![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / ikectl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.31 / (download) - annotate - [select for diffs], Tue May 21 05:00:48 2024 UTC (12 days, 7 hours ago) by jsg
Branch: MAIN
CVS Tags: HEAD
Changes since 1.30: +1 -2 lines
Diff to previous 1.30 (colored)
remove prototypes with no matching function and externs with no var partly checked by millert@
Revision 1.30 / (download) - annotate - [select for diffs], Sun Dec 4 11:54:31 2022 UTC (17 months, 4 weeks ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.29: +6 -6 lines
Diff to previous 1.29 (colored)
Rename sun to s_un for portability. ok patrick@
Revision 1.29 / (download) - annotate - [select for diffs], Sat Dec 3 22:34:35 2022 UTC (17 months, 4 weeks ago) by tobhe
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
Consistently use uintXX_t from <stdint.h> instead of u_intXX_t.
Revision 1.28 / (download) - annotate - [select for diffs], Mon Sep 19 20:54:02 2022 UTC (20 months, 1 week ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.27: +61 -1 lines
Diff to previous 1.27 (colored)
Add iked connection statistics for successful and failed connections, common error types and other events that help analyze errors in larger setups. The counters can be printed with 'ikectl show stats'. ok bluhm@ patrick@ from and ok markus@
Revision 1.27 / (download) - annotate - [select for diffs], Sun Nov 21 22:44:08 2021 UTC (2 years, 6 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.26: +13 -3 lines
Diff to previous 1.26 (colored)
Add 'ikectl show certinfo' to show trusted CAs and certificates. This helps debug authentication issues with x509 certificates. ok markus@
Revision 1.26 / (download) - annotate - [select for diffs], Wed Jun 10 17:44:44 2020 UTC (3 years, 11 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
Cast imsg->data to char pointer to silence GCC warning warning: format '%s' expects type 'char *', but argument 2 has type 'void *' Seen on sparc64. OK tobhe
Revision 1.25 / (download) - annotate - [select for diffs], Sun Mar 22 15:59:05 2020 UTC (4 years, 2 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.24: +27 -1 lines
Diff to previous 1.24 (colored)
Add 'ikectl show sa' command to print information about the state of negotiated IKE SAs, their Child SAs and resulting IPsec flows. ok patrick@
Revision 1.24 / (download) - annotate - [select for diffs], Wed Mar 18 22:12:43 2020 UTC (4 years, 2 months ago) by tobhe
Branch: MAIN
Changes since 1.23: +5 -1 lines
Diff to previous 1.23 (colored)
Add 'ikectl reset id <ID>' command to reset all SAs from policies with matching destination ID. ok patrick@ markus@
Revision 1.23 / (download) - annotate - [select for diffs], Sat Dec 5 13:11:18 2015 UTC (8 years, 5 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)
EAGAIN handling for imsg_read. OK henning@ benno@
Revision 1.22 / (download) - annotate - [select for diffs], Fri Nov 6 06:29:11 2015 UTC (8 years, 6 months ago) by jsg
Branch: MAIN
Changes since 1.21: +7 -1 lines
Diff to previous 1.21 (colored)
Use pledge in ikectl. For now one request for sending imsgs to iked another request for the ca portion. ok deraadt@
Revision 1.21 / (download) - annotate - [select for diffs], Mon Nov 2 10:27:44 2015 UTC (8 years, 7 months ago) by jsg
Branch: MAIN
Changes since 1.20: +3 -1 lines
Diff to previous 1.20 (colored)
Accept an ocsp option when creating certificates to set the extended key usage for OCSP signing. Requested by and ok reyk@
Revision 1.20 / (download) - annotate - [select for diffs], Wed Aug 19 13:30:54 2015 UTC (8 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.19: +3 -3 lines
Diff to previous 1.19 (colored)
Use C99 integer types in ikectl(8). OK jsg@
Revision 1.19 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:17 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.18: +1 -2 lines
Diff to previous 1.18 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.18 / (download) - annotate - [select for diffs], Thu Nov 14 20:48:52 2013 UTC (10 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
cope with the EAGAIN API change for msgbuf_write() ok benno
Revision 1.17 / (download) - annotate - [select for diffs], Fri Aug 16 19:47:42 2013 UTC (10 years, 9 months ago) by guenther
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
Use %lld and cast to (long long) when printing time_t values otto@ millert@ lteo@ mikeb@ deraadt@
Revision 1.16 / (download) - annotate - [select for diffs], Tue Jan 8 10:38:19 2013 UTC (11 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
Revision 1.15 / (download) - annotate - [select for diffs], Thu Nov 1 21:27:32 2012 UTC (11 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.14: +1 -6 lines
Diff to previous 1.14 (colored)
