summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
AgeCommit message (Expand)Author
2012-09-18remove the SADB_X_SAFLAGS_{HALFIV,RANDOMPADDING,NOREPLAY} pfkey-API (not setMarkus Friedl
2012-09-17unbreak the last commit by making sure that the transform nameMarkus Friedl
2012-09-15Encode the transform parameters in the transform name, too.Markus Friedl
2012-08-30Do not issue a spurious "force" when "group none" is specified.Christian Weisgerber
2012-08-12Explicitly state that only two unit specifiers are recognized instead ofLawrence Teo
2012-07-13small tweak;Jason McIntyre
2012-07-13Change the configuration format fed to the isakmpd FIFO to be ableMike Belopuhov
2012-07-10Rename "life" to "lifetime" to match iked.Lawrence Teo
2012-07-09Fix typo in warning message.Lawrence Teo
2012-07-08Disallow manual security associations that use AES-CTR, AES-GCM,Christian Weisgerber
2012-07-07copy&paste mistake in error messageChristian Weisgerber
2012-07-05don't output "esn" string in the rule section as we can't use theMike Belopuhov
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-06-29Print esn flag when dumping SAs with ESN enabledMike Belopuhov
2012-04-24take a stab at documenting when arguments need quoted, and valid macroJason McIntyre
2012-03-24fix some leaksJonathan Gray
2011-12-20unsigned long should use "%lu" format; from eric lax, thanksMike Belopuhov
2011-11-13provide a specific section reference; from Lawrence TeoJason McIntyre
2011-11-08- put -i in the right placeJason McIntyre
2011-11-08mention default fifo path, sthen. previous manpage changes were ok jmc, plusHenning Brauer
2011-11-08allow the path to isakmpd's fifo to be specified (aka changed) on theHenning Brauer
2011-09-03make -column lists pretty again;Jason McIntyre
2011-08-19as with other list types, column lists generally do not need a Pp/-compactJason McIntyre
2011-07-07We can mention ipcomp, since it worksTheo de Raadt
2011-07-06For non-crypted flows (such as ipcomp and ipip), default theirTheo de Raadt
2011-06-24wrap previous onto a second lineStuart Henderson
2011-06-24nat-to rules require a directionStuart Henderson
2011-04-13print flags in hex; from hshoexer@; ok mikeb@ mpf@Markus Friedl
2010-10-15fixup generation of suites string for isakmpd wrt "group none"Mike Belopuhov
2010-10-06Retire SkipjackMike Belopuhov
2010-09-23change description for AES-GMAC a bit.Mike Belopuhov
2010-09-22Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2010-09-19more wacky macro fixing;Jason McIntyre
2010-08-03fix linecount bug with comments spanning multiple linesHenning Brauer
2010-07-01support dumping the new SADB_X_EXT_TAP extension.Reyk Floeter
2010-06-07fix a quoting wobble for the srcnat keyword; verified by reykJason McIntyre
2010-06-03update the manpages for isakmpd(8) and ipsec.conf(5) to point to iked(8)Reyk Floeter
2010-05-10Various comment typos. 'wether' -> 'whether' (most popular), 'possiblity' ->Kenneth R Westerback
2010-01-02Various syntax errors in list headers, found by mandoc(1),Ingo Schwarze
2009-11-13Don't use [] in function arguments when dealing with arraysJonathan Gray
2009-10-21nat -> match...nat-to in example PF rule. ok mpf@Stuart Henderson
2009-10-04When IKE is operating in dynamic mode and no srcid is given, the hostnameJoel Sing
2009-08-04Specify an ID-type of IPV4_ADDR or IPV6_ADDR if the srcid or dstid isJoel Sing
2009-03-31Fixed memory leaks which would occur if the second of two memoryTobias Stoeckmann
2009-01-30If the "peer" address is not specified or derived from "to" forAlexander Bluhm
2009-01-29After checking that peer == NULL do not assign peer = NULL a fewAlexander Bluhm
2009-01-29tweak previous;Jason McIntyre
2009-01-28Allow to specify ike and flow explicitly without peer. The anyAlexander Bluhm
2009-01-27A warning text in ipsecctl was used twice. Make the messages uniqueAlexander Bluhm
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher