summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
AgeCommit message (Expand)Author
2012-10-29backout possible infinit-loop (from rev 1.5) when parsing nat_d;Markus Friedl
2012-09-25lost preposition "in"Otto Moerbeek
2012-08-24ikev2 is described in rfc 5996 now;Jason McIntyre
2012-08-12Use .Lk for HTTP hyperlinks, not .Pa.Ingo Schwarze
2012-07-13Support additional MODP DH groups in the Phase 1 and Phase 2.Mike Belopuhov
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-06-04Rounding up a number of bytes in a bignum returned by the BN_num_bytes()Mike Belopuhov
2012-03-24set the vendor string to OpenBSD-5.2; ok mikeb@Markus Friedl
2012-01-16import (and fix) net_addrcmp() from libc as a static function.Eric Faurot
2011-12-12Allow using FQDN as a ID payload type. Some client (eg Windows XP)YASUOKA Masahiko
2011-10-20For NAT-T with transport mode, use the ISAKMP's SA addresses for theYASUOKA Masahiko
2011-09-29ssl.8: Certifying Authority -> Certificate AuthorityJason McIntyre
2011-08-02add refcounting for "Configuration" section for acquire-mode SAsMarkus Friedl
2011-06-23Use a common text explaining how the various configuration parsers usingStuart Henderson
2011-06-15When BN_bn2bin converts a bignum to the binary representationMike Belopuhov
2011-06-06some improvements for the text on packet capture; from Lawrence TeoJason McIntyre
2011-05-13wrong id for UDP_ENCAP_TRANSPORT_DRAFT; ok mikeb@Markus Friedl
2011-04-23Indicate which side of the connection responded during phase 1 while using -v.lum
2011-04-16Allow -v (verbose logging) to work if a -D option is supplied.Stuart Henderson
2011-04-06Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'Miod Vallat
2011-02-03When binding to addresses, ignore any IP address not in the currentPeter Hessler
2010-12-09When looking up an SA based on peer address, also check the portMartin Hedenfal
2010-11-29make key exchange faster by not checking the predefined groups with DH_check()Markus Friedl
2010-10-19convert to fuse cast from the libcrypto. with a simplification nit fromMike Belopuhov
2010-10-18as determined 4 years ago, FortiGate needs DOI of 0 responses to DPDTodd T. Fries
2010-10-15Switch the remaining users of libdes in src to libcrypto,Jonathan Gray
2010-09-22Support for use of AES-GCM-16 (as AESGCM) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2010-08-04fixup keylength for aes-128-cbc in quickmodeTheo de Raadt
2010-06-29Replace the hand-crafted Diffie-Hellman implementation in isakmpd withReyk Floeter
2010-06-07make clearer the relationship between isakmpd and ikev1; and iked and ikev2;Jason McIntyre
2010-06-03update the manpages for isakmpd(8) and ipsec.conf(5) to point to iked(8)Reyk Floeter
2010-05-10Various comment typos. 'wether' -> 'whether' (most popular), 'possiblity' ->Kenneth R Westerback
2010-04-15Log when isakmpd starts - patch from Toni Muellerlum
2010-04-06fix some more dodgy "-indent"; aucat.1 has some too, but i'll leave that forJason McIntyre
2010-03-26dispense with some wacky escape sequences;Jason McIntyre
2010-03-04don't crash on invalid phase 2 IDs; from hshoexer; ok sthen@Markus Friedl
2010-01-10only substract ISAKMP_ID_DATA_OFF once. otherwise 'buf' might overflowMarkus Friedl
2010-01-03Neither .Pp nor unqualified text are allowed at the top level of .Bl;Ingo Schwarze
2009-11-13fix a few memory leaks found by parfait; ok hshoexerTheo de Raadt
2009-06-25Add missing RTM_VERSION check. This is needed before accessing other dataClaudio Jeker
2009-06-05rtm->rtm_hdrlen conversionChris Cappuccio
2009-01-29Improve logging:Hans-Joerg Hoexer
2009-01-28cleaning up my tree: trivial KNF and a comment fix.Hans-Joerg Hoexer
2009-01-28Remove some dead (#if 0) code.Hans-Joerg Hoexer
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
2008-12-22mark log_fatal() and monitor_exit() as __dead, as they do not return.Hans-Joerg Hoexer
2008-11-11Use rfc2409 conform notification message when client identities areHans-Joerg Hoexer
2008-10-21do not listen on tentative (during DAD), duplicated (after DAD) orMarkus Friedl
2008-09-06adapt to API changes in OpenSSL 0.9.8hDamien Miller
2008-09-06adapt to sha2(3) API changes; ok millert@Damien Miller