Age | Commit message (Collapse) | Author | |
---|---|---|---|
2007-02-19 | tweak; | Jason McIntyre | |
2007-02-19 | Document NULL encryption. | Hans-Joerg Hoexer | |
2007-02-19 | isakmpd bits for ESP+NULL encryption. This is useful, when AH can | Hans-Joerg Hoexer | |
not be used (when being behind NAT). With Martin Hedenfalk <martin.hedenfalk at gmail.com>, thanks! | |||
2006-12-05 | plug memleak, noticed by jesus@mxtelecom.com | Hans-Joerg Hoexer | |
ok moritz@, tested by jesus@mxtelecom.com (thanks!) | |||
2006-12-05 | some carp/sasyncd bits from msf and myself; | Jason McIntyre | |
ok mpf | |||
2006-12-05 | Don't leak message structures, when we see unsupported payloads | Moritz Jodeit | |
or if the payload node allocation fails. Also adjust a comment to make it more clear, who's responsible for freeing the message structs. Input from cloder@. OK hshoexer@ | |||
2006-11-30 | new ui command 'rmv': removes an entry from a list, thus reversing an | Markus Friedl | |
'add' operation; ok ho, hshoexer, jmc eVS: ---------------------------------------------------------------------- | |||
2006-11-29 | no need to document generation of local.key 3 times; | Jason McIntyre | |
spotted by mcbride, ok hshoexer; | |||
2006-11-29 | zap trailing spaces; | Jason McIntyre | |
2006-11-29 | Document the new location of local.pub, and clarify the fact that local.key | Ryan Thomas McBride | |
contains the entire keypair. ok deraadt jmc | |||
2006-11-28 | do not re-add existing entries; ok hshoexer | Markus Friedl | |
2006-11-24 | add support to tag ipsec traffic belonging to specific IKE-initiated | Reyk Floeter | |
phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@ | |||
2006-11-09 | support public keys w/o SubjectPublicKeyInfo (format: BEGIN RSA PUBLIC KEY) | Markus Friedl | |
ok ho, hshoexer | |||
2006-10-29 | Fix TAILQ usage, preventing crashes | Pedro Martelletto | |
Okay henning@ krw@ millert@ hshoexer@ | |||
2006-10-18 | do not name FILE * variables "fd" since it is confusing | Theo de Raadt | |
2006-10-05 | Reword sentence to fix grammar nit. | Tom Cosgrove | |
ok jmc@ | |||
2006-09-19 | Use S_IS* macros insted of masking with S_IF* flags. The latter may | Otto Moerbeek | |
have multiple bits set, which leads to surprising results. Spotted by/partly from Paul Stoeber, more to come. ok ho@ miod@ hshoexer@ | |||
2006-09-15 | Remove "Delete-SAs" config option. This was needed for interaction | Hans-Joerg Hoexer | |
with sasyncd(8). Now sasyncd(8) controls isakmpd(8) regarding SA deletion so this option is obsolete. ok mpf jmc | |||
2006-09-09 | point people towards ipsec.conf.5; after some discussion w/ reyk | Jason McIntyre | |
ok hshoexer reyk | |||
2006-09-01 | use shell-independent examples; | Jason McIntyre | |
2006-09-01 | Add a new UI command to force isakmpd into passive only mode. | Marco Pfatschbacher | |
Will be used by sasyncd to prevent two talking isakmpd's in an HA setup. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@ | |||
2006-08-31 | document an issue with subjectAltName found by reyk; | Jason McIntyre | |
ok hshoexer ho reyk | |||
2006-08-31 | remove a confusing sentence; ok hshoexer ho | Jason McIntyre | |
2006-08-30 | fix isakmpd -Ka, as used by bgpd, or acquire flows set up via ipsecctl. | Henning Brauer | |
