summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2006-09-09point people towards ipsec.conf.5; after some discussion w/ reykJason McIntyre
ok hshoexer reyk
2006-09-07note that we can filter ipsec traffic on the enc interface;Jason McIntyre
2006-09-07improve the tcpmd5 section; ok claudio hshoexerJason McIntyre
2006-09-07move all the auth/enc/group stuff into one definitive section;Jason McIntyre
help from ho hshoexer
2006-09-06start to group the parameters for AUTOMATIC KEYING in a more logical way;Jason McIntyre
ok hshoexer
2006-09-05knock out a ton of Aq/Xo/Xc that was either unneeded, or just plain wrong;Jason McIntyre
2006-09-05document line splitting using `\';Jason McIntyre
2006-09-05slight text shuffle, and make the isakmpd bits clearer;Jason McIntyre
ok hshoexer
2006-09-04some wording fixes for the section headers and minor tweaks;Jason McIntyre
2006-09-04document comments, address syntax, and list expansion;Jason McIntyre
remove some duplicate text; ok hshoexer
2006-09-03Add driversMarco Peereboom
ok jmc miod
2006-09-01a little better text for the sections; ok hshoexerJason McIntyre
2006-09-01use shell-independent examples;Jason McIntyre
2006-09-01Add a new UI command to force isakmpd into passive only mode.Marco Pfatschbacher
Will be used by sasyncd to prevent two talking isakmpd's in an HA setup. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@
2006-08-31document an issue with subjectAltName found by reyk;Jason McIntyre
ok hshoexer ho reyk
2006-08-31Security Association Database is abbreviated 'SAD' (RFC 2401 et al), not ↵Hakan Olsson
'SADB'. jmc@, hshoexer@ ok.
2006-08-31knock out the cpp/m4 stuff from MACROS; after discussion with many...Jason McIntyre
2006-08-31some improvements to srcid and destid, as noted by mpf;Jason McIntyre
ok hshoexer mpf
2006-08-31remove a confusing sentence; ok hshoexer hoJason McIntyre
2006-08-31expand DESCRIPTION; input from ho hshoexer naddyJason McIntyre
2006-08-31adjust link detection further: if no link, bring interface up and checkTheo de Raadt
for link for 10 seconds. otherwise, if there was link, no problem! ok henning, claudio, tested by others
2006-08-31clarify an .Sh; agreed with hshoexerJason McIntyre
2006-08-30fix isakmpd -Ka, as used by bgpd, or acquire flows set up via ipsecctl.Henning Brauer
acquire flows need to be recorded on the fly via connection_record_passive(), otherwise later lookups fail and the policy check fails. ok hshoexer ho markus msf deraadt
2006-08-30rewording; from reyk cloder hshoexerJason McIntyre
ok ho
2006-08-30need to retry writing to pfkey socket on EAGAIN, ok theo hshoexerHenning Brauer
2006-08-30can get EAGAIN when writing to the pfkey socket; same change as bgpd,Henning Brauer
ok hshoexer
2006-08-30Make SA deletion on shutdown the default again. Use -S for failoverHans-Joerg Hoexer
situations where you do not want this. Discussed and agreed on with ho, mcbride, markus, cloder,... We will have to teach sasyncd to deal with this. Testing by msf and hshoexer with help from mtu ok markus cloder
2006-08-30Back out r1.103, which caused SA's to leak until memory was exhausted.Chad Loder
OK hshoexer, nathanael, mpf, "get that in" deraadt
2006-08-30cut down the examples; ok hshoexerJason McIntyre
2006-08-30partial backout of last commitMarkus Friedl
2006-08-30some tcp md5 bits;Jason McIntyre
2006-08-30comment out some comp stuff i missed earlier;Jason McIntyre
2006-08-30better wording for the key generation section;Jason McIntyre
2006-08-30kill more redundant text, and an oops;Jason McIntyre
2006-08-30remove some repeated text, and shuffle a little;Jason McIntyre
2006-08-30one more from ho;Jason McIntyre
2006-08-30correction; from hoJason McIntyre
2006-08-30knock out some redundant text; from hoJason McIntyre
2006-08-30put the PFS stuff in the right place;Jason McIntyre
from uwe werler; tweaks/ok hshoexer ho
2006-08-30actually use the right value for USER_FQDNMathieu Sauve-Frankel
ok hshoexer@
2006-08-30print extensions with type SADB_EXT_MAX, too; ok hshoexer, reyk, msfMarkus Friedl
2006-08-30knock out ipcomp for now;Jason McIntyre
2006-08-30put this page into a better structure orderJason McIntyre
(very little text change); from hshoexer and myself; ok everyone
2006-08-30do not call pf_key_v2_disable_sa twice; ok hshoexer, hoMarkus Friedl
2006-08-29add support for ufqdn ids in ike rulesMathieu Sauve-Frankel
ok hshoexer@
2006-08-29Add support for IKE AH rules to ipsecctl. Man page input by jmc@.Christian Weisgerber
ok hshoexer@
2006-08-29allow a numeric argument to "carpdemote" to in-/decrease the demotionHenning Brauer
counter by more than one. manpage help by jmc, ok mcbride mpf deraadt
2006-08-29Properly define quick mode suites for AH. With naddy.Hans-Joerg Hoexer
ok ho
2006-08-29snuck in a typo, damnitTheo de Raadt
2006-08-29some net if devices do not media negotiate (for link) until brought up.Theo de Raadt
(for some drivers, this is a bug. for others, it is part of how they work) therefore before doing the 10-second link test, we must bring the if up. ok krw, tested marco ckuethe