![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / ipsecctl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.163 / (download) - annotate - [select for diffs], Fri Feb 4 07:59:54 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
HEAD
Changes since 1.162: +2 -2 lines
Diff to previous 1.162 (colored)
Fix another instance of incorrect capitalization of ChaCha20. pointed out by jmc
Revision 1.162 / (download) - annotate - [select for diffs], Thu Nov 4 04:20:14 2021 UTC (2 years, 7 months ago) by yasuoka
Branch: MAIN
Changes since 1.161: +4 -4 lines
Diff to previous 1.161 (colored)
Tweaks (improve previous commit) from jmc
Revision 1.161 / (download) - annotate - [select for diffs], Thu Nov 4 03:53:57 2021 UTC (2 years, 7 months ago) by yasuoka
Branch: MAIN
Changes since 1.160: +23 -7 lines
Diff to previous 1.160 (colored)
Clarify "aes" will accept keys which length is in 128:256 bits. Also correct "cast" in ipsec.conf.5 to "cast128", add missing "chacha20-poly1305", and sync iked.conf.5 and ipsec.conf.5 some places. ok jmc sthen
Revision 1.160 / (download) - annotate - [select for diffs], Fri Oct 22 12:30:54 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.159: +2 -16 lines
Diff to previous 1.159 (colored)
After deleting hifn(4) the only provider for the LZS compression algorithm is gone. Reomve all LZS references from the tree. The v42bis in isakmpd also looks unsupported. OK mvs@ patrick@ sthen@
Revision 1.159 / (download) - annotate - [select for diffs], Sun Feb 16 11:28:28 2020 UTC (4 years, 3 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.158: +5 -4 lines
Diff to previous 1.158 (colored)
Quote variables in pf tag strings Macros are expanded by the parser at parse time, whereas variables are read as ordinary strings and left unmodified; hence, quoted `"$domain"' gets passed to the daemon as is, which substitutes proper values before passing it to the kernel. `$domain' without quotes never makes it to the daemon, that is with `domain = foo' somewhere else "foo" is being eventually passed unmodified to the kernel. jmc prompted for a proper explanation and provided the final wording. OK tobhe jmc
Revision 1.158 / (download) - annotate - [select for diffs], Mon Feb 10 13:18:20 2020 UTC (4 years, 4 months ago) by schwarze
Branch: MAIN
Changes since 1.157: +7 -2 lines
Diff to previous 1.157 (colored)
briefly mention /etc/examples/ in the FILES section of all the manual pages that document the corresponding configuration files; OK jmc@, and general direction discussed with many
Revision 1.157 / (download) - annotate - [select for diffs], Fri Feb 7 13:01:34 2020 UTC (4 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.156: +6 -2 lines
Diff to previous 1.156 (colored)
Extend the ipsecctl(8) parser to set the udpencap flag and port number of an SA. This will be useful to test IPsec with NAT-T. OK sthen@ tobhe@
Revision 1.156 / (download) - annotate - [select for diffs], Sun Nov 10 20:51:52 2019 UTC (4 years, 7 months ago) by landry
Branch: MAIN
Changes since 1.155: +21 -14 lines
Diff to previous 1.155 (colored)
Consistently use _rcctl enable foo_ in examples, it's simpler and less error prone than manually editing rc.conf.local, and also works to enable ipsec and accounting. tweak from schwarze@ to use the \(dq\(dq syntax for quotes in '.Dl foo_flags="" lines' instead of \&"\&". while at it, fix a reference to a bogus /dev/dhclient.conf file that recently snuck in. ok jmc@ deraadt@ schwarze@
Revision 1.155 / (download) - annotate - [select for diffs], Tue Apr 17 12:13:29 2018 UTC (6 years, 1 month ago) by stsp
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.154: +12 -3 lines
Diff to previous 1.154 (colored)
Document how to avoid isakmpd(8) source IP address pitfalls by using the Listen-on directive in isakmpd.conf(5). This directive can be necessary in multi-homed situations, and if isakmpd(8) is used with carp(4). ok sthen@ mpi@
Revision 1.154 / (download) - annotate - [select for diffs], Thu Nov 23 20:49:38 2017 UTC (6 years, 6 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.153: +3 -5 lines
Diff to previous 1.153 (colored)
in isakmpd(8), provide a hint: from scott cheloha also some minor tweaks while here...
Revision 1.153 / (download) - annotate - [select for diffs], Fri Oct 27 08:29:32 2017 UTC (6 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.152: +11 -2 lines
Diff to previous 1.152 (colored)
Support DH groups 19 to 21 and 25 to 30, just like iked(8) does. ok visa@, markus@
Revision 1.152 / (download) - annotate - [select for diffs], Fri Apr 14 18:06:28 2017 UTC (7 years, 1 month ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.151: +11 -2 lines
Diff to previous 1.151 (colored)
Up to now ipsecctl(8) grouped SAs with identical src and dst to the flow which the first SA matched by the flow type. This behaviour was mostly undocumented and unexpected. Make SA bundles explicit in ipsec.conf(5). Only group SAs that have the same src and dst and also the same bundle identifier. OK hshoexer@
Revision 1.151 / (download) - annotate - [select for diffs], Wed Dec 9 21:41:50 2015 UTC (8 years, 6 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.150: +3 -8 lines
Diff to previous 1.150 (colored)
Remove plain DES encryption from IPsec. DES is insecure since brute force attacks are practical due to its short key length. This removes support for DES-CBC encryption in ESP and in IKE main and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8). ok mikeb@
Revision 1.150 / (download) - annotate - [select for diffs], Sun Nov 1 21:26:48 2015 UTC (8 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.149: +3 -3 lines
Diff to previous 1.149 (colored)
replace "can not" with "cannot";
Revision 1.149 / (download) - annotate - [select for diffs], Mon May 25 19:29:36 2015 UTC (9 years ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.148: +3 -3 lines
Diff to previous 1.148 (colored)
bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@
Revision 1.148 / (download) - annotate - [select for diffs], Sat Feb 28 21:51:57 2015 UTC (9 years, 3 months ago) by bentley
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.147: +3 -3 lines
Diff to previous 1.147 (colored)
Reduce usage of predefined strings in manpages. Predefined strings are not very portable across troff implementations, and they make the source much harder to read. Usually the intended character can be written directly. No output changes, except for two instances where the incorrect escape was used in the first place. tweaks + ok schwarze@
Revision 1.147 / (download) - annotate - [select for diffs], Sat Jan 10 15:03:50 2015 UTC (9 years, 5 months ago) by sobrado
Branch: MAIN
Changes since 1.146: +4 -4 lines
Diff to previous 1.146 (colored)
tell the truth about DES. joint work with djm@ and jsing@, who suggested stronger words warning people away from single-DES. ok djm@
Revision 1.146 / (download) - annotate - [select for diffs], Fri Jan 2 18:28:23 2015 UTC (9 years, 5 months ago) by sobrado
Branch: MAIN
Changes since 1.145: +3 -3 lines
Diff to previous 1.145 (colored)
PFS stands for Perfect Forward Secrecy. ok reyk@
Revision 1.145 / (download) - annotate - [select for diffs], Wed Mar 19 12:49:00 2014 UTC (10 years, 2 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.144: +9 -9 lines
Diff to previous 1.144 (colored)
Unify ipsec.conf(5)'s copy of the text dealing with multiline comments, this was missed when unifying text in the other parse.y parsers (see e.g. pf.conf.5 r1.495). Noticed in a misc@ post by zeloff at zeloff/org.
