Age | Commit message (Collapse) | Author | |
---|---|---|---|
2006-09-09 | point people towards ipsec.conf.5; after some discussion w/ reyk | Jason McIntyre | |
ok hshoexer reyk | |||
2006-09-07 | note that we can filter ipsec traffic on the enc interface; | Jason McIntyre | |
2006-09-07 | improve the tcpmd5 section; ok claudio hshoexer | Jason McIntyre | |
2006-09-07 | move all the auth/enc/group stuff into one definitive section; | Jason McIntyre | |
help from ho hshoexer | |||
2006-09-06 | start to group the parameters for AUTOMATIC KEYING in a more logical way; | Jason McIntyre | |
ok hshoexer | |||
2006-09-05 | knock out a ton of Aq/Xo/Xc that was either unneeded, or just plain wrong; | Jason McIntyre | |
2006-09-05 | document line splitting using `\'; | Jason McIntyre | |
2006-09-05 | slight text shuffle, and make the isakmpd bits clearer; | Jason McIntyre | |
ok hshoexer | |||
2006-09-04 | some wording fixes for the section headers and minor tweaks; | Jason McIntyre | |
2006-09-04 | document comments, address syntax, and list expansion; | Jason McIntyre | |
remove some duplicate text; ok hshoexer | |||
2006-09-03 | Add drivers | Marco Peereboom | |
ok jmc miod | |||
2006-09-01 | a little better text for the sections; ok hshoexer | Jason McIntyre | |
2006-09-01 | use shell-independent examples; | Jason McIntyre | |
2006-09-01 | Add a new UI command to force isakmpd into passive only mode. | Marco Pfatschbacher | |
Will be used by sasyncd to prevent two talking isakmpd's in an HA setup. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@ | |||
2006-08-31 | document an issue with subjectAltName found by reyk; | Jason McIntyre | |
ok hshoexer ho reyk | |||
2006-08-31 | Security Association Database is abbreviated 'SAD' (RFC 2401 et al), not ↵ | Hakan Olsson | |
'SADB'. jmc@, hshoexer@ ok. | |||
2006-08-31 | knock out the cpp/m4 stuff from MACROS; after discussion with many... | Jason McIntyre | |
2006-08-31 | some improvements to srcid and destid, as noted by mpf; | Jason McIntyre | |
ok hshoexer mpf | |||
2006-08-31 | remove a confusing sentence; ok hshoexer ho | Jason McIntyre | |
2006-08-31 | expand DESCRIPTION; input from ho hshoexer naddy | Jason McIntyre | |
2006-08-31 | adjust link detection further: if no link, bring interface up and check | Theo de Raadt | |
for link for 10 seconds. otherwise, if there was link, no problem! ok henning, claudio, tested by others | |||
2006-08-31 | clarify an .Sh; agreed with hshoexer | Jason McIntyre | |
2006-08-30 | fix isakmpd -Ka, as used by bgpd, or acquire flows set up via ipsecctl. | Henning Brauer | |
acquire flows need to be recorded on the fly via connection_record_passive(), otherwise later lookups fail and the policy check fails. ok hshoexer ho markus msf deraadt | |||
2006-08-30 | rewording; from reyk cloder hshoexer | Jason McIntyre | |
ok ho | |||
2006-08-30 | need to retry writing to pfkey socket on EAGAIN, ok theo hshoexer | Henning Brauer | |
2006-08-30 | can get EAGAIN when writing to the pfkey socket; same change as bgpd, | Henning Brauer | |
ok hshoexer | |||
2006-08-30 | Make SA deletion on shutdown the default again. Use -S for failover | Hans-Joerg Hoexer | |
situations where you do not want this. Discussed and agreed on with ho, mcbride, markus, cloder,... We will have to teach sasyncd to deal with this. Testing by msf and hshoexer with help from mtu ok markus cloder | |||
2006-08-30 | Back out r1.103, which caused SA's to leak until memory was exhausted. | Chad Loder | |
OK hshoexer, nathanael, mpf, "get that in" deraadt | |||
2006-08-30 | cut down the examples; ok hshoexer | Jason McIntyre | |
2006-08-30 | partial backout of last commit | Markus Friedl | |
2006-08-30 | some tcp md5 bits; | Jason McIntyre | |
2006-08-30 | comment out some comp stuff i missed earlier; | Jason McIntyre | |
2006-08-30 | better wording for the key generation section; | Jason McIntyre | |
2006-08-30 | kill more redundant text, and an oops; | Jason McIntyre | |
2006-08-30 | remove some repeated text, and shuffle a little; | Jason McIntyre | |
2006-08-30 | one more from ho; | Jason McIntyre | |
2006-08-30 | correction; from ho | Jason McIntyre | |
2006-08-30 | knock out some redundant text; from ho | Jason McIntyre | |
2006-08-30 | put the PFS stuff in the right place; | Jason McIntyre | |
from uwe werler; tweaks/ok hshoexer ho | |||
2006-08-30 | actually use the right value for USER_FQDN | Mathieu Sauve-Frankel | |
ok hshoexer@ | |||
2006-08-30 | print extensions with type SADB_EXT_MAX, too; ok hshoexer, reyk, msf | Markus Friedl | |
2006-08-30 | knock out ipcomp for now; | Jason McIntyre | |
2006-08-30 | put this page into a better structure order | Jason McIntyre | |
(very little text change); from hshoexer and myself; ok everyone | |||
2006-08-30 | do not call pf_key_v2_disable_sa twice; ok hshoexer, ho | Markus Friedl | |
2006-08-29 | add support for ufqdn ids in ike rules | Mathieu Sauve-Frankel | |
ok hshoexer@ | |||
2006-08-29 | Add support for IKE AH rules to ipsecctl. Man page input by jmc@. | Christian Weisgerber | |
ok hshoexer@ | |||
2006-08-29 | allow a numeric argument to "carpdemote" to in-/decrease the demotion | Henning Brauer | |
counter by more than one. manpage help by jmc, ok mcbride mpf deraadt | |||
2006-08-29 | Properly define quick mode suites for AH. With naddy. | Hans-Joerg Hoexer | |
ok ho | |||
2006-08-29 | snuck in a typo, damnit | Theo de Raadt | |
2006-08-29 | some net if devices do not media negotiate (for link) until brought up. | Theo de Raadt | |
(for some drivers, this is a bug. for others, it is part of how they work) therefore before doing the 10-second link test, we must bring the if up. ok krw, tested marco ckuethe |