summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ipsec.conf.5
AgeCommit message (Expand)Author
2010-06-07fix a quoting wobble for the srcnat keyword; verified by reykJason McIntyre
2010-06-03update the manpages for isakmpd(8) and ipsec.conf(5) to point to iked(8)Reyk Floeter
2010-01-02Various syntax errors in list headers, found by mandoc(1),Ingo Schwarze
2009-10-21nat -> match...nat-to in example PF rule. ok mpf@Stuart Henderson
2009-01-29tweak previous;Jason McIntyre
2009-01-28Allow to specify ike and flow explicitly without peer. The anyAlexander Bluhm
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
2008-11-29Explain how /32 changes the address type to IPV4_ADDR_SUBNET. From MitjaHans-Joerg Hoexer
2008-04-11add support for the "include" directive using code from pfctl/parse.y.Reyk Floeter
2008-02-22Support for specifying aes-{128,192,256}. Originial idea by PrabhuHans-Joerg Hoexer
2008-02-12document modifier types; requested by AurelienJason McIntyre
2007-09-17Document the syntax used with manual SAs for automatic creationStuart Henderson
2007-05-31convert to new .Dd format;Jason McIntyre
2007-03-06Explain, why aesctr has 160 bit keys (128 bit aes key + 32 bit nonce).Hans-Joerg Hoexer
2007-02-19tweak;Jason McIntyre
2007-02-19Document NULL encryption.Hans-Joerg Hoexer
2007-02-16Address PR 5380: refer to DH MODP well-known group numbers.Chad Loder
2006-12-12a rewrite of enc.4, hopefully a little more useful than what we previouslyJason McIntyre
2006-12-06SAD -> SADB; ok hshoexerJason McIntyre
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-11-13briefly describe phases 1 and 2, and use these terms moreJason McIntyre
2006-11-13previous was not quite right;Jason McIntyre
2006-11-13fix a macro mistake;Jason McIntyre
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
2006-10-19note that all rules using enc0 should specify: keep state (if-bound)Jason McIntyre
2006-09-29add a new section header, since DESCRIPTION is getting so large...Jason McIntyre
2006-09-29make it clearer what needs to be run, and how; push manual keying downJason McIntyre
2006-09-26a better description of what our automatic keying example is up to;Jason McIntyre
2006-09-22- document which parts need to be packet filtered, and whyJason McIntyre
2006-09-15reorganise the sections to make more sense;Jason McIntyre
2006-09-15clarification;Jason McIntyre
2006-09-15add in filtering rules to allow keying daemons to talk;Jason McIntyre
2006-09-14simplify an example. ok jmc@Hans-Joerg Hoexer
2006-09-13use "proto ipencap" for the gateway filter rules;Jason McIntyre
2006-09-12note that enc traffic is unecrypted; from mpfJason McIntyre
2006-09-12no need to Xr isakmpd.conf.5;Jason McIntyre
2006-09-12add a section on packet filtering ipsec traffic;Jason McIntyre
2006-09-11improvememnts for `local', `peer', and `psk'; ok hshoexerJason McIntyre
2006-09-07note that we can filter ipsec traffic on the enc interface;Jason McIntyre
2006-09-07improve the tcpmd5 section; ok claudio hshoexerJason McIntyre
2006-09-07move all the auth/enc/group stuff into one definitive section;Jason McIntyre
2006-09-06start to group the parameters for AUTOMATIC KEYING in a more logical way;Jason McIntyre
2006-09-05knock out a ton of Aq/Xo/Xc that was either unneeded, or just plain wrong;Jason McIntyre
2006-09-05document line splitting using `\';Jason McIntyre
2006-09-05slight text shuffle, and make the isakmpd bits clearer;Jason McIntyre
2006-09-04some wording fixes for the section headers and minor tweaks;Jason McIntyre
2006-09-04document comments, address syntax, and list expansion;Jason McIntyre
2006-09-01a little better text for the sections; ok hshoexerJason McIntyre
2006-08-31knock out the cpp/m4 stuff from MACROS; after discussion with many...Jason McIntyre
2006-08-31some improvements to srcid and destid, as noted by mpf;Jason McIntyre