| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2006-03-20 | When being verbose while deleting ike rules (-dv), print deletions instead of | Hans-Joerg Hoexer | |
| additions. Suggested by david@ | |||
| 2006-03-20 | When adding a connection, do not explicitly start that connection | Hans-Joerg Hoexer | |
| using "t" and "c" fifo commands. This is prone to a race when adding several tunnels between the same peers. Just let isakmpd start that connection on its own (using the connection checker). | |||
| 2006-03-07 | add support for special "bypass" and "deny" flows. | Reyk Floeter | |
| ok hshoexer@, thanks jmc@ | |||
| 2006-03-07 | add an ike option for road warrior setups (hosts with dynamic ip | Reyk Floeter | |
| addresses). "ike dynamic esp" will use the system's hostname as the fqdn source id (instead of the ip address) by default and enable dpd (dead peer detection) to allow smooth reconnects after an ip address change (i.e. forced reconnect with consumer adsl lines). ok hshoexer@, looks fine markus@, jmc@ | |||
| 2006-02-21 | The new default encryption algorithm for main mode is AES instead of 3DES. | Hans-Joerg Hoexer | |
| Noticed as not being documented by otto@. ok otto@ | |||
| 2006-02-03 | override authentication tag as well; ok hshoexer@ | Christian Weisgerber | |
| 2006-02-02 | Two fixes: generate default main mode config when using PSK, added missing | Hans-Joerg Hoexer | |
| force (with naddy@) ok reyk@ naddy@ | |||
| 2006-02-01 | noted by lint: include <string.h> instead of <strings.h>, add tow ARGSUSED1 | Hans-Joerg Hoexer | |
| 2006-01-20 | initialize authtype->string in case of RSA to avoid bad free() | Christian Weisgerber | |
| ok reyk@ hshoexer@ | |||
| 2006-01-17 | wrap long lines (no binary change) | Reyk Floeter | |
| 2006-01-17 | spacing | Theo de Raadt | |
| 2006-01-17 | no , after last element in enum | Theo de Raadt | |
| 2006-01-16 | add support for pre-shared keys with "ike esp" using the new keyword | Reyk Floeter | |
| "psk". rsa-sig is recommended and will still be used by default. ok hshoexer@, manpage ok jmc@ | |||
| 2005-12-28 | no close() after fdopen(); ok hshoexer@ | Christian Weisgerber | |
| 2005-12-28 | make sure isakmpd fifo is actually a fifo. | Hans-Joerg Hoexer | |
| 2005-12-21 | Userland programs should include <errno.h> not <sys/errno.h> | Todd C. Miller | |
| OK deraadt@ | |||
| 2005-12-12 | use ARGSUSED1 here | Hans-Joerg Hoexer | |
| 2005-12-12 | use err() instead of errx() | Hans-Joerg Hoexer | |
| 2005-12-12 | Correctly copy interface names; fixes breakage noticed by naddy@ | Hans-Joerg Hoexer | |
| ok naddy@ cvs: ---------------------------------------------------------------------- | |||
| 2005-12-06 | more appropriate error messages; ok hshoexer | Markus Friedl | |
| 2005-12-06 | ipip support: ip-in-ip w/o gif(4); ok hshoexer | Markus Friedl | |
| 2005-12-01 | spacing | Theo de Raadt | |
| 2005-12-01 | do not choke and dump core when printing bypass flows. noticed by jacob | Hans-Joerg Hoexer | |
| schlyter. Thanks! | |||
| 2005-11-30 | handle that pfkey_ipsec_flush() can fail. | Hans-Joerg Hoexer | |
| 2005-11-27 | sanity check constraints for transforms. | Hans-Joerg Hoexer | |
| ok deraadt@ | |||
| 2005-11-27 | truly permit auth/enc/comp expressions to be in any order | Theo de Raadt | |
| hshoexer will add back in the contraint language | |||
| 2005-11-26 | allow specficiation of encryption and authentication algorithms to be swapped. | Hans-Joerg Hoexer | |
| Ie. both "enc 3des-cbc auth hmac-sha1" and " auth hmac-sha1 enc 3des-cbc" are valid. | |||
| 2005-11-24 | "hmac" not "hmc", notice by <gwyllion at ulyssis dot org> | Hans-Joerg Hoexer | |
| 2005-11-24 | Make clear we only have "hmac-sha1" and "hmac-md5". | Hans-Joerg Hoexer | |
| 2005-11-24 | Remove old-style keyed sha1/md5. We only support hmac-sha1/md5. | Hans-Joerg Hoexer | |
| Noticed the hard way by <raff at brodewicz dot pl> | |||
| 2005-11-21 | Fix memory leaks. From Andrey Matveev <evol at online dot ptt dot ru>, | Hans-Joerg Hoexer | |
| thanks! | |||
| 2005-11-13 | spacing | Theo de Raadt | |
| 2005-11-13 | fclose() file descriptor of the rule file when we are done with it. | Hans-Joerg Hoexer | |
| From David Hill <dhill at mindcry dot org>, thanks! | |||
| 2005-11-12 | spacing | Hans-Joerg Hoexer | |
| 2005-11-12 | add support for interface names as host specifications | Hans-Joerg Hoexer | |
| 2005-11-12 | permit TO/FROM to be swapped (symmetry is good); ok hshoexermk | Theo de Raadt | |
| 2005-11-12 | simplify TAILQ walking code; ok hshoexer | Theo de Raadt | |
| 2005-11-12 | spacing | Theo de Raadt | |
| 2005-11-12 | spacing | Theo de Raadt | |
| 2005-11-12 | do not stat() before open(); instead -- use fstat(); ok hshoexer | Theo de Raadt | |
| 2005-11-12 | handle transport/tunnel mode | Hans-Joerg Hoexer | |
| 2005-11-06 | Improved address and address mask handling, derived from pfctl stuff. | Hans-Joerg Hoexer | |
| 2005-11-06 | better handling of ip addresses, prepare for v6. Partially derived from diff | Hans-Joerg Hoexer | |
| by todd@. Work in progress. | |||
| 2005-10-30 | - SEE ALSO is sorted by section first | Jason McIntyre | |
| - new sentence, new line | |||
| 2005-10-30 | prepare for more flexible hostname resolver. Right now just v4, more to come | Hans-Joerg Hoexer | |
| (if groups, v6, dns). | |||
| 2005-10-30 | Xr ipcomp, sort "SEE ALSO" section | Hans-Joerg Hoexer | |
| 2005-10-30 | describe ipcomp | Hans-Joerg Hoexer | |
| 2005-10-30 | add support for ipcomp. | Hans-Joerg Hoexer | |
| 2005-10-28 | more error message cleanup | Hans-Joerg Hoexer | |
| 2005-10-17 | parse correctly flows using ipcomp. Glitch noticed by jared rr spiegel. | Hans-Joerg Hoexer | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |