Age | Commit message (Collapse) | Author | |
---|---|---|---|
2006-09-19 | Use S_IS* macros insted of masking with S_IF* flags. The latter may | Otto Moerbeek | |
have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@ | |||
2006-09-15 | Remove "Delete-SAs" config option. This was needed for interaction | Hans-Joerg Hoexer | |
with sasyncd(8). Now sasyncd(8) controls isakmpd(8) regarding SA deletion so this option is obsolete. ok mpf jmc | |||
2006-09-09 | point people towards ipsec.conf.5; after some discussion w/ reyk | Jason McIntyre | |
ok hshoexer reyk | |||
2006-09-01 | use shell-independent examples; | Jason McIntyre | |
2006-09-01 | Add a new UI command to force isakmpd into passive only mode. | Marco Pfatschbacher | |
Will be used by sasyncd to prevent two talking isakmpd's in an HA setup. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@ | |||
2006-08-31 | document an issue with subjectAltName found by reyk; | Jason McIntyre | |
ok hshoexer ho reyk | |||
2006-08-31 | remove a confusing sentence; ok hshoexer ho | Jason McIntyre | |
2006-08-30 | fix isakmpd -Ka, as used by bgpd, or acquire flows set up via ipsecctl. | Henning Brauer | |
acquire flows need to be recorded on the fly via connection_record_passive(), otherwise later lookups fail and the policy check fails. ok hshoexer ho markus msf deraadt | |||
2006-08-30 | rewording; from reyk cloder hshoexer | Jason McIntyre | |
ok ho | |||
2006-08-30 | need to retry writing to pfkey socket on EAGAIN, ok theo hshoexer | Henning Brauer | |
2006-08-30 | Make SA deletion on shutdown the default again. Use -S for failover | Hans-Joerg Hoexer | |
situations where you do not want this. Discussed and agreed on with ho, mcbride, markus, cloder,... We will have to teach sasyncd to deal with this. Testing by msf and hshoexer with help from mtu ok markus cloder | |||
2006-08-30 | Back out r1.103, which caused SA's to leak until memory was exhausted. | Chad Loder | |
OK hshoexer, nathanael, mpf, "get that in" deraadt | |||
2006-08-30 | do not call pf_key_v2_disable_sa twice; ok hshoexer, ho | Markus Friedl | |
2006-08-29 | Properly define quick mode suites for AH. With naddy. | Hans-Joerg Hoexer | |
ok ho | |||
2006-08-22 | correct function name in log message. | Hans-Joerg Hoexer | |
2006-07-24 | Style; return is not a function. hshoexer@ ok. | Hakan Olsson | |
2006-07-02 | Let isakmpd send out a vendor ID announcing isamkpds release version. | Hans-Joerg Hoexer | |
Will be handy for release specific bug fixes, etc. Suggested by markus@ quite some time ago. ok markus@ | |||
2006-06-29 | Document that pcap files can only be writen to the /var/run directory. | Hans-Joerg Hoexer | |
2006-06-18 | clean up some gotos. Originally from Andrey Matveev <evol at online | Hans-Joerg Hoexer | |
dot ptt dot ru>. Ok and help moritz@ | |||
2006-06-17 | Do not leak file descriptor in error path. From Andrey Matveev | Hans-Joerg Hoexer | |
<evol at online dot ptt dot ru>, thanks! | |||
2006-06-14 | indentation. | Hans-Joerg Hoexer | |
2006-06-11 | Document AESCTR for quick mode and SHA2-* for main mode. Help by jmc. | Hans-Joerg Hoexer | |
ok jmc@ | |||
2006-06-11 | tweaks; | Jason McIntyre | |
2006-06-10 | Document -S and the "Delete-SAs" tag. Those will enable SA deletion | Hans-Joerg Hoexer | |
on shutdown. | |||
2006-06-10 | Make deletion of SAs on shutdown optional. The default behaviour | Hans-Joerg Hoexer | |
now is to not delete SAs. Needed for reliable ipsec failover. Suggested by mtu@. Moreover, this ensures that packets do not leak when isakmpd is shutdown. ok mcbride@, testing mtu@ | |||
2006-06-10 | Allow isakmpd to use a different private rsa key per isakmp ID. Hans wrote ↵ | Mathieu Sauve-Frankel | |
this a long time ago, I synced it to -current and tested. ok hshoexer@ | |||
2006-06-10 | This shouldn't have been commited yet. | Hans-Joerg Hoexer | |
2006-06-10 | support sha2 for main mode hmacs and aesctr for quick mode encryption. | Hans-Joerg Hoexer | |
ok markus@ ho@ | |||
2006-06-09 | Allow for AH the use of the authentication algorithms added a while ago. | Christian Weisgerber | |
Fix the indentation while we're here. ok hshoexer@ | |||
2006-06-02 | Big spelling cleanup, no binary change. From david@ | Hans-Joerg Hoexer | |
2006-06-02 | Big whitespace cleanup. | Hans-Joerg Hoexer | |
2006-06-01 | Fix a comment | Hans-Joerg Hoexer | |
2006-05-31 | tiny KNF | Hans-Joerg Hoexer | |
2006-05-31 | Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPD | Hans-Joerg Hoexer | |
breakage noticed and reported by Mitja Muzenic. ok markus@ ho@, testing by Mitja and cloder@, discussed with Nathanael. | |||
2006-05-30 | fix SA grouping. Now, esp+ah and ah+esp works again. | Hans-Joerg Hoexer | |
ok markus@ | |||
2006-05-29 | Do not use C++ comments. Noticed by markus. | Hans-Joerg Hoexer | |
2006-05-29 | export pf_key_v2_disable_sa() (unbreaks build) | Markus Friedl | |
2006-05-29 | Oops, return after calling sa_release() | Ryan Thomas McBride | |
2006-05-29 | Fix broken merge of patch. Pointed out by nathanael at polymorpheus dot com. | Ryan Thomas McBride | |
2006-05-28 | Assign a finalization event to the exchange initiated on soft expiry. | Ryan Thomas McBride | |
If the exchange fails, the existing phase 1 SA is invalidated and the exchange is retried at the Exchange-Max-Time interval until the SA hard timeout expires. Another sasyncd-related fix from nathanael at polymorpheous dot com ok ho@ hshoexer@ | |||
2006-05-28 | also report SA flags. | Hans-Joerg Hoexer | |
2006-05-28 | Change the default replay window for SAs created by the isakmpd responder | Ryan Thomas McBride | |
to be DEFAULT_REPLAY_WINDOW instead of zero. The default replay window is then the same for both initiator and receiver. Fix from nathanael at polymorpheous dot com. ok hshoexer@ | |||
2006-05-27 | document modp3072. | Hans-Joerg Hoexer | |
2006-05-27 | add group15/modp3072 to default configurations. | Hans-Joerg Hoexer | |
2006-05-26 | ipsectl -> ipsecctl | Jason McIntyre | |
2006-05-26 | vpn.8 removal; | Jason McIntyre | |
2006-05-26 | let us not talk about ipsecadm and vpn anymore; ok reyk | Theo de Raadt | |
2006-05-05 | correct correct rfc reference | Damien Miller | |
2006-05-05 | correct rfc reference | Damien Miller | |
2006-05-04 | check for degenerate Diffie-Hellman public exponents; | Damien Miller | |
ok markus@ hshoexer@ deraadt@ |