summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2006-06-18add group "none"; when choosen, pfs will be disabled.Hans-Joerg Hoexer
ok david msf
2006-06-18append to CFLAGS instead of overwritingDavid Krause
ok kettenis@ miod@
2006-06-18clean up some gotos. Originally from Andrey Matveev <evol at onlineHans-Joerg Hoexer
dot ptt dot ru>. Ok and help moritz@
2006-06-17Display multipath and jumbo flags in route get/monitor.Christopher Pascoe
ok claudio@
2006-06-17KNFHenning Brauer
2006-06-17Do not leak file descriptor in error path. From Andrey MatveevHans-Joerg Hoexer
<evol at online dot ptt dot ru>, thanks!
2006-06-16Add -DSAVECORE to CFLAGS instead of overriding it.Mark Kettenis
ok miod@, deraadt@
2006-06-16add a missing "force"Hans-Joerg Hoexer
2006-06-16make route show work on secondary tables, using the just committedHenning Brauer
extension to the syctl NET_RT_DUMP interface, claudio ok
2006-06-16introduce -T <tableid> to work on alternate tables.Henning Brauer
purposefully undocumented for the moment, claudio hshoexer norby ok
2006-06-16always change the working directory of the priv child to the rootReyk Floeter
directory ("/"). this fixes a problem when dhclient was called in a working directory like "/mnt" and the user tried to unmount this directory while dhclient was still running. umount failed because the device for "/mnt" was still busy and blocked by the running priv child of dhclient. ok henning@
2006-06-16Make routed no longer use kernel API prototypes for own functions -- this isClaudio Jeker
totaly braindead and will break as soon as we change something in radix.h. Instead pull in the needed defines and prototypes into defs.h. OK henning@, hshoexer@
2006-06-16Don't use rmx_hopcount any longer. The kernel ignores it anyway.Claudio Jeker
OK henning@, norby@, hshoexer@
2006-06-16report the correct line number on an error. Noticed by david@Hans-Joerg Hoexer
2006-06-15be careful when touch the peer component of a rule. It is notHans-Joerg Hoexer
necessarily set anymore, as now the peer can be left out.
2006-06-15unused variable, spotted by pedroTheo de Raadt
2006-06-14recover list of key sizes from vpn(8); suggested by markus@, ok hshoexer@Christian Weisgerber
2006-06-14unused var, wrong check for too many keys; mrd@alkemio.orgTheo de Raadt
2006-06-14indentation.Hans-Joerg Hoexer
2006-06-13For IKE, allow main mode SHA2 and quick mode AESCTR transforms,Christian Weisgerber
which were recently added to isakmpd. ok hshoexer@, markus@
2006-06-12Fix a typo that prevented ipsecctl -ss from showing authenticationChristian Weisgerber
information for AH SAs. ok markus@, hshoexer@
2006-06-12- make the sub-sections a little more consistent in namingJason McIntyre
- clarify what sppp is (from reyk)
2006-06-12- add the sppp options to pppoe's synopsisJason McIntyre
- for pppoe, note that it uses the sppp framework, and point to the sppp section for a description of those options - for sppp, avoid referring specifically to sppp devices, as other devices, such as pppoe, may be using these options this after some discussion with reyk
2006-06-11the default encryption algorithm with static keying is AES-CBC now; ok hshoexer@Christian Weisgerber
2006-06-11As naddy@ pointed out RFC 3686 discourages use of AESCTR for staticHans-Joerg Hoexer
keying. markus@ seconds this, so use AES CBC as default. ok naddy@
2006-06-11simplify usage(); ok krw deraadtJason McIntyre
2006-06-11options are optional ;)Jason McIntyre
2006-06-11split this page up into sections: it was getting too messy to read;Jason McIntyre
feedback/ok deraadt beck krw
2006-06-11Adopt to recent changes (mopd3072 is not the default anymore).Hans-Joerg Hoexer
Prodded by david@, thanks!
2006-06-11Document AESCTR for quick mode and SHA2-* for main mode. Help by jmc.Hans-Joerg Hoexer
ok jmc@
2006-06-11tweaks;Jason McIntyre
2006-06-10Document -S and the "Delete-SAs" tag. Those will enable SA deletionHans-Joerg Hoexer
on shutdown.
2006-06-10Make deletion of SAs on shutdown optional. The default behaviourHans-Joerg Hoexer
now is to not delete SAs. Needed for reliable ipsec failover. Suggested by mtu@. Moreover, this ensures that packets do not leak when isakmpd is shutdown. ok mcbride@, testing mtu@
2006-06-10Allow isakmpd to use a different private rsa key per isakmp ID. Hans wrote ↵Mathieu Sauve-Frankel
this a long time ago, I synced it to -current and tested. ok hshoexer@
2006-06-10This shouldn't have been commited yet.Hans-Joerg Hoexer
2006-06-10support sha2 for main mode hmacs and aesctr for quick mode encryption.Hans-Joerg Hoexer
ok markus@ ho@
2006-06-10Better error message when a key file can not be opened or the provided key isHans-Joerg Hoexer
not of correct size. Suggested by david@
2006-06-10switch back to original defaults regarding DH groups. modp3072 is toHans-Joerg Hoexer
heavyweight. Testing by Jason George, thanks!
2006-06-10knf & careful data freeing, regression tested by toddTheo de Raadt
2006-06-09Allow for AH the use of the authentication algorithms added a while ago.Christian Weisgerber
Fix the indentation while we're here. ok hshoexer@
2006-06-09EFI partition types; didickman@yahoo.comTheo de Raadt
2006-06-09Xo/Xc not needed here; from davidJason McIntyre
2006-06-09simplify previous;Jason McIntyre
2006-06-08fix usage, make synopsis more pretty. noticed by david@Hans-Joerg Hoexer
2006-06-08fix some indentation, noticed by david@Hans-Joerg Hoexer
2006-06-08Add a transport mode specifier to ike rules. Tunnel mode remains the default.Christian Weisgerber
"looks right" hshoexer@
2006-06-08allocate enough storage via sockaddr_storage for sockaddr_in6,Todd T. Fries
fixes ike29.in in regress looks right hshoexer@, ok naddy@
2006-06-08Fix a typo: When testing for quick mode lifetimes, make sure toHans-Joerg Hoexer
reference quick mode lifetimes, too, not main mode lifetimes. Otherwise we might dereference a NULL pointer...
2006-06-08turns out this really doesn't break what is in the tree; ok hshoexer@Todd T. Fries
2006-06-07make sure, we initialize unspecified keys and spis. Noticed byHans-Joerg Hoexer
naddy@, ok naddy@.