summaryrefslogtreecommitdiff
path: root/usr.sbin/ikectl
AgeCommit message (Collapse)Author
2013-08-16Use %lld and cast to (long long) when printing time_t valuesPhilip Guenther
otto@ millert@ lteo@ mikeb@ deraadt@
2013-07-16use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@Ingo Schwarze
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
to 2013 while I'm here... this is my way of saying "happy new year!".
2012-12-08don't forget to include a path separator after an SSLDIR;Mike Belopuhov
reported by david hill
2012-11-01Remove dead code that was a leftover from the initial code which wasReyk Floeter
based on snmpctl. Found and committed from the plane in 10km (35.000 feet). No functional change and this diff doesn't touch any crypto code so the current country below me cannot blame me for importing / exporting any crypto. ok benno@
2012-10-25Remove support email address from the example that is intended forReyk Floeter
customers for an existing company.
2012-10-23Allow to overwrite a few more definitions like file paths from theReyk Floeter
Makefile. No functional change.
2012-09-18update email addresses to match reality.Reyk Floeter
sure jsg@ mikeb@
2012-07-08if you use nitems() in userland, you must define it yourselfTheo de Raadt
discussed with guenther
2012-05-02s/snmpd/iked/ in commentGleydson Soares
ok henning@
2011-05-27spacingReyk Floeter
2011-01-20more double word removal;Jason McIntyre
2010-10-11and another one... s/10.4.5.6/10.3.4.5/, also from jy-p.Stuart Henderson
2010-10-11typo, s/10.1.2.3/10.2.3.4/, from jy-pStuart Henderson
2010-10-08set the client/server certificate options with all the common keyusageReyk Floeter
and extendedkeyusage and nscerttype flags. the ikectl CA can now be used with all kinds of other vpn tools in addition to iked and isakmpd. ok phessler@
2010-10-08check if a directory exists before trying to create it in the exportJonathan Gray
case as well, spotted by mikeb
2010-10-08tweak for nroffJonathan Gray
2010-10-08if non absolute paths are specified in install commands assume theyJonathan Gray
are relative to /etc
2010-10-08allow optional paths for the install commands so we canJonathan Gray
install into the isakmpd directory hierarchy for example.
2010-10-08Allow to show certificate details (show ca x cert [y]).Reyk Floeter
2010-10-07only try to setup a passfile when creating a CAJonathan Gray
2010-10-07Allow to specify the export password on the command line (optionally, forReyk Floeter
scripting). The "peer" argument now needs to be preceded with the "peer" keyword, eg. ... export peer 10.1.1.1 instead of export 10.1.1.1.
2010-10-07sync usage();Jason McIntyre
2010-10-07nroff doesn't like long argument lists that work fine with mandoc.Reyk Floeter
split them into Xo/Xc blocks to make nroff happy again.
2010-10-07- add a -q (quiet) command line option that will be used by ikeca toReyk Floeter
set openssl batch mode: don't ask for x509 options, use the defaults. - allow to specify the initial ca password on the command line to also make it scriptable. - allow to create certificates for clientAuth or serverAuth only (eg. ikectl ca foo certificate bar server). - cosmetics: move double declarations of ca_*() functions to parser.h. ok phessler@
2010-10-07set saner permissions on the directory we export, so we don't changePeter Hessler
perms of /etc/iked when extracting OK jsg@
2010-10-07When we create a new CA, also create an empty (but valid) CRL list.Peter Hessler
While here, set our used defaults in the config file. OK reyk@, jsg@
2010-10-01tweak previous;Jason McIntyre
2010-09-30Add jsg@ to the AUTHORS section of ikectl; he wrote the CA/PKI part.Reyk Floeter
2010-09-30Add some examples about using the CA commands to create and install theReyk Floeter
CA and peers certificates. With input from mikeb@
2010-06-23fix the permissions on directories inside the exported tarballJonathan Gray
in the cert case.
2010-06-23More appropriate contents for the exported ca tarball.Jonathan Gray
2010-06-23Add a ca export command for EAP mode where we only require the CA cert,Jonathan Gray
and make both export commands optionally take an argument that will be added to a peer.txt file in the exported output. Additionally include any site specific notes from /usr/share/iked if present. man page bits and help with the parser from reyk
2010-06-21use the full path to zipJonathan Gray
2010-06-15fix an mdoc macroJonathan Gray
2010-06-14Add commands to create/delete/install/import keys withoutJonathan Gray
involving certificates as suggested by reyk and don't recreate private keys if a key already exists. ok reyk@
2010-06-10Add a command to revoke a certificate and generate a CRL;Jonathan Gray
make the ca install command install the CRL as well. discussed with reyk@
2010-06-10add new commands: the couple/decouple commands will set loading of theReyk Floeter
learned flows and SAs to the kernel which is useful for testing and debugging. the active/passive commands are required to use iked with sasyncd(8); sasyncd just needs to call "ikectl active/passive" or send the appropriate imsg to support iked but this is not implemented yet.
2010-06-07switch iked pki files to /etc/iked, discussed with reyk.Jonathan Gray
2010-06-04Install the cert as well as the keys and make certs worldJonathan Gray
readable as suggested by reyk@
2010-06-03Import iked, a new implementation of the IKEv2 protocol.Reyk Floeter
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@
2010-06-03Import iked, a new implementation of the IKEv2 protocol.Reyk Floeter
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@