Revision 1.144 / (download) - annotate - [select for diffs], Fri Nov 1 10:42:38 2013 UTC (10 years, 7 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.143: +10 -11 lines
Diff to previous 1.143 (colored)
altq -> new queue in examples From: Arto Jonsson <ajonsson at kapsi.fi>
Revision 1.143 / (download) - annotate - [select for diffs], Sat Jun 29 09:08:41 2013 UTC (10 years, 11 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.142: +3 -5 lines
Diff to previous 1.142 (colored)
do not use Sx for sections outwith the page; man4 still to go...
Revision 1.142 / (download) - annotate - [select for diffs], Sun Aug 12 01:54:53 2012 UTC (11 years, 10 months ago) by lteo
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.141: +4 -4 lines
Diff to previous 1.141 (colored)
Explicitly state that only two unit specifiers are recognized instead of "several." Note: if anyone adds support for more unit specifiers in the future, please change this back to "several" (instead of using an exact number) so that it matches the iked.conf(5) man page. :) While here, fix a typo in the quick mode section: "phase 1 lifetime" -> "phase 2 lifetime" ok mikeb sthen jmc haesbaert henning
Revision 1.141 / (download) - annotate - [select for diffs], Fri Jul 13 20:44:11 2012 UTC (11 years, 11 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.140: +3 -3 lines
Diff to previous 1.140 (colored)
small tweak;
Revision 1.140 / (download) - annotate - [select for diffs], Fri Jul 13 19:36:07 2012 UTC (11 years, 11 months ago) by mikeb
Branch: MAIN
Changes since 1.139: +29 -10 lines
Diff to previous 1.139 (colored)
Change the configuration format fed to the isakmpd FIFO to be able to specify extended options like SA Lifetime. All the hard work was done by lteo@, while naddy@ and me have made sure that defaults and AH still work; sthen and jmc have looked over the diffs as well.
Revision 1.139 / (download) - annotate - [select for diffs], Sun Jul 8 17:51:51 2012 UTC (11 years, 11 months ago) by naddy
Branch: MAIN
Changes since 1.138: +14 -14 lines
Diff to previous 1.138 (colored)
Disallow manual security associations that use AES-CTR, AES-GCM, or AES-GMAC. These algorithms cannot be used safely with static keys and RFCs 3686, 4106, and 4543 expressly forbid such configurations. Also include a tweak (with jmc@) to the key size explanation, for completeness sake. ok mikeb@
Revision 1.138 / (download) - annotate - [select for diffs], Sat Jun 30 14:51:31 2012 UTC (11 years, 11 months ago) by naddy
Branch: MAIN
Changes since 1.137: +6 -3 lines
Diff to previous 1.137 (colored)
enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESP
ok mikeb@
Revision 1.137 / (download) - annotate - [select for diffs], Tue Apr 24 14:56:09 2012 UTC (12 years, 1 month ago) by jmc
Branch: MAIN
Changes since 1.136: +7 -4 lines
Diff to previous 1.136 (colored)
take a stab at documenting when arguments need quoted, and valid macro characters; prompted by a diff from robert peichaer org thanks gilles and henning for feedback ok deraadt zinke
Revision 1.136 / (download) - annotate - [select for diffs], Sun Nov 13 09:52:58 2011 UTC (12 years, 7 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.135: +4 -3 lines
Diff to previous 1.135 (colored)
provide a specific section reference; from Lawrence Teo
Revision 1.135 / (download) - annotate - [select for diffs], Sat Sep 3 22:59:08 2011 UTC (12 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.134: +30 -30 lines
Diff to previous 1.134 (colored)
make -column lists pretty again; specifically, rewrite them to permit some markup in the column headers, and use "Ta" instead of literal tabs; mandoc does not currently match groff 100%, but a mandoc fix may be some time off, and we've gone enough releases with poorly formatting column lists. in some cases i have rewritten the lists as -tag, where -column made little sense.
Revision 1.134 / (download) - annotate - [select for diffs], Fri Aug 19 19:59:51 2011 UTC (12 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.133: +5 -8 lines
Diff to previous 1.133 (colored)
as with other list types, column lists generally do not need a Pp/-compact construct; this also sidesteps what seems to be a problem with mandoc, in that "-column -compact" seems to mess up the formatting. thus these pages should now have their lists formatted nicely (i.e. correctly aligned and with indent applied); as a side note, the fact that headers are not properly marked up is another issue which will be addressed separately (a mandoc fix is needed, i think). i have fudged a few of these to mark up properly, since the workaround does make sense for some pages. as another side note, i haven;t fixed man7, as i need to prepare a separate diff for kristaps and ingo.
