summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
AgeCommit message (Collapse)Author
2006-11-13previous was not quite right;Jason McIntyre
2006-11-13fix a macro mistake;Jason McIntyre
2006-11-13Handle rules with addresses from mismatched address families correctly.Ryan Thomas McBride
ok msf@
2006-11-10check both rule sourace and destination when grouping sa'sMathieu Sauve-Frankel
fixes PR5262 ok hshoexer@
2006-11-10When using -vv, also show grouped SAs.Hans-Joerg Hoexer
2006-11-10Fix grouping for SAs. Now all combinations of SAs are possible,Hans-Joerg Hoexer
not only ESP+AH (ie. ESP inside AH).
2006-11-10Do not count sa, ike and tcpmd5 rules twice. Fixes PR 5263.Hans-Joerg Hoexer
2006-11-01KNF unrelated to previous commit.Ryan Thomas McBride
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
ok hshoexer
2006-10-19note that all rules using enc0 should specify: keep state (if-bound)Jason McIntyre
2006-09-29add a new section header, since DESCRIPTION is getting so large...Jason McIntyre
2006-09-29make it clearer what needs to be run, and how; push manual keying downJason McIntyre
the list; move the rc stuff from ipsecctl to ipsec.conf; ok hshoexer
2006-09-26a better description of what our automatic keying example is up to;Jason McIntyre
ok hshoexer
2006-09-22- document which parts need to be packet filtered, and whyJason McIntyre
- move example ruleset into a more logical order - correct the if-bound example (spotted by hshoexer) help/ok markus hshoexer
2006-09-22typo in err(); from bret.lambert@gmail.com, thanks!Hans-Joerg Hoexer
2006-09-19sort SAs by spi; ok hshoexerMarkus Friedl
2006-09-18KNF and clean some trailing white spaces, no binary change.Hans-Joerg Hoexer
2006-09-15reorganise the sections to make more sense;Jason McIntyre
ok hshoexer ho
2006-09-15clarification;Jason McIntyre
2006-09-15add in filtering rules to allow keying daemons to talk;Jason McIntyre
help/ok markus
2006-09-14simplify an example. ok jmc@Hans-Joerg Hoexer
2006-09-13use "proto ipencap" for the gateway filter rules;Jason McIntyre
pointed out by msf; explained by markus
2006-09-12note that enc traffic is unecrypted; from mpfJason McIntyre
2006-09-12no need to Xr isakmpd.conf.5;Jason McIntyre
2006-09-12add a section on packet filtering ipsec traffic;Jason McIntyre
input henning markus mcbride ok mcbride hshoexer
2006-09-11improvememnts for `local', `peer', and `psk'; ok hshoexerJason McIntyre
2006-09-11- document how to set ipsec stuff running at bootJason McIntyre
- remove hazy tcp md5 blurb ok hshoexer
2006-09-07note that we can filter ipsec traffic on the enc interface;Jason McIntyre
2006-09-07improve the tcpmd5 section; ok claudio hshoexerJason McIntyre
2006-09-07move all the auth/enc/group stuff into one definitive section;Jason McIntyre
help from ho hshoexer
2006-09-06start to group the parameters for AUTOMATIC KEYING in a more logical way;Jason McIntyre
ok hshoexer
2006-09-05knock out a ton of Aq/Xo/Xc that was either unneeded, or just plain wrong;Jason McIntyre
2006-09-05document line splitting using `\';Jason McIntyre
2006-09-05slight text shuffle, and make the isakmpd bits clearer;Jason McIntyre
ok hshoexer
2006-09-04some wording fixes for the section headers and minor tweaks;Jason McIntyre
2006-09-04document comments, address syntax, and list expansion;Jason McIntyre
remove some duplicate text; ok hshoexer
2006-09-01a little better text for the sections; ok hshoexerJason McIntyre
2006-08-31Security Association Database is abbreviated 'SAD' (RFC 2401 et al), not ↵Hakan Olsson
'SADB'. jmc@, hshoexer@ ok.
2006-08-31knock out the cpp/m4 stuff from MACROS; after discussion with many...Jason McIntyre
2006-08-31some improvements to srcid and destid, as noted by mpf;Jason McIntyre
ok hshoexer mpf
2006-08-31expand DESCRIPTION; input from ho hshoexer naddyJason McIntyre
2006-08-31clarify an .Sh; agreed with hshoexerJason McIntyre
2006-08-30can get EAGAIN when writing to the pfkey socket; same change as bgpd,Henning Brauer
ok hshoexer
2006-08-30cut down the examples; ok hshoexerJason McIntyre
2006-08-30partial backout of last commitMarkus Friedl
2006-08-30some tcp md5 bits;Jason McIntyre
2006-08-30comment out some comp stuff i missed earlier;Jason McIntyre
2006-08-30better wording for the key generation section;Jason McIntyre
2006-08-30kill more redundant text, and an oops;Jason McIntyre
2006-08-30remove some repeated text, and shuffle a little;Jason McIntyre