Age | Commit message (Collapse) | Author |
|
configuration. Add a -GRP{1,2,5} component to transform and suite
names to directly specify which group to use. If no group is
specified, use DH group 2 (MODP_1024). Earlier transforms and suites
using the MD5 hash defaulted to DH group 1, this is no longer true.
niklas@ ok.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
properly. Make them work again. (niklas@ ok)
|
|
consideration.
|
|
|
|
|
|
author: angelos
Add Default-phase-1-ID tag in [General], and document its use.
author: angelos
Default Phase 1 entry.
|
|
util.c: Merge EOM diff 1.20 - 1.21, i.e. 1.19 is still left to be merged
author: ho
Use stat(), not lstat().
|
|
author: niklas
fgetc returns int not char; Boris Prochazka <boris@stargate.ipunplugged.com>
|
|
author: angelos
Just to be on the safe side, use a struct stat.
author: angelos
Only do the secrecy check and parse the configuration file if it
actually exists.
author: angelos
Actually create all the pre-configured Transforms and Suites, even if
the user doesn't actually define them in the configuration file; ugly
kludge, but it allows use of isakmpd without a configuration file.
author: angelos
Add RIPEMD negotiation/configuration.
|
|
regress/ec2n/Makefile: Merge with EOM 1.9
conf.c: Merge with EOM 1.40
util.c: Merge with EOM 1.17
author: ho
Add file permission check to private key file. Split out check function to util.c.
|
|
author: ho
Revert. Be strict about file mode.
|
|
author: ho
Warn but continue on isakmpd.conf permissions.
|
|
samples/VPN-east.conf: Merge with EOM 1.12
samples/VPN-west.conf: Merge with EOM 1.13
samples/policy: Merge with EOM 1.6
samples/singlehost-west.conf: Merge with EOM 1.9
samples/singlehost-east.conf: Merge with EOM 1.9
conf.c: Merge with EOM 1.37
ipsec.c: Merge with EOM 1.133
ipsec_num.cst: Merge with EOM 1.4
isakmpd.conf.5: Merge with EOM 1.48
isakmpd.policy.5: Merge with EOM 1.21
policy.c: Merge with EOM 1.46
author: angelos
AES support.
|
|
author: niklas
Remove some spaces
author: niklas
do not crash on empty config files
author: ho
(c)-2000
author: provos
style as pointed out by the code style pedant.
author: provos
proper reference counting for isakmp_sa in struct message, remove bogus
calls to sa_reference; fix some more memory leaks in conf.c
|
|
author: angelos
Initialize [Keynote]:Credential-directory.
author: ho
Autogenerated p1/p2 default lifetimes can be defined in config.
author: niklas
style
|
|
author: niklas
style fascism
author: ho
style fix
author: ho
Typo in comment.
author: ho
Typo; Cers-directory -> Cert-directory
author: ho
Do not load configuration if isakmpd.conf is not owned by the user running
isakmpd. Also, do not load config if file modes are too open.
Do not warn about ignored duplicate tags when they are autogenerated.
author: niklas
From ho: provide defaults for requested transforms, shortens config files
vastly.
|
|
author: ho
Typo in comment.
author: ho
Typo; Cers-directory -> Cert-directory
author: ho
Do not load configuration if isakmpd.conf is not owned by the user running
isakmpd. Also, do not load config if file modes are too open.
Do not warn about ignored duplicate tags when they are autogenerated.
author: niklas
From ho: provide defaults for requested transforms, shortens config files
vastly.
|
|
gmp_util.c: Merge with EOM 1.5
gmp_util.h: Merge with EOM 1.3
math_mp.h: Merge with EOM 1.2
sa.c: Merge with EOM 1.101
ui.c: Merge with EOM 1.40
author: niklas
(c) 2000
|
|
isakmpd.c: Merge with EOM 1.46
sa.c: Merge with EOM 1.100
ui.c: Merge with EOM 1.39
author: niklas
error message style
|
|
regress/dh/Makefile: Merge with EOM 1.7
regress/group/Makefile: Merge with EOM 1.9
regress/prf/Makefile: Merge with EOM 1.4
regress/rsakeygen/Makefile: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.10
Makefile: Merge with EOM 1.62
attribute.c: Merge with EOM 1.10
sa.c: Merge with EOM 1.99
conf.c: Merge with EOM 1.20
crypto.c: Merge with EOM 1.28
isakmpd.c: Merge with EOM 1.45
connection.c: Merge with EOM 1.19
doi.h: Merge with EOM 1.28
field.c: Merge with EOM 1.11
exchange.c: Merge with EOM 1.116
ike_auth.c: Merge with EOM 1.44
pf_key_v2.c: Merge with EOM 1.37
ike_phase_1.c: Merge with EOM 1.22
ipsec.c: Merge with EOM 1.118
isakmp_doi.c: Merge with EOM 1.40
log.c: Merge with EOM 1.26
log.h: Merge with EOM 1.18
math_group.c: Merge with EOM 1.23
message.c: Merge with EOM 1.144
pf_encap.c: Merge with EOM 1.70
policy.c: Merge with EOM 1.18
timer.c: Merge with EOM 1.13
transport.c: Merge with EOM 1.41
udp.c: Merge with EOM 1.47
ui.c: Merge with EOM 1.37
x509.c: Merge with EOM 1.36
author: niklas
Made debug logging a compile time selectable feature
|
|
conf.c: Merge with EOM 1.19
conf.h: Merge with EOM 1.10
ui.c: Merge with EOM 1.34
author: niklas
Dynamic updates of the configuration database is now possible, either through
ui, or through the new conf_* API described in DESIGN-NOTES
|
|
DESIGN-NOTES: Merge with EOM 1.42
Makefile: Merge with EOM 1.51
app.c: Merge with EOM 1.6
conf.c: Merge with EOM 1.18
init.c: Merge with EOM 1.14
isakmpd.conf.5: Merge with EOM 1.19
pf_encap.c: Merge with EOM 1.64
pf_encap.h: Merge with EOM 1.12
pf_key_v2.h: Merge with EOM 1.3
sysdep.h: Merge with EOM 1.16
transport.c: Merge with EOM 1.40
ui.c: Merge with EOM 1.32
author: niklas
A new connection abstraction
|
|
memory leak fixes
1999 copyrights
|
|
One include too much
conf.h: Merge with EOM 1.7
Forgotten include file
|
|
| revision 1.14
| date: 1999/02/25 11:38:47; author: niklas; state: Exp; lines: +3 -1
| include sysdep.h everywhere
| ----------------------------
| revision 1.13
| date: 1999/02/25 11:09:31; author: niklas; state: Exp; lines: +7 -4
| Make conf_get_num take a default value to give back when tag does not exist
| ----------------------------
| revision 1.12
| date: 1999/01/31 01:20:42; author: niklas; state: Exp; lines: +7 -1
| on-demand keying
| ----------------------------
|
|
|
|
|
|
|
|
|
|
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by
Ericsson Radio Systems. It is not yet complete or usable in a real scenario
but the missing pieces will soon be there. The early commit is for people
who wants early access and who are not afraid of looking at source.
isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so
far, so it is not that incomplete. It is really mostly configuration that
is lacking.
|