Revision 1.133 / (download) - annotate - [select for diffs], Thu Jul 7 04:17:53 2011 UTC (12 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.132: +4 -4 lines
Diff to previous 1.132 (colored)
We can mention ipcomp, since it works
Revision 1.132 / (download) - annotate - [select for diffs], Fri Jun 24 21:11:27 2011 UTC (12 years, 11 months ago) by sthen
Branch: MAIN
Changes since 1.131: +4 -3 lines
Diff to previous 1.131 (colored)
wrap previous onto a second line
Revision 1.131 / (download) - annotate - [select for diffs], Fri Jun 24 21:10:16 2011 UTC (12 years, 11 months ago) by sthen
Branch: MAIN
Changes since 1.130: +3 -3 lines
Diff to previous 1.130 (colored)
nat-to rules require a direction
Revision 1.130 / (download) - annotate - [select for diffs], Wed Oct 6 22:19:20 2010 UTC (13 years, 8 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.129: +4 -7 lines
Diff to previous 1.129 (colored)
Retire Skipjack There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts.
Revision 1.129 / (download) - annotate - [select for diffs], Thu Sep 23 11:43:51 2010 UTC (13 years, 8 months ago) by mikeb
Branch: MAIN
Changes since 1.128: +3 -6 lines
Diff to previous 1.128 (colored)
change description for AES-GMAC a bit. prompted by reyk
Revision 1.128 / (download) - annotate - [select for diffs], Wed Sep 22 14:04:09 2010 UTC (13 years, 8 months ago) by mikeb
Branch: MAIN
Changes since 1.127: +12 -2 lines
Diff to previous 1.127 (colored)
Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMAC (as aes-gmac) encryption transformations in the ipsec.conf(5). Available "enc" arguments denoting use of 1) AES-GCM-16: aes-128-gcm for 160 bit key (128+nonce) aes-192-gcm for 224 bit key (192+nonce) aes-256-gcm for 288 bit key (256+nonce) 2) ENCR_NULL_AUTH_AES_GMAC: aes-128-gmac for 160 bit key (128+nonce) aes-192-gmac for 224 bit key (192+nonce) aes-256-gmac for 288 bit key (256+nonce) Please note that aes-gmac family performs no encryption and provides no confidentiality and is intended for cases in which confidentiality is not desired (it can be thought of as AH with NAT-T support). Also, although this implementation supports manual keying, it's use is strictly discouraged as AES-GCM security depends on frequent re-keying. So it can be thought of as a debug facility only. Example configuration: ike esp from 172.23.61.36 to 172.23.61.156 \ quick enc aes-256-gcm \ psk humppa Thoroughly tested by me and naddy. Works fine with Linux. Requires updated pfkeyv2.h include file. OK naddy
Revision 1.127 / (download) - annotate - [select for diffs], Sun Sep 19 20:59:20 2010 UTC (13 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.126: +3 -3 lines
Diff to previous 1.126 (colored)
more wacky macro fixing;
Revision 1.126 / (download) - annotate - [select for diffs], Mon Jun 7 08:32:58 2010 UTC (14 years ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.125: +3 -3 lines
Diff to previous 1.125 (colored)
fix a quoting wobble for the srcnat keyword; verified by reyk
Revision 1.125 / (download) - annotate - [select for diffs], Thu Jun 3 16:57:40 2010 UTC (14 years ago) by reyk
Branch: MAIN
Changes since 1.124: +9 -5 lines
Diff to previous 1.124 (colored)
update the manpages for isakmpd(8) and ipsec.conf(5) to point to iked(8) for IKEv2 and to clarify that a) isakmpd is IKEv1/ISAKMP only and b) iked(8) is IKEv2 only. ISAKMP/IKEv1 support is currently not supported by iked(8) and not worked on, but maybe in the future - I want to get IKEv2 support first done right. So keep on using isakmpd(8) for IKEv1 for now... ok deraadt@
Revision 1.124 / (download) - annotate - [select for diffs], Sat Jan 2 20:15:15 2010 UTC (14 years, 5 months ago) by schwarze
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.123: +3 -3 lines
Diff to previous 1.123 (colored)
Various syntax errors in list headers, found by mandoc(1), also required to fix the mandoc build. "fine. even if mandoc goes nowhere, it has found some bugs ;)" jmc@ ok sobrado@
Revision 1.123 / (download) - annotate - [select for diffs], Wed Oct 21 16:07:57 2009 UTC (14 years, 7 months ago) by sthen
Branch: MAIN
Changes since 1.122: +3 -3 lines
Diff to previous 1.122 (colored)
nat -> match...nat-to in example PF rule. ok mpf@
Revision 1.122 / (download) - annotate - [select for diffs], Thu Jan 29 14:30:48 2009 UTC (15 years, 4 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.121: +3 -3 lines
Diff to previous 1.121 (colored)
tweak previous;
Revision 1.121 / (download) - annotate - [select for diffs], Wed Jan 28 18:07:19 2009 UTC (15 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.120: +14 -4 lines
Diff to previous 1.120 (colored)
Allow to specify ike and flow explicitly without peer. The any keyword as argument for the peer parameter will do that. An ike without peer creates the peer-default config. A flow without peer acquires a host-to-host SA. tested by grunk@, todd@, ok grunk@, hshoexer@, todd@
Revision 1.120 / (download) - annotate - [select for diffs], Tue Jan 20 14:36:19 2009 UTC (15 years, 4 months ago) by mpf
Branch: MAIN
Changes since 1.119: +45 -3 lines
Diff to previous 1.119 (colored)
Add support to isakmpd(8) and ipsecctl(8) to install SA's with a different source network than we have negotiated with a peer. This enables us to do nat/binat on the enc(4) interface. Very useful to work around rfc 1918 collisions. Manpage and testing by Mitja Muzenic. Thanks! OK hshoexer@, markus@. "I like it" todd@
Revision 1.119 / (download) - annotate - [select for diffs], Sat Nov 29 11:32:59 2008 UTC (15 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.118: +7 -2 lines
Diff to previous 1.118 (colored)
Explain how /32 changes the address type to IPV4_ADDR_SUBNET. From Mitja Muzenic (mitja at muzenic dot net), many thanks!
