summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
AgeCommit message (Expand)Author
2006-09-11improvememnts for `local', `peer', and `psk'; ok hshoexerJason McIntyre
2006-09-11- document how to set ipsec stuff running at bootJason McIntyre
2006-09-07note that we can filter ipsec traffic on the enc interface;Jason McIntyre
2006-09-07improve the tcpmd5 section; ok claudio hshoexerJason McIntyre
2006-09-07move all the auth/enc/group stuff into one definitive section;Jason McIntyre
2006-09-06start to group the parameters for AUTOMATIC KEYING in a more logical way;Jason McIntyre
2006-09-05knock out a ton of Aq/Xo/Xc that was either unneeded, or just plain wrong;Jason McIntyre
2006-09-05document line splitting using `\';Jason McIntyre
2006-09-05slight text shuffle, and make the isakmpd bits clearer;Jason McIntyre
2006-09-04some wording fixes for the section headers and minor tweaks;Jason McIntyre
2006-09-04document comments, address syntax, and list expansion;Jason McIntyre
2006-09-01a little better text for the sections; ok hshoexerJason McIntyre
2006-08-31Security Association Database is abbreviated 'SAD' (RFC 2401 et al), not 'SAD...Hakan Olsson
2006-08-31knock out the cpp/m4 stuff from MACROS; after discussion with many...Jason McIntyre
2006-08-31some improvements to srcid and destid, as noted by mpf;Jason McIntyre
2006-08-31expand DESCRIPTION; input from ho hshoexer naddyJason McIntyre
2006-08-31clarify an .Sh; agreed with hshoexerJason McIntyre
2006-08-30can get EAGAIN when writing to the pfkey socket; same change as bgpd,Henning Brauer
2006-08-30cut down the examples; ok hshoexerJason McIntyre
2006-08-30partial backout of last commitMarkus Friedl
2006-08-30some tcp md5 bits;Jason McIntyre
2006-08-30comment out some comp stuff i missed earlier;Jason McIntyre
2006-08-30better wording for the key generation section;Jason McIntyre
2006-08-30kill more redundant text, and an oops;Jason McIntyre
2006-08-30remove some repeated text, and shuffle a little;Jason McIntyre
2006-08-30one more from ho;Jason McIntyre
2006-08-30correction; from hoJason McIntyre
2006-08-30knock out some redundant text; from hoJason McIntyre
2006-08-30put the PFS stuff in the right place;Jason McIntyre
2006-08-30actually use the right value for USER_FQDNMathieu Sauve-Frankel
2006-08-30print extensions with type SADB_EXT_MAX, too; ok hshoexer, reyk, msfMarkus Friedl
2006-08-30knock out ipcomp for now;Jason McIntyre
2006-08-30put this page into a better structure orderJason McIntyre
2006-08-29add support for ufqdn ids in ike rulesMathieu Sauve-Frankel
2006-08-29Add support for IKE AH rules to ipsecctl. Man page input by jmc@.Christian Weisgerber
2006-07-22corrections from alexey e. suslikov;Jason McIntyre
2006-07-21When no peer is specified, no peer address is defined, thus do not use it.Hans-Joerg Hoexer
2006-06-28document lists, prodded by david@Hans-Joerg Hoexer
2006-06-18add group "none"; when choosen, pfs will be disabled.Hans-Joerg Hoexer
2006-06-16add a missing "force"Hans-Joerg Hoexer
2006-06-16report the correct line number on an error. Noticed by david@Hans-Joerg Hoexer
2006-06-15be careful when touch the peer component of a rule. It is notHans-Joerg Hoexer
2006-06-14recover list of key sizes from vpn(8); suggested by markus@, ok hshoexer@Christian Weisgerber
2006-06-13For IKE, allow main mode SHA2 and quick mode AESCTR transforms,Christian Weisgerber
2006-06-12Fix a typo that prevented ipsecctl -ss from showing authenticationChristian Weisgerber
2006-06-11the default encryption algorithm with static keying is AES-CBC now; ok hshoexer@Christian Weisgerber
2006-06-11As naddy@ pointed out RFC 3686 discourages use of AESCTR for staticHans-Joerg Hoexer
2006-06-11Adopt to recent changes (mopd3072 is not the default anymore).Hans-Joerg Hoexer
2006-06-10Better error message when a key file can not be opened or the provided key isHans-Joerg Hoexer
2006-06-10switch back to original defaults regarding DH groups. modp3072 is toHans-Joerg Hoexer