Age | Commit message (Expand) | Author |
2015-11-04 | Decode Chacha20-Poly1305 when dumping SAs; ok reyk, naddy | Mike Belopuhov |
2012-07-10 | Rename "life" to "lifetime" to match iked. | Lawrence Teo |
2012-07-08 | Disallow manual security associations that use AES-CTR, AES-GCM, | Christian Weisgerber |
2012-07-05 | don't output "esn" string in the rule section as we can't use the | Mike Belopuhov |
2012-06-30 | enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESP | Christian Weisgerber |
2012-06-29 | Print esn flag when dumping SAs with ESN enabled | Mike Belopuhov |
2011-11-08 | allow the path to isakmpd's fifo to be specified (aka changed) on the | Henning Brauer |
2010-10-06 | Retire Skipjack | Mike Belopuhov |
2010-09-22 | Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMAC | Mike Belopuhov |
2009-08-04 | Specify an ID-type of IPV4_ADDR or IPV6_ADDR if the srcid or dstid is | Joel Sing |
2009-01-20 | Add support to isakmpd(8) and ipsecctl(8) to install SA's with a | Marco Pfatschbacher |
2008-07-01 | Isakmpd acquire mode did not work with a config generated from | Alexander Bluhm |
2008-02-22 | Support for specifying aes-{128,192,256}. Originial idea by Prabhu | Hans-Joerg Hoexer |
2007-10-13 | in all these programs using the same pfctl-derived parse.y, re-unify the | Theo de Raadt |
2007-03-16 | move autodetection of the ID type to the parser. this way the | Markus Friedl |
2007-01-03 | do not print secret keys by default, -k restores old behaviour; ok hshoexer | Markus Friedl |
2006-11-30 | handle multiple SAs with different same src/dst but different port; | Markus Friedl |
2006-11-24 | add support to tag ipsec traffic belonging to specific IKE-initiated | Reyk Floeter |
2006-11-01 | Add support for aggressive mode (from the k2k6 IPsec hackathon). | Ryan Thomas McBride |
2006-06-18 | add group "none"; when choosen, pfs will be disabled. | Hans-Joerg Hoexer |
2006-06-02 | print full information about tcpmd5 and ipcomp SAs, too | Markus Friedl |
2006-06-02 | allow to specify phase 1 and 2 lifetimes. Right now, these values | Hans-Joerg Hoexer |
2006-06-02 | put src and dst host in dedicated structure. Make the API more | Hans-Joerg Hoexer |
2006-06-02 | Generalize parsing of main/quick mode specification. Preparation | Hans-Joerg Hoexer |
2006-06-02 | Prepare for parsing lifetimes for ike main and quick mode. Not enabled yet. | Hans-Joerg Hoexer |
2006-06-01 | Support flows with port modifiers for proto tcp/udp, e.g. | Christian Weisgerber |
2006-06-01 | convert pfkey to ipsec_rule and use ipsecctl_print_rule() when dumping | Markus Friedl |
2006-06-01 | Add members dst2, proto2 and spi2 to struct ipsec_rule and define | Hans-Joerg Hoexer |
2006-06-01 | Prepare for SA grouping. | Hans-Joerg Hoexer |
2006-06-01 | rename list link for ipsec_rule structures from "entries" to "rule_entry". | Hans-Joerg Hoexer |
2006-05-31 | white spaces | Hans-Joerg Hoexer |
2006-05-30 | implement monitor mode for ipsecctl. worked on with markus@ | Mathieu Sauve-Frankel |
2006-05-29 | Need protoype for ipsecctl_free_rule(). While around clean up | Hans-Joerg Hoexer |
2006-05-28 | whoops, undo last commit. Of course, set_ipmask() is needed... | Hans-Joerg Hoexer |
2006-05-28 | this one not needed yet. | Hans-Joerg Hoexer |
2006-05-28 | fill in AF_INET6 cases | Todd T. Fries |
2006-05-27 | allow to specify groups to be used IKE | Hans-Joerg Hoexer |
2006-03-31 | allow specification of encapsulated protocol for flows; ok hshoexer | Markus Friedl |
2006-03-30 | allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok hs... | Markus Friedl |
2006-03-22 | add support for macros in ipsec.conf(5). some bits have already been | Reyk Floeter |
2006-03-07 | add an ike option for road warrior setups (hosts with dynamic ip | Reyk Floeter |
2006-01-17 | no , after last element in enum | Theo de Raadt |
2006-01-16 | add support for pre-shared keys with "ike esp" using the new keyword | Reyk Floeter |
2005-12-06 | ipip support: ip-in-ip w/o gif(4); ok hshoexer | Markus Friedl |
2005-11-24 | Remove old-style keyed sha1/md5. We only support hmac-sha1/md5. | Hans-Joerg Hoexer |
2005-11-12 | add support for interface names as host specifications | Hans-Joerg Hoexer |
2005-11-12 | spacing | Theo de Raadt |
2005-11-12 | handle transport/tunnel mode | Hans-Joerg Hoexer |
2005-11-06 | Improved address and address mask handling, derived from pfctl stuff. | Hans-Joerg Hoexer |
2005-11-06 | better handling of ip addresses, prepare for v6. Partially derived from diff | Hans-Joerg Hoexer |