Revision 1.118 / (download) - annotate - [select for diffs], Fri Apr 11 00:05:51 2008 UTC (16 years, 2 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.117: +8 -1 lines
Diff to previous 1.117 (colored)
add support for the "include" directive using code from pfctl/parse.y. pointed out by Prabhu Gurumurthy ok deraadt@
Revision 1.117 / (download) - annotate - [select for diffs], Fri Feb 22 23:51:31 2008 UTC (16 years, 3 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.116: +5 -2 lines
Diff to previous 1.116 (colored)
Support for specifying aes-{128,192,256}. Originial idea by Prabhu
Gurumurthy, tweaks and commit-ready diff by Mitja Muzenic! Thanks
guys!
ok todd@
Revision 1.116 / (download) - annotate - [select for diffs], Tue Feb 12 06:12:25 2008 UTC (16 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.115: +28 -14 lines
Diff to previous 1.115 (colored)
document modifier types; requested by Aurelien text from ipsecadm(8), hshoexer, and myself
Revision 1.115 / (download) - annotate - [select for diffs], Mon Sep 17 15:53:00 2007 UTC (16 years, 8 months ago) by sthen
Branch: MAIN
Changes since 1.114: +10 -6 lines
Diff to previous 1.114 (colored)
Document the syntax used with manual SAs for automatic creation of the SA matching return traffic; it was already there for spi but not authkey/enckey (all 3 are required). assistance and ok from jmc@
Revision 1.114 / (download) - annotate - [select for diffs], Thu May 31 19:19:44 2007 UTC (17 years ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.113: +2 -2 lines
Diff to previous 1.113 (colored)
convert to new .Dd format;
Revision 1.113 / (download) - annotate - [select for diffs], Tue Mar 6 18:26:34 2007 UTC (17 years, 3 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.112: +7 -3 lines
Diff to previous 1.112 (colored)
Explain, why aesctr has 160 bit keys (128 bit aes key + 32 bit nonce). ok jmc@
Revision 1.112 / (download) - annotate - [select for diffs], Mon Feb 19 14:20:46 2007 UTC (17 years, 3 months ago) by jmc
Branch: MAIN
Changes since 1.111: +2 -2 lines
Diff to previous 1.111 (colored)
tweak;
Revision 1.111 / (download) - annotate - [select for diffs], Mon Feb 19 10:00:13 2007 UTC (17 years, 3 months ago) by hshoexer
Branch: MAIN
Changes since 1.110: +5 -1 lines
Diff to previous 1.110 (colored)
Document NULL encryption.
Revision 1.110 / (download) - annotate - [select for diffs], Fri Feb 16 20:13:20 2007 UTC (17 years, 3 months ago) by cloder
Branch: MAIN
Changes since 1.109: +9 -9 lines
Diff to previous 1.109 (colored)
Address PR 5380: refer to DH MODP well-known group numbers. Thanks to sthen <at> symphytum DOT spacehopper DOT org
Revision 1.109 / (download) - annotate - [select for diffs], Tue Dec 12 21:20:02 2006 UTC (17 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.108: +5 -17 lines
Diff to previous 1.108 (colored)
a rewrite of enc.4, hopefully a little more useful than what we previously had; more can go in here, so feel free... many thanks to ho for feedback, and angelos and cedric who i harangued endlessly to explain nat/ipsec to me; the ipsec.conf.5 change just moves some stuff more appropriate to enc.4; ok hshoexer
Revision 1.108 / (download) - annotate - [select for diffs], Wed Dec 6 09:54:15 2006 UTC (17 years, 6 months ago) by jmc
Branch: MAIN
Changes since 1.107: +2 -2 lines
Diff to previous 1.107 (colored)
SAD -> SADB; ok hshoexer
Revision 1.107 / (download) - annotate - [select for diffs], Fri Nov 24 13:52:13 2006 UTC (17 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.106: +79 -1 lines
Diff to previous 1.106 (colored)
add support to tag ipsec traffic belonging to specific IKE-initiated phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@
Revision 1.106 / (download) - annotate - [select for diffs], Mon Nov 13 14:42:28 2006 UTC (17 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.105: +10 -4 lines
Diff to previous 1.105 (colored)
briefly describe phases 1 and 2, and use these terms more consistently in the rest of the page; help/ok hshoexer
Revision 1.105 / (download) - annotate - [select for diffs], Mon Nov 13 13:46:32 2006 UTC (17 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.104: +3 -2 lines
Diff to previous 1.104 (colored)
previous was not quite right;
Revision 1.104 / (download) - annotate - [select for diffs], Mon Nov 13 13:30:51 2006 UTC (17 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.103: +2 -2 lines
Diff to previous 1.103 (colored)
fix a macro mistake;
Revision 1.103 / (download) - annotate - [select for diffs], Wed Nov 1 03:10:02 2006 UTC (17 years, 7 months ago) by mcbride
Branch: MAIN
Changes since 1.102: +11 -5 lines
Diff to previous 1.102 (colored)
Add support for aggressive mode (from the k2k6 IPsec hackathon). ok hshoexer
Revision 1.102 / (download) - annotate - [select for diffs], Thu Oct 19 08:41:18 2006 UTC (17 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.101: +22 -11 lines
Diff to previous 1.101 (colored)
note that all rules using enc0 should specify: keep state (if-bound)
Revision 1.101 / (download) - annotate - [select for diffs], Fri Sep 29 10:56:33 2006 UTC (17 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.100: +2 -5 lines
Diff to previous 1.100 (colored)
add a new section header, since DESCRIPTION is getting so large...
