summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
AgeCommit message (Expand)Author
2005-12-01spacingTheo de Raadt
2005-12-01do not choke and dump core when printing bypass flows. noticed by jacobHans-Joerg Hoexer
2005-11-30handle that pfkey_ipsec_flush() can fail.Hans-Joerg Hoexer
2005-11-27sanity check constraints for transforms.Hans-Joerg Hoexer
2005-11-27truly permit auth/enc/comp expressions to be in any orderTheo de Raadt
2005-11-26allow specficiation of encryption and authentication algorithms to be swapped.Hans-Joerg Hoexer
2005-11-24"hmac" not "hmc", notice by <gwyllion at ulyssis dot org>Hans-Joerg Hoexer
2005-11-24Make clear we only have "hmac-sha1" and "hmac-md5".Hans-Joerg Hoexer
2005-11-24Remove old-style keyed sha1/md5. We only support hmac-sha1/md5.Hans-Joerg Hoexer
2005-11-21Fix memory leaks. From Andrey Matveev <evol at online dot ptt dot ru>,Hans-Joerg Hoexer
2005-11-13spacingTheo de Raadt
2005-11-13fclose() file descriptor of the rule file when we are done with it.Hans-Joerg Hoexer
2005-11-12spacingHans-Joerg Hoexer
2005-11-12add support for interface names as host specificationsHans-Joerg Hoexer
2005-11-12permit TO/FROM to be swapped (symmetry is good); ok hshoexermkTheo de Raadt
2005-11-12simplify TAILQ walking code; ok hshoexerTheo de Raadt
2005-11-12spacingTheo de Raadt
2005-11-12spacingTheo de Raadt
2005-11-12do not stat() before open(); instead -- use fstat(); ok hshoexerTheo de Raadt
2005-11-12handle transport/tunnel modeHans-Joerg Hoexer
2005-11-06Improved address and address mask handling, derived from pfctl stuff.Hans-Joerg Hoexer
2005-11-06better handling of ip addresses, prepare for v6. Partially derived from diffHans-Joerg Hoexer
2005-10-30- SEE ALSO is sorted by section firstJason McIntyre
2005-10-30prepare for more flexible hostname resolver. Right now just v4, more to comeHans-Joerg Hoexer
2005-10-30Xr ipcomp, sort "SEE ALSO" sectionHans-Joerg Hoexer
2005-10-30describe ipcompHans-Joerg Hoexer
2005-10-30add support for ipcomp.Hans-Joerg Hoexer
2005-10-28more error message cleanupHans-Joerg Hoexer
2005-10-17parse correctly flows using ipcomp. Glitch noticed by jared rr spiegel.Hans-Joerg Hoexer
2005-10-16Prepare for better host specification parser: dns names, interfaces, etc. ButHans-Joerg Hoexer
2005-10-16Unset debug flag.Hans-Joerg Hoexer
2005-10-16Add keyword "any" for addresses, reduces to "0.0.0.0/0".Hans-Joerg Hoexer
2005-10-16cleanup messages generated by err(3)Hans-Joerg Hoexer
2005-09-23- beef up DESCRIPTIONJason McIntyre
2005-09-23Remove some uncommented section headers from the template man page (RETURNHans-Joerg Hoexer
2005-09-22use "force" keyword when adding to Phase 1 section, otherwise isakmpd willHans-Joerg Hoexer
2005-09-20add an entry to "Phase 1" section for each remote peer.Hans-Joerg Hoexer
2005-09-20add a "Connection=..." entry for active connectionsHans-Joerg Hoexer
2005-09-19grammar;Jason McIntyre
2005-08-23grammar + formatting tweaks;Jason McIntyre
2005-08-22document recent changesHans-Joerg Hoexer
2005-08-22Teach ipsecctl to control isakmpd.Hans-Joerg Hoexer
2005-08-22spellingDavid Krause
2005-08-19more useful error messageHans-Joerg Hoexer
2005-08-11document recent changes, with jmc@Hans-Joerg Hoexer
2005-08-10- typoJason McIntyre
2005-08-09Document how to read keys from a file.Hans-Joerg Hoexer
2005-08-09Rewrite handling of transforms. Now both ah and esp can be specified andHans-Joerg Hoexer
2005-08-09Correct keysize for 3des-cbcHans-Joerg Hoexer
2005-08-08pfkey pieces for static keying, enable static keyingHans-Joerg Hoexer