acquire flows need to be recorded on the fly via connection_record_passive(), otherwise later lookups fail and the policy check fails. ok hshoexer ho markus msf deraadt | |||
2006-08-30 | rewording; from reyk cloder hshoexer | Jason McIntyre | |
ok ho | |||
2006-08-30 | need to retry writing to pfkey socket on EAGAIN, ok theo hshoexer | Henning Brauer | |
2006-08-30 | Make SA deletion on shutdown the default again. Use -S for failover | Hans-Joerg Hoexer | |
situations where you do not want this. Discussed and agreed on with ho, mcbride, markus, cloder,... We will have to teach sasyncd to deal with this. Testing by msf and hshoexer with help from mtu ok markus cloder | |||
2006-08-30 | Back out r1.103, which caused SA's to leak until memory was exhausted. | Chad Loder | |
OK hshoexer, nathanael, mpf, "get that in" deraadt | |||
2006-08-30 | do not call pf_key_v2_disable_sa twice; ok hshoexer, ho | Markus Friedl | |
2006-08-29 | Properly define quick mode suites for AH. With naddy. | Hans-Joerg Hoexer | |
ok ho | |||
2006-08-22 | correct function name in log message. | Hans-Joerg Hoexer | |
2006-07-24 | Style; return is not a function. hshoexer@ ok. | Hakan Olsson | |
2006-07-02 | Let isakmpd send out a vendor ID announcing isamkpds release version. | Hans-Joerg Hoexer | |
Will be handy for release specific bug fixes, etc. Suggested by markus@ quite some time ago. ok markus@ | |||
2006-06-29 | Document that pcap files can only be writen to the /var/run directory. | Hans-Joerg Hoexer | |
2006-06-18 | clean up some gotos. Originally from Andrey Matveev <evol at online | Hans-Joerg Hoexer | |
dot ptt dot ru>. Ok and help moritz@ | |||
2006-06-17 | Do not leak file descriptor in error path. From Andrey Matveev | Hans-Joerg Hoexer | |
<evol at online dot ptt dot ru>, thanks! | |||
2006-06-14 | indentation. | Hans-Joerg Hoexer | |
2006-06-11 | Document AESCTR for quick mode and SHA2-* for main mode. Help by jmc. | Hans-Joerg Hoexer | |
ok jmc@ | |||
2006-06-11 | tweaks; | Jason McIntyre | |
2006-06-10 | Document -S and the "Delete-SAs" tag. Those will enable SA deletion | Hans-Joerg Hoexer | |
on shutdown. | |||
2006-06-10 | Make deletion of SAs on shutdown optional. The default behaviour | Hans-Joerg Hoexer | |
now is to not delete SAs. Needed for reliable ipsec failover. Suggested by mtu@. Moreover, this ensures that packets do not leak when isakmpd is shutdown. ok mcbride@, testing mtu@ | |||
2006-06-10 | Allow isakmpd to use a different private rsa key per isakmp ID. Hans wrote ↵ | Mathieu Sauve-Frankel | |
this a long time ago, I synced it to -current and tested. ok hshoexer@ | |||
2006-06-10 | This shouldn't have been commited yet. | Hans-Joerg Hoexer | |
2006-06-10 | support sha2 for main mode hmacs and aesctr for quick mode encryption. | Hans-Joerg Hoexer | |
ok markus@ ho@ | |||
2006-06-09 | Allow for AH the use of the authentication algorithms added a while ago. | Christian Weisgerber | |
Fix the indentation while we're here. ok hshoexer@ | |||
2006-06-02 | Big spelling cleanup, no binary change. From david@ | Hans-Joerg Hoexer | |
2006-06-02 | Big whitespace cleanup. | Hans-Joerg Hoexer | |
2006-06-01 | Fix a comment | Hans-Joerg Hoexer | |
2006-05-31 | tiny KNF | Hans-Joerg Hoexer | |
2006-05-31 | Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPD | Hans-Joerg Hoexer | |
breakage noticed and reported by Mitja Muzenic. ok markus@ ho@, testing by Mitja and cloder@, discussed with Nathanael. |