Revision 1.100 / (download) - annotate - [select for diffs], Fri Sep 29 10:51:27 2006 UTC (17 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.99: +30 -10 lines
Diff to previous 1.99 (colored)
make it clearer what needs to be run, and how; push manual keying down the list; move the rc stuff from ipsecctl to ipsec.conf; ok hshoexer
Revision 1.99 / (download) - annotate - [select for diffs], Tue Sep 26 22:03:44 2006 UTC (17 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.98: +3 -3 lines
Diff to previous 1.98 (colored)
a better description of what our automatic keying example is up to; ok hshoexer
Revision 1.98 / (download) - annotate - [select for diffs], Fri Sep 22 13:12:13 2006 UTC (17 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.97: +26 -8 lines
Diff to previous 1.97 (colored)
- document which parts need to be packet filtered, and why - move example ruleset into a more logical order - correct the if-bound example (spotted by hshoexer) help/ok markus hshoexer
Revision 1.97 / (download) - annotate - [select for diffs], Fri Sep 15 14:03:35 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.96: +116 -116 lines
Diff to previous 1.96 (colored)
reorganise the sections to make more sense; ok hshoexer ho
Revision 1.96 / (download) - annotate - [select for diffs], Fri Sep 15 11:45:04 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)
clarification;
Revision 1.95 / (download) - annotate - [select for diffs], Fri Sep 15 11:35:50 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.94: +19 -9 lines
Diff to previous 1.94 (colored)
add in filtering rules to allow keying daemons to talk; help/ok markus
Revision 1.94 / (download) - annotate - [select for diffs], Thu Sep 14 15:09:22 2006 UTC (17 years, 9 months ago) by hshoexer
Branch: MAIN
Changes since 1.93: +2 -3 lines
Diff to previous 1.93 (colored)
simplify an example. ok jmc@
Revision 1.93 / (download) - annotate - [select for diffs], Wed Sep 13 11:40:01 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.92: +3 -3 lines
Diff to previous 1.92 (colored)
use "proto ipencap" for the gateway filter rules; pointed out by msf; explained by markus
Revision 1.92 / (download) - annotate - [select for diffs], Tue Sep 12 15:20:58 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.91: +3 -3 lines
Diff to previous 1.91 (colored)
note that enc traffic is unecrypted; from mpf
Revision 1.91 / (download) - annotate - [select for diffs], Tue Sep 12 13:29:39 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.90: +1 -2 lines
Diff to previous 1.90 (colored)
no need to Xr isakmpd.conf.5;
Revision 1.90 / (download) - annotate - [select for diffs], Tue Sep 12 13:28:47 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.89: +42 -6 lines
Diff to previous 1.89 (colored)
add a section on packet filtering ipsec traffic; input henning markus mcbride ok mcbride hshoexer
Revision 1.89 / (download) - annotate - [select for diffs], Mon Sep 11 10:34:53 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.88: +9 -15 lines
Diff to previous 1.88 (colored)
improvememnts for `local', `peer', and `psk'; ok hshoexer
Revision 1.88 / (download) - annotate - [select for diffs], Thu Sep 7 12:58:21 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.87: +7 -1 lines
Diff to previous 1.87 (colored)
note that we can filter ipsec traffic on the enc interface;
Revision 1.87 / (download) - annotate - [select for diffs], Thu Sep 7 12:38:09 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.86: +12 -7 lines
Diff to previous 1.86 (colored)
improve the tcpmd5 section; ok claudio hshoexer
Revision 1.86 / (download) - annotate - [select for diffs], Thu Sep 7 09:57:02 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.85: +85 -130 lines
Diff to previous 1.85 (colored)
move all the auth/enc/group stuff into one definitive section; help from ho hshoexer
Revision 1.85 / (download) - annotate - [select for diffs], Wed Sep 6 11:40:33 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.84: +35 -32 lines
Diff to previous 1.84 (colored)
start to group the parameters for AUTOMATIC KEYING in a more logical way; ok hshoexer
Revision 1.84 / (download) - annotate - [select for diffs], Tue Sep 5 11:33:22 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.83: +51 -104 lines
Diff to previous 1.83 (colored)
knock out a ton of Aq/Xo/Xc that was either unneeded, or just plain wrong;
Revision 1.83 / (download) - annotate - [select for diffs], Tue Sep 5 10:50:02 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.82: +4 -1 lines
Diff to previous 1.82 (colored)
document line splitting using `\';
Revision 1.82 / (download) - annotate - [select for diffs], Tue Sep 5 10:40:58 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.81: +28 -16 lines
Diff to previous 1.81 (colored)
slight text shuffle, and make the isakmpd bits clearer; ok hshoexer
Revision 1.81 / (download) - annotate - [select for diffs], Mon Sep 4 15:51:20 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.80: +12 -26 lines
Diff to previous 1.80 (colored)
some wording fixes for the section headers and minor tweaks;
Revision 1.80 / (download) - annotate - [select for diffs], Mon Sep 4 15:10:37 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.79: +30 -19 lines
Diff to previous 1.79 (colored)
document comments, address syntax, and list expansion; remove some duplicate text; ok hshoexer
Revision 1.79 / (download) - annotate - [select for diffs], Fri Sep 1 10:24:31 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.78: +19 -20 lines
Diff to previous 1.78 (colored)
a little better text for the sections; ok hshoexer
Revision 1.78 / (download) - annotate - [select for diffs], Thu Aug 31 18:44:48 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.77: +2 -6 lines
Diff to previous 1.77 (colored)
knock out the cpp/m4 stuff from MACROS; after discussion with many...
