src - OpenBSD base system

Age	Commit message (Collapse)	Author
2008-02-17	Define default configurations for AES-192 and AES-256. From Mitja Muzenic	Hans-Joerg Hoexer
	<mitja at muzenic dot net>, diff provided already quite some time ago, many many thanks. This should have gone in months ago but I was slacking, sorry for that.
2007-05-31	convert to new .Dd format;	Jason McIntyre

2007-05-23	Get rid of some obsolete exampels.	Hans-Joerg Hoexer
	ok and prodding @jmc
2007-03-18	Fix usage of predefined lifetimes. "Default-phase-[12]-lifetime"	Hans-Joerg Hoexer
	just specifies the values to be used. However, the specifications are called "LIFE_MAIN_MODE" and "LIFE_QUICK_MODE". ok ho@ jmc@
2007-02-19	tweak;	Jason McIntyre

2007-02-19	Document NULL encryption.	Hans-Joerg Hoexer

2006-11-24	add support to tag ipsec traffic belonging to specific IKE-initiated	Reyk Floeter
	phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@
2006-09-15	Remove "Delete-SAs" config option. This was needed for interaction	Hans-Joerg Hoexer
	with sasyncd(8). Now sasyncd(8) controls isakmpd(8) regarding SA deletion so this option is obsolete. ok mpf jmc
2006-08-30	Make SA deletion on shutdown the default again. Use -S for failover	Hans-Joerg Hoexer
	situations where you do not want this. Discussed and agreed on with ho, mcbride, markus, cloder,... We will have to teach sasyncd to deal with this. Testing by msf and hshoexer with help from mtu ok markus cloder
2006-06-11	Document AESCTR for quick mode and SHA2-* for main mode. Help by jmc.	Hans-Joerg Hoexer
	ok jmc@
2006-06-11	tweaks;	Jason McIntyre

2006-06-10	Document -S and the "Delete-SAs" tag. Those will enable SA deletion	Hans-Joerg Hoexer
	on shutdown.
2006-06-10	Allow isakmpd to use a different private rsa key per isakmp ID. Hans wrote ↵	Mathieu Sauve-Frankel
	this a long time ago, I synced it to -current and tested. ok hshoexer@
2006-05-27	document modp3072.	Hans-Joerg Hoexer

2006-05-26	ipsectl -> ipsecctl	Jason McIntyre

2006-05-26	vpn.8 removal;	Jason McIntyre

2006-05-26	let us not talk about ipsecadm and vpn anymore; ok reyk	Theo de Raadt

2005-10-06	improve examples and show how to use KEY_LENGTH. Slightly different fix than	Hans-Joerg Hoexer
	proposed by sthen at spacehopper dot org, fixes pr 4522, thanks! ok and with jmc@
2005-08-23	`DSS' is unsupported, so remove references to it;	Jason McIntyre
	ok hshoexer@
2005-06-11	grammar;	Jason McIntyre

2005-05-31	certpatch is gone, noticed by david@	Hans-Joerg Hoexer

2005-05-23	Mention interface names can be used in Listen-on. OK hshoexer	Chad Loder

2005-05-12	add some missing section descriptions to make this page a little	Jason McIntyre
	easier to read; ok hshoexer@
2005-05-05	alphabetically order options within sections;	Jason McIntyre
	discussed w/ hshoexer@
2005-05-05	this is not a separate list item;	Jason McIntyre
	ok hshoexer@
2005-05-05	first stab at making this page easier to read:	Jason McIntyre
	various grammar/mdoc fixes;
2005-04-06	Check-interval and DPD-check-interval are specified in seconds.	Chad Loder

2005-02-22	fix wrong line break in comment.	Moritz Jodeit
	ok hshoexer@
2005-01-05	kill whitespace;	Jason McIntyre

2005-01-05	Discourage using aggressive mode.	Hans-Joerg Hoexer
	ok and some help ho@
2004-12-14	Allow the Address, Network, or Netmask values of the <IPsec-ID> to be	Ryan Thomas McBride
	specified with an interface name (in which case the first address is used) or the keyword 'default' (in which case the address is selected based on the default route). eg: [roadwarrior-ip] ID-type= IPV4_ADDR Address= default ok ho@ hshoexer@
2004-08-10	Better implementation of the Dead Peer Detection protocol, RFC 3706.	Hakan Olsson
	hshoexer@ ok.
2004-07-08	typo, and line adjustment;	Jason McIntyre

2004-07-07	document -a/-K and "Acquire-Only"/"Use-Keynote".	Hans-Joerg Hoexer
	ok markus@ henning@ ho@ english polish and mdoc help and ok jmc@
2004-06-26	new sentence, new line;	Jason McIntyre

2004-06-21	Describe the [Default]:NAT-T-Keepalive configuration parameter.	Hakan Olsson

2004-02-27	Add group 14 (modp2048) to predefined suites. Manpage also updated.	Hans-Joerg Hoexer
	ok ho@
2004-02-26	tweak;	Jason McIntyre
	ok hshoexer@
2004-02-25	Add and document configuration options Logverbose and Loglevel. As log.c now	Hans-Joerg Hoexer
	depends on conf.c and some regression tests use log.c, add conf.c to Makefiles where necessary. ok ho@
2003-11-05	PFS: Perfect Forward Secrecy (RFC 2409);	Jason McIntyre
	from misc@ and ok markus@
2003-08-28	support AES in phase 1, too. switch to OpenSSL EVP interface;	Markus Friedl
	with Hans-Joerg.Hoexer at yerbouti.franken.de; ok ho@
2003-08-09	new sentence, new line + small cleanup;	Jason McIntyre
	ok ho@
2003-07-25	add sha2 support; ok ho@	Markus Friedl

2003-07-09	- remove some .Ss's that worked around the old blank line bug	Jason McIntyre
	- remove some unnecessary .Pp's - mdoc a list ok ho@
2003-06-03	Remove clauses 3 and 4. With approval from Niklas Hallqvist and	Hakan Olsson
	Niels Provos.
2003-06-03	- section reorder	Jason McIntyre
	- some mdoc fixes
2003-05-17	tweak;	Jason McIntyre
	ok ho@
2003-05-16	If the "Renegotiate-on-HUP" tag is defined in the [General] section, a	Hakan Olsson
	HUP signal (or "R" to the FIFO) will also renegotiate all Phase 2 SAs, i.e all connections. ok niklas@, tested and ok kjell@.
2003-05-10	typos;	Jason McIntyre

2003-03-21	document [initiator-id] section; richb@timestone.com.au; ok ho@, jmc@	Markus Friedl