Remove dead code that was a leftover from the initial code which was based on snmpctl. Found and committed from the plane in 10km (35.000 feet). No functional change and this diff doesn't touch any crypto code so the current country below me cannot blame me for importing / exporting any crypto. ok benno@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Sep 18 12:07:59 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
update email addresses to match reality. sure jsg@ mikeb@
Revision 1.13 / (download) - annotate - [select for diffs], Wed May 2 18:01:25 2012 UTC (12 years, 1 month ago) by gsoares
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
s/snmpd/iked/ in comment ok henning@
Revision 1.12 / (download) - annotate - [select for diffs], Fri May 27 12:01:02 2011 UTC (13 years ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.11: +3 -2 lines
Diff to previous 1.11 (colored)
spacing
Revision 1.11 / (download) - annotate - [select for diffs], Fri Oct 8 11:41:56 2010 UTC (13 years, 7 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.10: +13 -1 lines
Diff to previous 1.10 (colored)
if non absolute paths are specified in install commands assume they are relative to /etc
Revision 1.10 / (download) - annotate - [select for diffs], Fri Oct 8 10:13:47 2010 UTC (13 years, 7 months ago) by jsg
Branch: MAIN
Changes since 1.9: +6 -6 lines
Diff to previous 1.9 (colored)
allow optional paths for the install commands so we can install into the isakmpd directory hierarchy for example.
Revision 1.9 / (download) - annotate - [select for diffs], Fri Oct 8 07:45:06 2010 UTC (13 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.8: +2 -2 lines
Diff to previous 1.8 (colored)
Allow to show certificate details (show ca x cert [y]).
Revision 1.8 / (download) - annotate - [select for diffs], Thu Oct 7 13:30:50 2010 UTC (13 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.7: +3 -3 lines
Diff to previous 1.7 (colored)
Allow to specify the export password on the command line (optionally, for scripting). The "peer" argument now needs to be preceded with the "peer" keyword, eg. ... export peer 10.1.1.1 instead of export 10.1.1.1.
Revision 1.7 / (download) - annotate - [select for diffs], Thu Oct 7 13:28:46 2010 UTC (13 years, 7 months ago) by jmc
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
sync usage();
Revision 1.6 / (download) - annotate - [select for diffs], Thu Oct 7 12:23:14 2010 UTC (13 years, 7 months ago) by reyk
Branch: MAIN
Changes since 1.5: +15 -18 lines
Diff to previous 1.5 (colored)
- add a -q (quiet) command line option that will be used by ikeca to set openssl batch mode: don't ask for x509 options, use the defaults. - allow to specify the initial ca password on the command line to also make it scriptable. - allow to create certificates for clientAuth or serverAuth only (eg. ikectl ca foo certificate bar server). - cosmetics: move double declarations of ca_*() functions to parser.h. ok phessler@
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jun 23 16:01:01 2010 UTC (13 years, 11 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.4: +7 -3 lines
Diff to previous 1.4 (colored)
Add a ca export command for EAP mode where we only require the CA cert, and make both export commands optionally take an argument that will be added to a peer.txt file in the exported output. Additionally include any site specific notes from /usr/share/iked if present. man page bits and help with the parser from reyk
Revision 1.4 / (download) - annotate - [select for diffs], Mon Jun 14 17:41:18 2010 UTC (13 years, 11 months ago) by jsg
Branch: MAIN
Changes since 1.3: +21 -1 lines
Diff to previous 1.3 (colored)
Add commands to create/delete/install/import keys without involving certificates as suggested by reyk and don't recreate private keys if a key already exists. ok reyk@
Revision 1.3 / (download) - annotate - [select for diffs], Thu Jun 10 16:14:04 2010 UTC (13 years, 11 months ago) by jsg
Branch: MAIN
Changes since 1.2: +6 -1 lines
Diff to previous 1.2 (colored)
Add a command to revoke a certificate and generate a CRL; make the ca install command install the CRL as well. discussed with reyk@
Revision 1.2 / (download) - annotate - [select for diffs], Thu Jun 10 14:08:37 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.1: +13 -1 lines
Diff to previous 1.1 (colored)
add new commands: the couple/decouple commands will set loading of the learned flows and SAs to the kernel which is useful for testing and debugging. the active/passive commands are required to use iked with sasyncd(8); sasyncd just needs to call "ikectl active/passive" or send the appropriate imsg to support iked but this is not implemented yet.
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jun 3 16:49:00 2010 UTC (14 years ago) by reyk
Branch: MAIN
Import iked, a new implementation of the IKEv2 protocol. iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@