Revision 1.77 / (download) - annotate - [select for diffs], Thu Aug 31 17:50:43 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.76: +21 -6 lines
Diff to previous 1.76 (colored)
some improvements to srcid and destid, as noted by mpf; ok hshoexer mpf
Revision 1.76 / (download) - annotate - [select for diffs], Thu Aug 31 11:23:57 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.75: +45 -6 lines
Diff to previous 1.75 (colored)
expand DESCRIPTION; input from ho hshoexer naddy
Revision 1.75 / (download) - annotate - [select for diffs], Thu Aug 31 01:16:23 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored)
clarify an .Sh; agreed with hshoexer
Revision 1.74 / (download) - annotate - [select for diffs], Wed Aug 30 16:07:29 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.73: +10 -47 lines
Diff to previous 1.73 (colored)
cut down the examples; ok hshoexer
Revision 1.73 / (download) - annotate - [select for diffs], Wed Aug 30 14:16:00 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.72: +16 -15 lines
Diff to previous 1.72 (colored)
some tcp md5 bits;
Revision 1.72 / (download) - annotate - [select for diffs], Wed Aug 30 14:08:11 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.71: +15 -15 lines
Diff to previous 1.71 (colored)
comment out some comp stuff i missed earlier;
Revision 1.71 / (download) - annotate - [select for diffs], Wed Aug 30 12:58:25 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.70: +5 -2 lines
Diff to previous 1.70 (colored)
better wording for the key generation section;
Revision 1.70 / (download) - annotate - [select for diffs], Wed Aug 30 12:54:57 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.69: +2 -15 lines
Diff to previous 1.69 (colored)
kill more redundant text, and an oops;
Revision 1.69 / (download) - annotate - [select for diffs], Wed Aug 30 12:50:40 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.68: +8 -28 lines
Diff to previous 1.68 (colored)
remove some repeated text, and shuffle a little;
Revision 1.68 / (download) - annotate - [select for diffs], Wed Aug 30 12:31:07 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.67: +2 -2 lines
Diff to previous 1.67 (colored)
one more from ho;
Revision 1.67 / (download) - annotate - [select for diffs], Wed Aug 30 12:30:04 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.66: +2 -3 lines
Diff to previous 1.66 (colored)
correction; from ho
Revision 1.66 / (download) - annotate - [select for diffs], Wed Aug 30 12:27:54 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.65: +5 -17 lines
Diff to previous 1.65 (colored)
knock out some redundant text; from ho
Revision 1.65 / (download) - annotate - [select for diffs], Wed Aug 30 12:20:11 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.64: +14 -13 lines
Diff to previous 1.64 (colored)
put the PFS stuff in the right place; from uwe werler; tweaks/ok hshoexer ho
Revision 1.64 / (download) - annotate - [select for diffs], Wed Aug 30 11:44:23 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.63: +5 -5 lines
Diff to previous 1.63 (colored)
knock out ipcomp for now;
Revision 1.63 / (download) - annotate - [select for diffs], Wed Aug 30 11:41:45 2006 UTC (17 years, 9 months ago) by jmc
Branch: MAIN
Changes since 1.62: +478 -463 lines
Diff to previous 1.62 (colored)
put this page into a better structure order (very little text change); from hshoexer and myself; ok everyone
Revision 1.62 / (download) - annotate - [select for diffs], Tue Aug 29 18:10:31 2006 UTC (17 years, 9 months ago) by msf
Branch: MAIN
Changes since 1.61: +4 -2 lines
Diff to previous 1.61 (colored)
add support for ufqdn ids in ike rules ok hshoexer@
Revision 1.61 / (download) - annotate - [select for diffs], Tue Aug 29 17:52:40 2006 UTC (17 years, 9 months ago) by naddy
Branch: MAIN
Changes since 1.60: +16 -4 lines
Diff to previous 1.60 (colored)
Add support for IKE AH rules to ipsecctl. Man page input by jmc@. ok hshoexer@
Revision 1.60 / (download) - annotate - [select for diffs], Sat Jul 22 16:47:49 2006 UTC (17 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.59: +3 -3 lines
Diff to previous 1.59 (colored)
corrections from alexey e. suslikov; ok hshoexer
Revision 1.59 / (download) - annotate - [select for diffs], Wed Jun 28 13:15:41 2006 UTC (17 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.58: +10 -1 lines
Diff to previous 1.58 (colored)
document lists, prodded by david@
Revision 1.58 / (download) - annotate - [select for diffs], Sun Jun 18 18:18:01 2006 UTC (17 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.57: +7 -2 lines
Diff to previous 1.57 (colored)
add group "none"; when choosen, pfs will be disabled. ok david msf
Revision 1.57 / (download) - annotate - [select for diffs], Wed Jun 14 19:04:26 2006 UTC (18 years ago) by naddy
Branch: MAIN
Changes since 1.56: +23 -1 lines
Diff to previous 1.56 (colored)
recover list of key sizes from vpn(8); suggested by markus@, ok hshoexer@
Revision 1.56 / (download) - annotate - [select for diffs], Tue Jun 13 16:13:41 2006 UTC (18 years ago) by naddy
Branch: MAIN
Changes since 1.55: +13 -9 lines
Diff to previous 1.55 (colored)
For IKE, allow main mode SHA2 and quick mode AESCTR transforms, which were recently added to isakmpd. ok hshoexer@, markus@
Revision 1.55 / (download) - annotate - [select for diffs], Sun Jun 11 21:14:34 2006 UTC (18 years ago) by naddy
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (colored)
the default encryption algorithm with static keying is AES-CBC now; ok hshoexer@
Revision 1.54 / (download) - annotate - [select for diffs], Sun Jun 11 11:13:40 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.53: +7 -8 lines
Diff to previous 1.53 (colored)
Adopt to recent changes (mopd3072 is not the default anymore). Prodded by david@, thanks!
Revision 1.53 / (download) - annotate - [select for diffs], Thu Jun 8 21:15:21 2006 UTC (18 years ago) by naddy
Branch: MAIN
Changes since 1.52: +15 -2 lines
Diff to previous 1.52 (colored)
Add a transport mode specifier to ike rules. Tunnel mode remains the default. "looks right" hshoexer@
Revision 1.52 / (download) - annotate - [select for diffs], Fri Jun 2 18:15:26 2006 UTC (18 years ago) by david
Branch: MAIN
Changes since 1.51: +2 -2 lines
Diff to previous 1.51 (colored)
correct spelling of specified
Revision 1.51 / (download) - annotate - [select for diffs], Fri Jun 2 15:56:55 2006 UTC (18 years ago) by naddy
Branch: MAIN
Changes since 1.50: +21 -6 lines
Diff to previous 1.50 (colored)
document port modifiers in ike rules
Revision 1.50 / (download) - annotate - [select for diffs], Fri Jun 2 06:43:05 2006 UTC (18 years ago) by jmc
Branch: MAIN
Changes since 1.49: +80 -80 lines
Diff to previous 1.49 (colored)
mark up keywords using .Ic; ok hshoexer
Revision 1.49 / (download) - annotate - [select for diffs], Thu Jun 1 22:19:24 2006 UTC (18 years ago) by jmc
Branch: MAIN
Changes since 1.48: +4 -4 lines
Diff to previous 1.48 (colored)
address has two `d', and i had to use a dictionary to check ;)
Revision 1.48 / (download) - annotate - [select for diffs], Thu Jun 1 20:29:05 2006 UTC (18 years ago) by naddy
Branch: MAIN
Changes since 1.47: +20 -5 lines
Diff to previous 1.47 (colored)
document port matching in flows; ok hshoexer@
Revision 1.47 / (download) - annotate - [select for diffs], Sun May 28 08:04:34 2006 UTC (18 years ago) by jmc
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)
missing `Ar';
Revision 1.46 / (download) - annotate - [select for diffs], Sat May 27 17:37:02 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.45: +13 -4 lines
Diff to previous 1.45 (colored)
Adresses can be specified in CIDR notation, as symbolic host names, interface names or interface group names. So it's time to document this...
