summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
AgeCommit message (Collapse)Author
2006-06-11Document AESCTR for quick mode and SHA2-* for main mode. Help by jmc.Hans-Joerg Hoexer
ok jmc@
2006-06-11tweaks;Jason McIntyre
2006-06-10Document -S and the "Delete-SAs" tag. Those will enable SA deletionHans-Joerg Hoexer
on shutdown.
2006-06-10Make deletion of SAs on shutdown optional. The default behaviourHans-Joerg Hoexer
now is to not delete SAs. Needed for reliable ipsec failover. Suggested by mtu@. Moreover, this ensures that packets do not leak when isakmpd is shutdown. ok mcbride@, testing mtu@
2006-06-10Allow isakmpd to use a different private rsa key per isakmp ID. Hans wrote ↵Mathieu Sauve-Frankel
this a long time ago, I synced it to -current and tested. ok hshoexer@
2006-06-10This shouldn't have been commited yet.Hans-Joerg Hoexer
2006-06-10support sha2 for main mode hmacs and aesctr for quick mode encryption.Hans-Joerg Hoexer
ok markus@ ho@
2006-06-09Allow for AH the use of the authentication algorithms added a while ago.Christian Weisgerber
Fix the indentation while we're here. ok hshoexer@
2006-06-02Big spelling cleanup, no binary change. From david@Hans-Joerg Hoexer
2006-06-02Big whitespace cleanup.Hans-Joerg Hoexer
2006-06-01Fix a commentHans-Joerg Hoexer
2006-05-31tiny KNFHans-Joerg Hoexer
2006-05-31Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPDHans-Joerg Hoexer
breakage noticed and reported by Mitja Muzenic. ok markus@ ho@, testing by Mitja and cloder@, discussed with Nathanael.
2006-05-30fix SA grouping. Now, esp+ah and ah+esp works again.Hans-Joerg Hoexer
ok markus@
2006-05-29Do not use C++ comments. Noticed by markus.Hans-Joerg Hoexer
2006-05-29export pf_key_v2_disable_sa() (unbreaks build)Markus Friedl
2006-05-29Oops, return after calling sa_release()Ryan Thomas McBride
2006-05-29Fix broken merge of patch. Pointed out by nathanael at polymorpheus dot com.Ryan Thomas McBride
2006-05-28Assign a finalization event to the exchange initiated on soft expiry.Ryan Thomas McBride
If the exchange fails, the existing phase 1 SA is invalidated and the exchange is retried at the Exchange-Max-Time interval until the SA hard timeout expires. Another sasyncd-related fix from nathanael at polymorpheous dot com ok ho@ hshoexer@
2006-05-28also report SA flags.Hans-Joerg Hoexer
2006-05-28Change the default replay window for SAs created by the isakmpd responderRyan Thomas McBride
to be DEFAULT_REPLAY_WINDOW instead of zero. The default replay window is then the same for both initiator and receiver. Fix from nathanael at polymorpheous dot com. ok hshoexer@
2006-05-27document modp3072.Hans-Joerg Hoexer
2006-05-27add group15/modp3072 to default configurations.Hans-Joerg Hoexer
2006-05-26ipsectl -> ipsecctlJason McIntyre
2006-05-26vpn.8 removal;Jason McIntyre
2006-05-26let us not talk about ipsecadm and vpn anymore; ok reykTheo de Raadt
2006-05-05correct correct rfc referenceDamien Miller
2006-05-05correct rfc referenceDamien Miller
2006-05-04check for degenerate Diffie-Hellman public exponents;Damien Miller
ok markus@ hshoexer@ deraadt@
2006-03-22No need to specify the DOI, make examples more consistent.Hans-Joerg Hoexer
Suggested by david@
2006-03-20make sure the command fifo is ready before isakmpd returns. ThisHans-Joerg Hoexer
resolves a startup race when interacting with ipsecctl. Suggested by and discussed with moritz@ ok moritz@
2006-02-02Small cleanup to avoid gotos, from Andrey Matveev.Hans-Joerg Hoexer
ok moritz@
2006-01-02clean up error paths using "goto", part 1. From Andrey Matveev <evol atHans-Joerg Hoexer
online dot ptt dot ru>. Thanks!
2005-12-28remove some unused functions and an unused variable found by lint.Hans-Joerg Hoexer
ok markus@
2005-12-21Userland programs should include <errno.h> not <sys/errno.h>Todd C. Miller
OK deraadt@
2005-12-20let isakmpd(8) remove it's pid/fifo file on exit.Moritz Jodeit
rework signal handling in the monitor process to let this work. testing and ok hshoexer@
2005-11-26get rid of some leftovers from a cleanup during c2k5. From Andrey MatveevHans-Joerg Hoexer
<evol at online dot ptt dot ru>, thanks!
2005-11-17typo, ok hshoexer@Alexander von Gernler
2005-11-17add a free() which got lost in r1.104. ok hshoexer@ deraadt@Moritz Jodeit
2005-11-16Avoid printing a NULL string. ok hshoexerChad Loder
2005-11-15Be cleaner about signed vs. unsigned when it's easy to do so. OK hshoexerChad Loder
2005-11-15Add a new raw2hex function and yank out several pieces of code in otherChad Loder
places that were doing this. Prodding deraadt. OK hshoexer.
2005-11-14use snprintf; ok cloder. also looked at by a few other peopleTheo de Raadt
2005-11-13zap unused variable and silence gcc.Hans-Joerg Hoexer
From Mike Belopuhov <mkb at crypt dot org dot ru> Thanks!
2005-10-27Do not touch LIST_* macro internals.Hans-Joerg Hoexer
with otto@, ok ho@
2005-10-26don't send DPD messages before the exchange is finialized, otherwiseMarkus Friedl
we have a race between DPD and exchange timeouts and both will release the SA and corrupt the SA list. ok hshoexer@, ho@
2005-10-25some small knf, ok ho@Hans-Joerg Hoexer
2005-10-25Do not send a message when no transport is available.Hans-Joerg Hoexer
ok cloder ho
2005-10-06improve examples and show how to use KEY_LENGTH. Slightly different fix thanHans-Joerg Hoexer
proposed by sthen at spacehopper dot org, fixes pr 4522, thanks! ok and with jmc@
2005-09-23Document new UI commandsHans-Joerg Hoexer
ok and help jmc@
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-17 05:58:47 +0000