Age | Commit message (Collapse) | Author | |
---|---|---|---|
2006-06-18 | add group "none"; when choosen, pfs will be disabled. | Hans-Joerg Hoexer | |
ok david msf | |||
2006-06-18 | append to CFLAGS instead of overwriting | David Krause | |
ok kettenis@ miod@ | |||
2006-06-18 | clean up some gotos. Originally from Andrey Matveev <evol at online | Hans-Joerg Hoexer | |
dot ptt dot ru>. Ok and help moritz@ | |||
2006-06-17 | Display multipath and jumbo flags in route get/monitor. | Christopher Pascoe | |
ok claudio@ | |||
2006-06-17 | KNF | Henning Brauer | |
2006-06-17 | Do not leak file descriptor in error path. From Andrey Matveev | Hans-Joerg Hoexer | |
<evol at online dot ptt dot ru>, thanks! | |||
2006-06-16 | Add -DSAVECORE to CFLAGS instead of overriding it. | Mark Kettenis | |
ok miod@, deraadt@ | |||
2006-06-16 | add a missing "force" | Hans-Joerg Hoexer | |
2006-06-16 | make route show work on secondary tables, using the just committed | Henning Brauer | |
extension to the syctl NET_RT_DUMP interface, claudio ok | |||
2006-06-16 | introduce -T <tableid> to work on alternate tables. | Henning Brauer | |
purposefully undocumented for the moment, claudio hshoexer norby ok | |||
2006-06-16 | always change the working directory of the priv child to the root | Reyk Floeter | |
directory ("/"). this fixes a problem when dhclient was called in a working directory like "/mnt" and the user tried to unmount this directory while dhclient was still running. umount failed because the device for "/mnt" was still busy and blocked by the running priv child of dhclient. ok henning@ | |||
2006-06-16 | Make routed no longer use kernel API prototypes for own functions -- this is | Claudio Jeker | |
totaly braindead and will break as soon as we change something in radix.h. Instead pull in the needed defines and prototypes into defs.h. OK henning@, hshoexer@ | |||
2006-06-16 | Don't use rmx_hopcount any longer. The kernel ignores it anyway. | Claudio Jeker | |
OK henning@, norby@, hshoexer@ | |||
2006-06-16 | report the correct line number on an error. Noticed by david@ | Hans-Joerg Hoexer | |
2006-06-15 | be careful when touch the peer component of a rule. It is not | Hans-Joerg Hoexer | |
necessarily set anymore, as now the peer can be left out. | |||
2006-06-15 | unused variable, spotted by pedro | Theo de Raadt | |
2006-06-14 | recover list of key sizes from vpn(8); suggested by markus@, ok hshoexer@ | Christian Weisgerber | |
2006-06-14 | unused var, wrong check for too many keys; mrd@alkemio.org | Theo de Raadt | |
2006-06-14 | indentation. | Hans-Joerg Hoexer | |
2006-06-13 | For IKE, allow main mode SHA2 and quick mode AESCTR transforms, | Christian Weisgerber | |
which were recently added to isakmpd. ok hshoexer@, markus@ | |||
2006-06-12 | Fix a typo that prevented ipsecctl -ss from showing authentication | Christian Weisgerber | |
information for AH SAs. ok markus@, hshoexer@ | |||
2006-06-12 | - make the sub-sections a little more consistent in naming | Jason McIntyre | |
- clarify what sppp is (from reyk) | |||
2006-06-12 | - add the sppp options to pppoe's synopsis | Jason McIntyre | |
- for pppoe, note that it uses the sppp framework, and point to the sppp section for a description of those options - for sppp, avoid referring specifically to sppp devices, as other devices, such as pppoe, may be using these options this after some discussion with reyk | |||
2006-06-11 | the default encryption algorithm with static keying is AES-CBC now; ok hshoexer@ | Christian Weisgerber | |
2006-06-11 | As naddy@ pointed out RFC 3686 discourages use of AESCTR for static | Hans-Joerg Hoexer | |
keying. markus@ seconds this, so use AES CBC as default. ok naddy@ | |||
2006-06-11 | simplify usage(); ok krw deraadt | Jason McIntyre | |
2006-06-11 | options are optional ;) | Jason McIntyre | |
2006-06-11 | split this page up into sections: it was getting too messy to read; | Jason McIntyre | |
feedback/ok deraadt beck krw | |||
2006-06-11 | Adopt to recent changes (mopd3072 is not the default anymore). | Hans-Joerg Hoexer | |
Prodded by david@, thanks! | |||
2006-06-11 | Document AESCTR for quick mode and SHA2-* for main mode. Help by jmc. | Hans-Joerg Hoexer | |
ok jmc@ | |||
2006-06-11 | tweaks; | Jason McIntyre | |
2006-06-10 | Document -S and the "Delete-SAs" tag. Those will enable SA deletion | Hans-Joerg Hoexer | |
on shutdown. | |||
2006-06-10 | Make deletion of SAs on shutdown optional. The default behaviour | Hans-Joerg Hoexer | |
now is to not delete SAs. Needed for reliable ipsec failover. Suggested by mtu@. Moreover, this ensures that packets do not leak when isakmpd is shutdown. ok mcbride@, testing mtu@ | |||
2006-06-10 | Allow isakmpd to use a different private rsa key per isakmp ID. Hans wrote ↵ | Mathieu Sauve-Frankel | |
this a long time ago, I synced it to -current and tested. ok hshoexer@ | |||
2006-06-10 | This shouldn't have been commited yet. | Hans-Joerg Hoexer | |
2006-06-10 | support sha2 for main mode hmacs and aesctr for quick mode encryption. | Hans-Joerg Hoexer | |
ok markus@ ho@ | |||
2006-06-10 | Better error message when a key file can not be opened or the provided key is | Hans-Joerg Hoexer | |
not of correct size. Suggested by david@ | |||
2006-06-10 | switch back to original defaults regarding DH groups. modp3072 is to | Hans-Joerg Hoexer | |
heavyweight. Testing by Jason George, thanks! | |||
2006-06-10 | knf & careful data freeing, regression tested by todd | Theo de Raadt | |
2006-06-09 | Allow for AH the use of the authentication algorithms added a while ago. | Christian Weisgerber | |
Fix the indentation while we're here. ok hshoexer@ | |||
2006-06-09 | EFI partition types; didickman@yahoo.com | Theo de Raadt | |
2006-06-09 | Xo/Xc not needed here; from david | Jason McIntyre | |
2006-06-09 | simplify previous; | Jason McIntyre | |
2006-06-08 | fix usage, make synopsis more pretty. noticed by david@ | Hans-Joerg Hoexer | |
2006-06-08 | fix some indentation, noticed by david@ | Hans-Joerg Hoexer | |
2006-06-08 | Add a transport mode specifier to ike rules. Tunnel mode remains the default. | Christian Weisgerber | |
"looks right" hshoexer@ | |||
2006-06-08 | allocate enough storage via sockaddr_storage for sockaddr_in6, | Todd T. Fries | |
fixes ike29.in in regress looks right hshoexer@, ok naddy@ | |||
2006-06-08 | Fix a typo: When testing for quick mode lifetimes, make sure to | Hans-Joerg Hoexer | |
reference quick mode lifetimes, too, not main mode lifetimes. Otherwise we might dereference a NULL pointer... | |||
2006-06-08 | turns out this really doesn't break what is in the tree; ok hshoexer@ | Todd T. Fries | |
2006-06-07 | make sure, we initialize unspecified keys and spis. Noticed by | Hans-Joerg Hoexer | |
naddy@, ok naddy@. |