Revision 1.45 / (download) - annotate - [select for diffs], Sat May 27 17:21:40 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.44: +37 -5 lines
Diff to previous 1.44 (colored)
allow to specify groups to be used IKE
Revision 1.44 / (download) - annotate - [select for diffs], Fri May 26 09:26:07 2006 UTC (18 years ago) by jmc
Branch: MAIN
Changes since 1.43: +2 -3 lines
Diff to previous 1.43 (colored)
vpn.8 removal;
Revision 1.43 / (download) - annotate - [select for diffs], Thu May 18 21:27:24 2006 UTC (18 years ago) by miod
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
paramter -> parameter
Revision 1.42 / (download) - annotate - [select for diffs], Wed Apr 19 16:10:50 2006 UTC (18 years, 1 month ago) by hshoexer
Branch: MAIN
Changes since 1.41: +5 -1 lines
Diff to previous 1.41 (colored)
"type" keyword to specify flow type (require, use, etc.)
Revision 1.41 / (download) - annotate - [select for diffs], Wed Apr 19 15:49:49 2006 UTC (18 years, 1 month ago) by hshoexer
Branch: MAIN
Changes since 1.40: +9 -7 lines
Diff to previous 1.40 (colored)
add hostname resolver. at least some eyeballing by cloder@ tested by jean raby, requested/suggested by rod withworth
Revision 1.40 / (download) - annotate - [select for diffs], Thu Apr 13 11:55:07 2006 UTC (18 years, 2 months ago) by hshoexer
Branch: MAIN
Changes since 1.39: +10 -5 lines
Diff to previous 1.39 (colored)
Add support for "local" to ike rules. Allows to specify the local IP to be used on a multi-homed machine. Also, relax order of peer/local keywords. ok markus@
Revision 1.39 / (download) - annotate - [select for diffs], Wed Apr 12 14:48:12 2006 UTC (18 years, 2 months ago) by hshoexer
Branch: MAIN
Changes since 1.38: +19 -1 lines
Diff to previous 1.38 (colored)
document that tunnel and transport mode can be specified for SAs.
Revision 1.38 / (download) - annotate - [select for diffs], Fri Mar 31 16:30:47 2006 UTC (18 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.37: +5 -5 lines
Diff to previous 1.37 (colored)
tweaks;
Revision 1.37 / (download) - annotate - [select for diffs], Fri Mar 31 14:02:08 2006 UTC (18 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.36: +17 -1 lines
Diff to previous 1.36 (colored)
allow specification of encapsulated protocol for ike; ok hshoexer
Revision 1.36 / (download) - annotate - [select for diffs], Fri Mar 31 13:13:51 2006 UTC (18 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.35: +17 -1 lines
Diff to previous 1.35 (colored)
allow specification of encapsulated protocol for flows; ok hshoexer
Revision 1.35 / (download) - annotate - [select for diffs], Fri Mar 31 09:15:18 2006 UTC (18 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
uppercase `ip';
Revision 1.34 / (download) - annotate - [select for diffs], Thu Mar 30 12:44:20 2006 UTC (18 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.33: +12 -2 lines
Diff to previous 1.33 (colored)
allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok hshoexer, reyk
Revision 1.33 / (download) - annotate - [select for diffs], Wed Mar 22 16:01:23 2006 UTC (18 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.32: +20 -1 lines
Diff to previous 1.32 (colored)
add support for macros in ipsec.conf(5). some bits have already been there. requested by david@ ok hshoexer@, msf@
Revision 1.32 / (download) - annotate - [select for diffs], Tue Mar 7 00:30:28 2006 UTC (18 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.31: +17 -1 lines
Diff to previous 1.31 (colored)
add support for special "bypass" and "deny" flows. ok hshoexer@, thanks jmc@
Revision 1.31 / (download) - annotate - [select for diffs], Tue Mar 7 00:19:58 2006 UTC (18 years, 3 months ago) by reyk
Branch: MAIN
Changes since 1.30: +23 -6 lines
Diff to previous 1.30 (colored)
add an ike option for road warrior setups (hosts with dynamic ip addresses). "ike dynamic esp" will use the system's hostname as the fqdn source id (instead of the ip address) by default and enable dpd (dead peer detection) to allow smooth reconnects after an ip address change (i.e. forced reconnect with consumer adsl lines). ok hshoexer@, looks fine markus@, jmc@
Revision 1.30 / (download) - annotate - [select for diffs], Tue Feb 21 12:19:17 2006 UTC (18 years, 3 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.29: +3 -3 lines
Diff to previous 1.29 (colored)
The new default encryption algorithm for main mode is AES instead of 3DES. Noticed as not being documented by otto@. ok otto@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jan 16 23:57:20 2006 UTC (18 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.28: +10 -7 lines
Diff to previous 1.28 (colored)
add support for pre-shared keys with "ike esp" using the new keyword "psk". rsa-sig is recommended and will still be used by default. ok hshoexer@, manpage ok jmc@
Revision 1.28 / (download) - annotate - [select for diffs], Tue Dec 6 14:27:57 2005 UTC (18 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.27: +9 -1 lines
Diff to previous 1.27 (colored)
ipip support: ip-in-ip w/o gif(4); ok hshoexer
Revision 1.27 / (download) - annotate - [select for diffs], Thu Nov 24 13:53:41 2005 UTC (18 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
"hmac" not "hmc", notice by <gwyllion at ulyssis dot org>
Revision 1.26 / (download) - annotate - [select for diffs], Thu Nov 24 11:53:23 2005 UTC (18 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.25: +6 -8 lines
Diff to previous 1.25 (colored)
Make clear we only have "hmac-sha1" and "hmac-md5".
