hoexer
2008-02-12document modifier types; requested by AurelienJason McIntyre
2007-09-17Document the syntax used with manual SAs for automatic creationStuart Henderson
2007-05-31convert to new .Dd format;Jason McIntyre
2007-03-06Explain, why aesctr has 160 bit keys (128 bit aes key + 32 bit nonce).Hans-Joerg Hoexer
2007-02-19tweak;Jason McIntyre
2007-02-19Document NULL encryption.Hans-Joerg Hoexer
2007-02-16Address PR 5380: refer to DH MODP well-known group numbers.Chad Loder
2006-12-12a rewrite of enc.4, hopefully a little more useful than what we previouslyJason McIntyre
2006-12-06SAD -> SADB; ok hshoexerJason McIntyre
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-11-13briefly describe phases 1 and 2, and use these terms moreJason McIntyre
2006-11-13previous was not quite right;Jason McIntyre
2006-11-13fix a macro mistake;Jason McIntyre
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
2006-10-19note that all rules using enc0 should specify: keep state (if-bound)Jason McIntyre
2006-09-29add a new section header, since DESCRIPTION is getting so large...Jason McIntyre