![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / iked
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.30 / (download) - annotate - [select for diffs], Mon Nov 29 13:20:24 2021 UTC (2 years, 6 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
HEAD
Changes since 1.29: +5 -5 lines
Diff to previous 1.29 (colored)
add -V to usage(), and list it before -v in both SYNOPSIS and the options list;
Revision 1.29 / (download) - annotate - [select for diffs], Mon Nov 29 12:27:18 2021 UTC (2 years, 6 months ago) by tobhe
Branch: MAIN
Changes since 1.28: +4 -2 lines
Diff to previous 1.28 (colored)
Add command line option to show the version ok patrick@
Revision 1.28 / (download) - annotate - [select for diffs], Fri Nov 20 13:03:00 2020 UTC (3 years, 6 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.27: +8 -7 lines
Diff to previous 1.27 (colored)
add -s to synopsis and usage; -S before -s in options list;
Revision 1.27 / (download) - annotate - [select for diffs], Fri Nov 20 12:38:26 2020 UTC (3 years, 6 months ago) by tobhe
Branch: MAIN
Changes since 1.26: +7 -2 lines
Diff to previous 1.26 (colored)
Add -s socket option to specify control socket. This can be useful if multiple iked instances running in different rdomains are used. ok patrick@
Revision 1.26 / (download) - annotate - [select for diffs], Thu Apr 9 19:55:19 2020 UTC (4 years, 2 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.25: +3 -2 lines
Diff to previous 1.25 (colored)
Simplify socket creation logic. Normally iked needs two sockets, one for normal operation (UDP port 500) and one for NAT traversal (UDP 4500). There are several command line options resulting in only one of the sockets being created (-T, -t and -p). Add a new 'enum natt_mode' to make the logic for those somewhat less complicated as well as some comments where it makes sense. From Wataru Ashihara <wataash (at) wataash (dot) com> ok patrick@
Revision 1.25 / (download) - annotate - [select for diffs], Tue Jan 21 07:02:45 2020 UTC (4 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.24: +3 -3 lines
Diff to previous 1.24 (colored)
use an underscore for -p's argument, rather than hyphen: matches SYNOPSIS and usage();
Revision 1.24 / (download) - annotate - [select for diffs], Thu Jan 16 20:05:00 2020 UTC (4 years, 4 months ago) by tobhe
Branch: MAIN
Changes since 1.23: +12 -2 lines
Diff to previous 1.23 (colored)
Add '-p' command line option which allows to configure the UDP encapsulation port, similar to isakmpd's '-N' flag. Being able to change the UDP encapsulation port is useful in cases where ESP and UDP ports 500 and 4500 are blocked or rate limited. ok sthen@
Revision 1.23 / (download) - annotate - [select for diffs], Tue Jan 14 22:28:29 2020 UTC (4 years, 4 months ago) by tobhe
Branch: MAIN
Changes since 1.22: +3 -11 lines
Diff to previous 1.22 (colored)
Remove IPsec flow blocking unencrypted IPv6 traffic which was meant to prevent VPN leakage but repeatedly broke people's setups. The -6 flag which used to disable the blocking flow is now ignored and prints a deprecation warning. ok kn@ bluhm@ phessler@
Revision 1.22 / (download) - annotate - [select for diffs], Wed Feb 27 06:33:56 2019 UTC (5 years, 3 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.21: +6 -5 lines
Diff to previous 1.21 (colored)
update RFC references, from tobias_heider at genua.de, ok claudio@
Revision 1.21 / (download) - annotate - [select for diffs], Tue Jul 3 13:37:11 2018 UTC (5 years, 11 months ago) by stsp
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.20: +4 -3 lines
Diff to previous 1.20 (colored)
Rephrase a misleading sentence in iked(8), and add a missing reference to RFC 7359. Patch by David Dahlberg
Revision 1.20 / (download) - annotate - [select for diffs], Mon Mar 27 10:06:41 2017 UTC (7 years, 2 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.19: +3 -2 lines
Diff to previous 1.19 (colored)
Add support for RFC4754 (ECDSA) and RFC7427 authentication. These modes provide stronger and more flexible ways for authentication: while RSA public key auth relies on SHA-1 hashes, the news modes use SHA2-256 and up to SHA2-512 hashes. Original diff from markus@ with patches from mikeb@ and me. OK mikeb@ patrick@
Revision 1.19 / (download) - annotate - [select for diffs], Mon Nov 10 13:57:32 2014 UTC (9 years, 7 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.18: +5 -7 lines
Diff to previous 1.18 (colored)
tweak previous; ok mikeb plus a macro fix while here...
