summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ipsec.conf.5
AgeCommit message (Expand)Author
2012-08-12Explicitly state that only two unit specifiers are recognized instead ofLawrence Teo
2012-07-13small tweak;Jason McIntyre
2012-07-13Change the configuration format fed to the isakmpd FIFO to be ableMike Belopuhov
2012-07-08Disallow manual security associations that use AES-CTR, AES-GCM,Christian Weisgerber
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-04-24take a stab at documenting when arguments need quoted, and valid macroJason McIntyre
2011-11-13provide a specific section reference; from Lawrence TeoJason McIntyre
2011-09-03make -column lists pretty again;Jason McIntyre
2011-08-19as with other list types, column lists generally do not need a Pp/-compactJason McIntyre
2011-07-07We can mention ipcomp, since it worksTheo de Raadt
2011-06-24wrap previous onto a second lineStuart Henderson
2011-06-24nat-to rules require a directionStuart Henderson
2010-10-06Retire SkipjackMike Belopuhov
2010-09-23change description for AES-GMAC a bit.Mike Belopuhov
2010-09-22Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2010-09-19more wacky macro fixing;Jason McIntyre
2010-06-07fix a quoting wobble for the srcnat keyword; verified by reykJason McIntyre
2010-06-03update the manpages for isakmpd(8) and ipsec.conf(5) to point to iked(8)Reyk Floeter
2010-01-02Various syntax errors in list headers, found by mandoc(1),Ingo Schwarze
2009-10-21nat -> match...nat-to in example PF rule. ok mpf@Stuart Henderson
2009-01-29tweak previous;Jason McIntyre
2009-01-28Allow to specify ike and flow explicitly without peer. The anyAlexander Bluhm
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
2008-11-29Explain how /32 changes the address type to IPV4_ADDR_SUBNET. From MitjaHans-Joerg Hoexer
2008-04-11add support for the "include" directive using code from pfctl/parse.y.Reyk Floeter
2008-02-22Support for specifying aes-{128,192,256}. Originial idea by PrabhuHans-Joerg Hoexer
2008-02-12document modifier types; requested by AurelienJason McIntyre
2007-09-17Document the syntax used with manual SAs for automatic creationStuart Henderson
2007-05-31convert to new .Dd format;Jason McIntyre
2007-03-06Explain, why aesctr has 160 bit keys (128 bit aes key + 32 bit nonce).Hans-Joerg Hoexer
2007-02-19tweak;Jason McIntyre
2007-02-19Document NULL encryption.Hans-Joerg Hoexer
2007-02-16Address PR 5380: refer to DH MODP well-known group numbers.Chad Loder
2006-12-12a rewrite of enc.4, hopefully a little more useful than what we previouslyJason McIntyre
2006-12-06SAD -> SADB; ok hshoexerJason McIntyre
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-11-13briefly describe phases 1 and 2, and use these terms moreJason McIntyre
2006-11-13previous was not quite right;Jason McIntyre
2006-11-13fix a macro mistake;Jason McIntyre
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
2006-10-19note that all rules using enc0 should specify: keep state (if-bound)Jason McIntyre
2006-09-29add a new section header, since DESCRIPTION is getting so large...Jason McIntyre
2006-09-29make it clearer what needs to be run, and how; push manual keying downJason McIntyre
2006-09-26a better description of what our automatic keying example is up to;Jason McIntyre
2006-09-22- document which parts need to be packet filtered, and whyJason McIntyre
2006-09-15reorganise the sections to make more sense;Jason McIntyre
2006-09-15clarification;Jason McIntyre
2006-09-15add in filtering rules to allow keying daemons to talk;Jason McIntyre
2006-09-14simplify an example. ok jmc@Hans-Joerg Hoexer
2006-09-13use "proto ipencap" for the gateway filter rules;Jason McIntyre
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 02:11:01 +0000