summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
AgeCommit message (Expand)Author
2006-03-31allow specification of encapsulated protocol for ike; ok hshoexerMarkus Friedl
2006-03-31allow specification of encapsulated protocol for flows; ok hshoexerMarkus Friedl
2006-03-31uppercase `ip';Jason McIntyre
2006-03-30when resolving interface names to ip adresses, set netmask to all bits 1Hans-Joerg Hoexer
2006-03-30allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok hs...Markus Friedl
2006-03-22add support for macros in ipsec.conf(5). some bits have already beenReyk Floeter
2006-03-20When being verbose while deleting ike rules (-dv), print deletions instead ofHans-Joerg Hoexer
2006-03-20When adding a connection, do not explicitly start that connectionHans-Joerg Hoexer
2006-03-07add support for special "bypass" and "deny" flows.Reyk Floeter
2006-03-07add an ike option for road warrior setups (hosts with dynamic ipReyk Floeter
2006-02-21The new default encryption algorithm for main mode is AES instead of 3DES.Hans-Joerg Hoexer
2006-02-03override authentication tag as well; ok hshoexer@Christian Weisgerber
2006-02-02Two fixes: generate default main mode config when using PSK, added missingHans-Joerg Hoexer
2006-02-01noted by lint: include <string.h> instead of <strings.h>, add tow ARGSUSED1Hans-Joerg Hoexer
2006-01-20initialize authtype->string in case of RSA to avoid bad free()Christian Weisgerber
2006-01-17wrap long lines (no binary change)Reyk Floeter
2006-01-17spacingTheo de Raadt
2006-01-17no , after last element in enumTheo de Raadt
2006-01-16add support for pre-shared keys with "ike esp" using the new keywordReyk Floeter
2005-12-28no close() after fdopen(); ok hshoexer@Christian Weisgerber
2005-12-28make sure isakmpd fifo is actually a fifo.Hans-Joerg Hoexer
2005-12-21Userland programs should include <errno.h> not <sys/errno.h>Todd C. Miller
2005-12-12use ARGSUSED1 hereHans-Joerg Hoexer
2005-12-12use err() instead of errx()Hans-Joerg Hoexer
2005-12-12Correctly copy interface names; fixes breakage noticed by naddy@Hans-Joerg Hoexer
2005-12-06more appropriate error messages; ok hshoexerMarkus Friedl
2005-12-06ipip support: ip-in-ip w/o gif(4); ok hshoexerMarkus Friedl
2005-12-01spacingTheo de Raadt
2005-12-01do not choke and dump core when printing bypass flows. noticed by jacobHans-Joerg Hoexer
2005-11-30handle that pfkey_ipsec_flush() can fail.Hans-Joerg Hoexer
2005-11-27sanity check constraints for transforms.Hans-Joerg Hoexer
2005-11-27truly permit auth/enc/comp expressions to be in any orderTheo de Raadt
2005-11-26allow specficiation of encryption and authentication algorithms to be swapped.Hans-Joerg Hoexer
2005-11-24"hmac" not "hmc", notice by <gwyllion at ulyssis dot org>Hans-Joerg Hoexer
2005-11-24Make clear we only have "hmac-sha1" and "hmac-md5".Hans-Joerg Hoexer
2005-11-24Remove old-style keyed sha1/md5. We only support hmac-sha1/md5.Hans-Joerg Hoexer
2005-11-21Fix memory leaks. From Andrey Matveev <evol at online dot ptt dot ru>,Hans-Joerg Hoexer
2005-11-13spacingTheo de Raadt
2005-11-13fclose() file descriptor of the rule file when we are done with it.Hans-Joerg Hoexer
2005-11-12spacingHans-Joerg Hoexer
2005-11-12add support for interface names as host specificationsHans-Joerg Hoexer
2005-11-12permit TO/FROM to be swapped (symmetry is good); ok hshoexermkTheo de Raadt
2005-11-12simplify TAILQ walking code; ok hshoexerTheo de Raadt
2005-11-12spacingTheo de Raadt
2005-11-12spacingTheo de Raadt
2005-11-12do not stat() before open(); instead -- use fstat(); ok hshoexerTheo de Raadt
2005-11-12handle transport/tunnel modeHans-Joerg Hoexer
2005-11-06Improved address and address mask handling, derived from pfctl stuff.Hans-Joerg Hoexer
2005-11-06better handling of ip addresses, prepare for v6. Partially derived from diffHans-Joerg Hoexer
2005-10-30- SEE ALSO is sorted by section firstJason McIntyre