Revision 1.25 / (download) - annotate - [select for diffs], Sun Oct 30 21:26:16 2005 UTC (18 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.24: +5 -4 lines
Diff to previous 1.24 (colored)
- SEE ALSO is sorted by section first - new sentence, new line
Revision 1.24 / (download) - annotate - [select for diffs], Sun Oct 30 19:54:07 2005 UTC (18 years, 7 months ago) by hshoexer
Branch: MAIN
Changes since 1.23: +4 -3 lines
Diff to previous 1.23 (colored)
Xr ipcomp, sort "SEE ALSO" section
Revision 1.23 / (download) - annotate - [select for diffs], Sun Oct 30 19:50:59 2005 UTC (18 years, 7 months ago) by hshoexer
Branch: MAIN
Changes since 1.22: +16 -1 lines
Diff to previous 1.22 (colored)
describe ipcomp
Revision 1.22 / (download) - annotate - [select for diffs], Sun Oct 16 21:24:45 2005 UTC (18 years, 7 months ago) by hshoexer
Branch: MAIN
Changes since 1.21: +7 -1 lines
Diff to previous 1.21 (colored)
Add keyword "any" for addresses, reduces to "0.0.0.0/0".
Revision 1.21 / (download) - annotate - [select for diffs], Fri Sep 23 14:56:06 2005 UTC (18 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.20: +18 -8 lines
Diff to previous 1.20 (colored)
- beef up DESCRIPTION - document that paths to key files may be relative or absolute - reference vpn(8) in SEE ALSO most of this diff came about from a mail from benjamin pineau who mailed hshoexer and myself about some possible improvements to this file; ok hshoexer@
Revision 1.20 / (download) - annotate - [select for diffs], Mon Sep 19 15:44:35 2005 UTC (18 years, 8 months ago) by jmc
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
grammar; from benjamin pineau; ok hshoexer@
Revision 1.19 / (download) - annotate - [select for diffs], Tue Aug 23 07:48:04 2005 UTC (18 years, 9 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.18: +14 -15 lines
Diff to previous 1.18 (colored)
grammar + formatting tweaks;
Revision 1.18 / (download) - annotate - [select for diffs], Mon Aug 22 22:10:02 2005 UTC (18 years, 9 months ago) by hshoexer
Branch: MAIN
Changes since 1.17: +158 -1 lines
Diff to previous 1.17 (colored)
document recent changes ok deraadt
Revision 1.17 / (download) - annotate - [select for diffs], Mon Aug 22 04:27:18 2005 UTC (18 years, 9 months ago) by david
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
spelling
Revision 1.16 / (download) - annotate - [select for diffs], Thu Aug 11 09:26:27 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.15: +126 -1 lines
Diff to previous 1.15 (colored)
document recent changes, with jmc@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Aug 10 08:49:33 2005 UTC (18 years, 10 months ago) by jmc
Branch: MAIN
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)
- typo - generate a backslash using `\e', not `\\'
Revision 1.14 / (download) - annotate - [select for diffs], Tue Aug 9 14:00:07 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.13: +18 -2 lines
Diff to previous 1.13 (colored)
Document how to read keys from a file.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Aug 5 14:39:02 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.12: +6 -6 lines
Diff to previous 1.12 (colored)
prepare for authentication and encryption keys, not used yet.
Revision 1.12 / (download) - annotate - [select for diffs], Sat Jul 23 20:44:36 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.11: +13 -3 lines
Diff to previous 1.11 (colored)
document automatic generation of reverse SA rules.
Revision 1.11 / (download) - annotate - [select for diffs], Sun Jul 10 07:56:56 2005 UTC (18 years, 11 months ago) by jmc
Branch: MAIN
Changes since 1.10: +4 -4 lines
Diff to previous 1.10 (colored)
tweaks; ok hshoexer@
Revision 1.10 / (download) - annotate - [select for diffs], Sat Jul 9 22:24:44 2005 UTC (18 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored)
forgot to .Xr tcp(4)
Revision 1.9 / (download) - annotate - [select for diffs], Sat Jul 9 22:22:44 2005 UTC (18 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.8: +36 -1 lines
Diff to previous 1.8 (colored)
describe how to setup tcpmd5
Revision 1.8 / (download) - annotate - [select for diffs], Sun Apr 10 14:02:45 2005 UTC (19 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.7: +24 -18 lines
Diff to previous 1.7 (colored)
misc clean up;
Revision 1.7 / (download) - annotate - [select for diffs], Sat Apr 9 23:39:48 2005 UTC (19 years, 2 months ago) by hshoexer
Branch: MAIN
Changes since 1.6: +10 -8 lines
Diff to previous 1.6 (colored)
clarify in/out a bit, add SEE ALSO section.
Revision 1.6 / (download) - annotate - [select for diffs], Sat Apr 9 23:32:22 2005 UTC (19 years, 2 months ago) by hshoexer
Branch: MAIN
Changes since 1.5: +83 -74 lines
Diff to previous 1.5 (colored)
Rewrite, work in progress
Revision 1.5 / (download) - annotate - [select for diffs], Wed Apr 6 15:36:13 2005 UTC (19 years, 2 months ago) by msf
Branch: MAIN
Changes since 1.4: +1 -3 lines
Diff to previous 1.4 (colored)
- change to two clause bsd license
Revision 1.4 / (download) - annotate - [select for diffs], Tue Apr 5 10:07:46 2005 UTC (19 years, 2 months ago) by tom
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
The first release this will appear in is OpenBSD 3.8 ok jmc@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Apr 5 07:14:00 2005 UTC (19 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.2: +9 -9 lines
Diff to previous 1.2 (colored)
cleanup; ok hshoexer@
Revision 1.2 / (download) - annotate - [select for diffs], Mon Apr 4 22:22:55 2005 UTC (19 years, 2 months ago) by hshoexer
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
fix cvs id tags
Revision 1.1 / (download) - annotate - [select for diffs], Mon Apr 4 22:19:50 2005 UTC (19 years, 2 months ago) by hshoexer
Branch: MAIN
Add ipsecctl utility, work in progress ok deraadt