Age | Commit message (Collapse) | Author | |
---|---|---|---|
2006-05-27 | Adresses can be specified in CIDR notation, as symbolic host names, interface | Hans-Joerg Hoexer | |
names or interface group names. So it's time to document this... | |||
2006-05-27 | allow to specify groups to be used IKE | Hans-Joerg Hoexer | |
2006-05-26 | vpn.8 removal; | Jason McIntyre | |
2006-05-26 | \<char> is <char> except for \<newline> -- no exceptions. much like how | Theo de Raadt | |
other things work. ok henning | |||
2006-05-18 | paramter -> parameter | Miod Vallat | |
2006-05-15 | permit proto 0; ok hshoexer | Theo de Raadt | |
2006-05-15 | delete weird C | Theo de Raadt | |
2006-05-11 | fix some spelling; noticed by david@ | Hans-Joerg Hoexer | |
2006-04-20 | constify char *infile here, too. noticed by lint. | Hans-Joerg Hoexer | |
2006-04-19 | add support for interface groups. | Hans-Joerg Hoexer | |
2006-04-19 | small cleanup: no need to strdup here. | Hans-Joerg Hoexer | |
2006-04-19 | "type" keyword to specify flow type (require, use, etc.) | Hans-Joerg Hoexer | |
2006-04-19 | add hostname resolver. | Hans-Joerg Hoexer | |
at least some eyeballing by cloder@ tested by jean raby, requested/suggested by rod withworth | |||
2006-04-13 | Add support for "local" to ike rules. Allows to specify the local IP to be | Hans-Joerg Hoexer | |
used on a multi-homed machine. Also, relax order of peer/local keywords. ok markus@ | |||
2006-04-12 | document that tunnel and transport mode can be specified for SAs. | Hans-Joerg Hoexer | |
2006-03-31 | tweaks; | Jason McIntyre | |
2006-03-31 | wenn dumping rules always show type, srcid and dstid (if set). | Hans-Joerg Hoexer | |
ok reyk@ | |||
2006-03-31 | allow do delete dynamic rules | Hans-Joerg Hoexer | |
ok reyk@ | |||
2006-03-31 | allow specification of encapsulated protocol for ike; ok hshoexer | Markus Friedl | |
2006-03-31 | allow specification of encapsulated protocol for flows; ok hshoexer | Markus Friedl | |
2006-03-31 | uppercase `ip'; | Jason McIntyre | |
2006-03-30 | when resolving interface names to ip adresses, set netmask to all bits 1 | Hans-Joerg Hoexer | |
2006-03-30 | allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok ↵ | Markus Friedl | |
hshoexer, reyk | |||
2006-03-22 | add support for macros in ipsec.conf(5). some bits have already been | Reyk Floeter | |
there. requested by david@ ok hshoexer@, msf@ | |||
2006-03-20 | When being verbose while deleting ike rules (-dv), print deletions instead of | Hans-Joerg Hoexer | |
additions. Suggested by david@ | |||
2006-03-20 | When adding a connection, do not explicitly start that connection | Hans-Joerg Hoexer | |
using "t" and "c" fifo commands. This is prone to a race when adding several tunnels between the same peers. Just let isakmpd start that connection on its own (using the connection checker). | |||
2006-03-07 | add support for special "bypass" and "deny" flows. | Reyk Floeter | |
ok hshoexer@, thanks jmc@ | |||
2006-03-07 | add an ike option for road warrior setups (hosts with dynamic ip | Reyk Floeter | |
addresses). "ike dynamic esp" will use the system's hostname as the fqdn source id (instead of the ip address) by default and enable dpd (dead peer detection) to allow smooth reconnects after an ip address change (i.e. forced reconnect with consumer adsl lines). ok hshoexer@, looks fine markus@, jmc@ | |||
2006-02-21 | The new default encryption algorithm for main mode is AES instead of 3DES. | Hans-Joerg Hoexer | |
Noticed as not being documented by otto@. ok otto@ | |||
2006-02-03 | override authentication tag as well; ok hshoexer@ | Christian Weisgerber | |
2006-02-02 | Two fixes: generate default main mode config when using PSK, added missing | Hans-Joerg Hoexer | |
force (with naddy@) ok reyk@ naddy@ | |||
2006-02-01 | noted by lint: include <string.h> instead of <strings.h>, add tow ARGSUSED1 | Hans-Joerg Hoexer | |
2006-01-20 | initialize authtype->string in case of RSA to avoid bad free() | Christian Weisgerber | |
ok reyk@ hshoexer@ | |||
2006-01-17 | wrap long lines (no binary change) | Reyk Floeter | |
2006-01-17 | spacing | Theo de Raadt | |
2006-01-17 | no , after last element in enum | Theo de Raadt | |
2006-01-16 | add support for pre-shared keys with "ike esp" using the new keyword | Reyk Floeter | |
"psk". rsa-sig is recommended and will still be used by default. ok hshoexer@, manpage ok jmc@ | |||
2005-12-28 | no close() after fdopen(); ok hshoexer@ | Christian Weisgerber | |
2005-12-28 | make sure isakmpd fifo is actually a fifo. | Hans-Joerg Hoexer | |
2005-12-21 | Userland programs should include <errno.h> not <sys/errno.h> | Todd C. Miller | |
OK deraadt@ | |||
2005-12-12 | use ARGSUSED1 here | Hans-Joerg Hoexer | |
2005-12-12 | use err() instead of errx() | Hans-Joerg Hoexer | |
2005-12-12 | Correctly copy interface names; fixes breakage noticed by naddy@ | Hans-Joerg Hoexer | |
ok naddy@ cvs: ---------------------------------------------------------------------- | |||
2005-12-06 | more appropriate error messages; ok hshoexer | Markus Friedl | |
2005-12-06 | ipip support: ip-in-ip w/o gif(4); ok hshoexer | Markus Friedl | |
2005-12-01 | spacing | Theo de Raadt | |
2005-12-01 | do not choke and dump core when printing bypass flows. noticed by jacob | Hans-Joerg Hoexer | |
schlyter. Thanks! | |||
2005-11-30 | handle that pfkey_ipsec_flush() can fail. | Hans-Joerg Hoexer | |
2005-11-27 | sanity check constraints for transforms. | Hans-Joerg Hoexer | |
ok deraadt@ | |||
2005-11-27 | truly permit auth/enc/comp expressions to be in any order | Theo de Raadt | |
hshoexer will add back in the contraint language |