summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
AgeCommit message (Expand)Author
2007-05-10Do not crash when lists include the "any" keyword. Reported byHans-Joerg Hoexer
2007-03-16move autodetection of the ID type to the parser. this way theMarkus Friedl
2007-03-06Explain, why aesctr has 160 bit keys (128 bit aes key + 32 bit nonce).Hans-Joerg Hoexer
2007-02-26Really, we don't need two grp18's ;-)Todd T. Fries
2007-02-19tweak;Jason McIntyre
2007-02-19Document NULL encryption.Hans-Joerg Hoexer
2007-02-19Bits for ESP+NULL encryption. This is useful, when AH can not beHans-Joerg Hoexer
2007-02-19do not display empty authkey/enckey line when -k option is notHans-Joerg Hoexer
2007-02-19undo previous commit and keep the original behaviour of the parser.Hans-Joerg Hoexer
2007-02-16Address PR 5380: refer to DH MODP well-known group numbers.Chad Loder
2007-02-16Do not accept '\n' in quoted strings. Addresses issues noticed byHans-Joerg Hoexer
2007-01-10allow rule if there is at least _one_ matching address family combination.Markus Friedl
2007-01-10add -k to usage();Jason McIntyre
2007-01-04don't pass -1 as a netmask; report vicviq at gmail.comMarkus Friedl
2007-01-03do not print secret keys by default, -k restores old behaviour; ok hshoexerMarkus Friedl
2007-01-02better support for IPv6 hostname/numeric representation.Jun-ichiro itojun Hagino
2006-12-18call ike_setup_ids from a more appropriate location.Mathieu Sauve-Frankel
2006-12-12a rewrite of enc.4, hopefully a little more useful than what we previouslyJason McIntyre
2006-12-06SAD -> SADB; ok hshoexerJason McIntyre
2006-11-30typo: wrong rid for protocolMarkus Friedl
2006-11-30use rmv to unregister ipsec connections; ok hshoexer, hoMarkus Friedl
2006-11-30handle multiple SAs with different same src/dst but different port;Markus Friedl
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-11-24fix typo for remote port; from Brian CandlerMarkus Friedl
2006-11-21do not delete sections that might be shared with other connectionsMarkus Friedl
2006-11-13briefly describe phases 1 and 2, and use these terms moreJason McIntyre
2006-11-13previous was not quite right;Jason McIntyre
2006-11-13fix a macro mistake;Jason McIntyre
2006-11-13Handle rules with addresses from mismatched address families correctly.Ryan Thomas McBride
2006-11-10check both rule sourace and destination when grouping sa'sMathieu Sauve-Frankel
2006-11-10When using -vv, also show grouped SAs.Hans-Joerg Hoexer
2006-11-10Fix grouping for SAs. Now all combinations of SAs are possible,Hans-Joerg Hoexer
2006-11-10Do not count sa, ike and tcpmd5 rules twice. Fixes PR 5263.Hans-Joerg Hoexer
2006-11-01KNF unrelated to previous commit.Ryan Thomas McBride
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
2006-10-19note that all rules using enc0 should specify: keep state (if-bound)Jason McIntyre
2006-09-29add a new section header, since DESCRIPTION is getting so large...Jason McIntyre
2006-09-29make it clearer what needs to be run, and how; push manual keying downJason McIntyre
2006-09-26a better description of what our automatic keying example is up to;Jason McIntyre
2006-09-22- document which parts need to be packet filtered, and whyJason McIntyre
2006-09-22typo in err(); from bret.lambert@gmail.com, thanks!Hans-Joerg Hoexer
2006-09-19sort SAs by spi; ok hshoexerMarkus Friedl
2006-09-18KNF and clean some trailing white spaces, no binary change.Hans-Joerg Hoexer
2006-09-15reorganise the sections to make more sense;Jason McIntyre
2006-09-15clarification;Jason McIntyre
2006-09-15add in filtering rules to allow keying daemons to talk;Jason McIntyre
2006-09-14simplify an example. ok jmc@Hans-Joerg Hoexer
2006-09-13use "proto ipencap" for the gateway filter rules;Jason McIntyre
2006-09-12note that enc traffic is unecrypted; from mpfJason McIntyre
2006-09-12no need to Xr isakmpd.conf.5;Jason McIntyre