Revision 1.18 / (download) - annotate - [select for diffs], Mon Nov 10 12:59:21 2014 UTC (9 years, 7 months ago) by mikeb
Branch: MAIN
Changes since 1.17: +50 -2 lines
Diff to previous 1.17 (colored)
copy pubkey section from isakmpd(8); ok reyk
Revision 1.17 / (download) - annotate - [select for diffs], Mon Apr 28 11:17:15 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.16: +3 -3 lines
Diff to previous 1.16 (colored)
bump copyright
Revision 1.16 / (download) - annotate - [select for diffs], Mon Apr 28 11:05:59 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.15: +2 -6 lines
Diff to previous 1.15 (colored)
It's about time to remove the infamous CAVEATS section in iked(8). Software is never "finished" but the implementation has matured enough to drop the disclaimer about using it in production networks. Thanks to markus@, mikeb@ and Hans-Joerg Hoexer for their significant and ongoing work on improving iked(8). Removal prompted by sthen@ and many others.
Revision 1.15 / (download) - annotate - [select for diffs], Tue Jul 16 09:45:28 2013 UTC (10 years, 10 months ago) by schwarze
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored)
Add missing .Mt macros for AUTHORS email addresses. From Jan Stary <hans at stare dot cz>. ok jmc@
Revision 1.14 / (download) - annotate - [select for diffs], Sat Jun 29 09:08:41 2013 UTC (10 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.13: +3 -5 lines
Diff to previous 1.13 (colored)
do not use Sx for sections outwith the page; man4 still to go...
Revision 1.13 / (download) - annotate - [select for diffs], Tue Jan 8 10:38:19 2013 UTC (11 years, 5 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.12: +2 -3 lines
Diff to previous 1.12 (colored)
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
Revision 1.12 / (download) - annotate - [select for diffs], Thu Nov 29 21:34:31 2012 UTC (11 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored)
use Nm instead of Xr to self;
Revision 1.11 / (download) - annotate - [select for diffs], Thu Nov 29 15:08:08 2012 UTC (11 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.10: +9 -2 lines
Diff to previous 1.10 (colored)
Prevent VPN traffic leakages in dual-stack hosts/networks. See http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages. We forcibly block IPv6 traffic by loading a "flow esp out from ::/0 to ::/0 type deny" unless the protocol is used in any of the flows. Note that this will block any IPv6 traffic, superseding routes and pf, on the host by default when iked is running with IPv4 flows only. This auto-blocking feature can be disabled by specifying the "-6" command line flag to iked. Thanks to Fernando Gont. ok mikeb@
Revision 1.10 / (download) - annotate - [select for diffs], Mon Oct 22 13:27:23 2012 UTC (11 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored)
tweak previous;
Revision 1.9 / (download) - annotate - [select for diffs], Mon Oct 22 10:25:17 2012 UTC (11 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.8: +6 -2 lines
Diff to previous 1.8 (colored)
Fix NAT-T support in iked, both on the initiator and the responder side. Also add a new command line option -t to optionally enforce NAT-T with UDP encapsulation on port 4500. Tested by mikeb@ and me ok mikeb@
Revision 1.8 / (download) - annotate - [select for diffs], Sat Sep 22 20:09:43 2012 UTC (11 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.7: +8 -3 lines
Diff to previous 1.7 (colored)
last stage of rfc changes, using consistent Rs/Re blocks, and moving the references into a STANDARDS section;
Revision 1.7 / (download) - annotate - [select for diffs], Tue Sep 18 12:07:59 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.6: +4 -4 lines
Diff to previous 1.6 (colored)
update email addresses to match reality. sure jsg@ mikeb@
Revision 1.6 / (download) - annotate - [select for diffs], Wed Dec 22 17:30:13 2010 UTC (13 years, 5 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.5: +6 -6 lines
Diff to previous 1.5 (colored)
ikev2 rfc was recently updated, so list the newer one; ok reyk
Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 30 10:32:23 2010 UTC (13 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.4: +12 -1 lines
Diff to previous 1.4 (colored)
More information about creating and maintaining the PKI with a link to ikectl(8).
Revision 1.4 / (download) - annotate - [select for diffs], Thu Jun 10 14:17:48 2010 UTC (14 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.3: +11 -2 lines
Diff to previous 1.3 (colored)
Add the -S flag which does the same as "set passive" but matches the isakmpd flag.
Revision 1.3 / (download) - annotate - [select for diffs], Mon Jun 7 14:15:27 2010 UTC (14 years ago) by jsg
Branch: MAIN
Changes since 1.2: +8 -8 lines
Diff to previous 1.2 (colored)
switch iked pki files to /etc/iked, discussed with reyk.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jun 7 10:07:44 2010 UTC (14 years ago) by jmc
Branch: MAIN
Changes since 1.1: +24 -27 lines
Diff to previous 1.1 (colored)
various small tweaks; ok reyk
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jun 3 16:41:12 2010 UTC (14 years ago) by reyk
Branch: MAIN
Import iked, a new implementation of the IKEv2 protocol. iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@