Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
223,495 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

607 Commits

Author SHA1 Message Date
christos 7eb6f06c8c remove unused variables 2013-10-20 21:17:28 +00:00
wiz a5684d07dd Use Mt for email addresses. 2013-07-20 21:39:55 +00:00
tteras 2d9f2eda4f From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Export phase1 
remote address as Radius Calling-Station-Id.
 2013-07-19 10:54:52 +00:00
christos a2f4868d2a add RTM_LOSING, RTM_REDIRECT 2013-07-18 17:02:58 +00:00
tteras 4595769cee From Sven Vermeulen <sven.vermeulen@siphos.be>: Moves ploginit() up, 
allowing logging events from init_avc() to show up as well.
 2013-07-12 13:11:50 +00:00
christos c59ba37534 Add an option --enable-wildcard-match to enable wildcard matching and explain 
why we might want it and why it is a bad idea in general that's why it is
not enabled by default. ok tteras@, manu@
 2013-06-20 15:41:18 +00:00
tteras 4f62ef74bd From Paul Barker: Remove redundant memset after calloc that caused compile 
failures with gcc 4.8 due to error: argument to 'sizeof' in 'memset' call
is the same expression as the destination; did you mean to dereference.
 2013-06-18 05:39:50 +00:00
christos 54da44c072 Accept - as stdin 
Be nice and let the user know which file it could not open.
 2013-06-14 16:29:14 +00:00
tteras 05fbc8efab From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port 
establish-sa for tunnel mode SAs.
 2013-06-03 05:49:31 +00:00
tteras fdd5bac4fc From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix 
SADB_X_EALG_CASTCBC definition to use system definition (which
differs at least on Linux).
------------------------
 2013-05-23 05:42:29 +00:00
mbalmer b1090dff8a racoon default config is in /etc/racoon/racoon.conf 2013-05-08 20:03:02 +00:00
tteras 32d6075c95 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Do not send out 
illegal zero length MODE_CFG attributes.
 2013-04-12 10:03:45 +00:00
tteras 3d2760a386 Some logging improvements. 2013-04-12 09:53:10 +00:00
tteras fde1259d48 Fix source port selection 2013-02-05 11:36:17 +00:00
tteras 0849876e12 From Ian West <ian@niw.com.au>: Fix double free of the radius info on 
config reload.
 2013-02-05 06:22:29 +00:00
tteras b889f6fc93 Fix handling of deletion notification. 2013-01-24 06:47:50 +00:00
tteras b607d37b51 Fix errors from automake 1.13 2013-01-08 12:42:31 +00:00
tteras 252bdda2a4 Don't derefence the directory symlink which we might be recreating. 2013-01-08 12:38:40 +00:00
tteras c577d46f00 From Götz Babin-Ebell <g.babin-ebell@novamedia.de>: Smarter X.509 subject 
name compare.
 2012-12-24 14:50:04 +00:00
tteras 411eef5f44 From Götz Babin-Ebell <g.babin-ebell@novamedia.de: 
Require OpenSSL 0.9.8s or higher
 2012-12-24 08:46:27 +00:00
wiz 43e793251e Bump date for previous. 2012-11-30 08:19:01 +00:00
vanhu 2bdb1d3e0a Added support for AES GCM 16 in phase2 negociations. Code from Christophe Carre / NETASQ 2012-11-29 15:31:24 +00:00
tteras 880340da60 From Roman Hoog Antink <rha@open.ch>: Accept DPD messages with cookies 
also in reversed order for compatiblity. At least Cisco 836 running
IOS 12.3(8)T does this.
 2012-08-29 12:01:30 +00:00
tteras 6c437507a2 From Roman Hoog Antink <rha@open.ch>: add remote's IP address to the 
"certificate not verified" error message.
 2012-08-29 11:34:37 +00:00
tteras f2b1919eeb From Roman Hoog Antink <rha@open.ch>: do not print unnecessary warning 
about non-verified certificate when using raw plain-rsa.
 2012-08-29 11:24:11 +00:00
manu 5fe2cf73eb Fix make test on powermac G5. Patch from Nakano Takaharu 2012-08-15 14:51:30 +00:00
wiz de33c51b97 Bump date for previous. 2012-02-18 13:51:29 +00:00
drochner 544002eb2d mention esp-udp 2012-02-18 13:42:45 +00:00
wiz e2fe99ce62 Use the correct constant. 
From FreeBSD via Henning Petersen in PR 46005.
 2012-02-13 13:03:06 +00:00
wiz 71a175ae1b Bump date for previous. 2012-01-26 21:54:26 +00:00
drochner c51fcdeec7 also mention the aes-gcm ESP variants 2012-01-26 21:11:27 +00:00
tteras aa9b8479a9 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Enhance splitnet 
environment variable string value generation.
 2012-01-10 12:07:30 +00:00
wiz 59bb0b8307 Bump date for previous. 2012-01-09 15:41:21 +00:00
drochner 4fa381bcb2 allow setkey(8) set and display the ESP fragment size in the NAT-T case, 
userland part of PR kern/44952 by Wolfgang Stukenbrock, just changed
the "frag" option name to "esp_frag", for consistency to the existing
option of similar effect in racoon(8)
 2012-01-09 15:25:13 +00:00
wiz 8d8e2b7310 Bump date for previous. 2012-01-04 16:30:50 +00:00
drochner 8fd6dadaf8 include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland 
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))
 2012-01-04 16:09:40 +00:00
drochner 3712f81ced -consistently use "char *" for the compiled policy buffer in the 
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
 in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
 differences between KAME ans FAST_IPSEC
 2012-01-04 15:55:35 +00:00
tteras 2713c54c73 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix one byte too 
short memory allocation in isakmp_unity.c:splitnet_list_2str().
 2012-01-01 17:31:42 +00:00
tteras 11e30c248c From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix default NAT-T 
port for listen { isakmp_natt } config directive.
 2012-01-01 16:14:11 +00:00
tteras 40d768bf75 From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix various typos in 
comments and log messages. Fix default port used in copy_ph1addresses().
 2012-01-01 15:57:31 +00:00
tteras dbe8969919 Fix myaddr_getsport() to return -1 if no suitable address is found. This is 
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.
 2012-01-01 15:54:51 +00:00
tteras 838cfe4724 Fix the previous commit. 2012-01-01 15:44:06 +00:00
tteras b448c51c51 From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix memory leaks from 
configuration reading code, and clean up error handling.
 2012-01-01 15:29:28 +00:00
vanhu 0a7daa593d fixed some crashes in LIST_FOREACH where current element could be removed during the loop 2011-11-17 14:41:55 +00:00
wiz 3efedf2ce7 Bump date for new tls option. 2011-11-15 19:15:58 +00:00
tteras c7d190f034 From Vincent Bernat <bernat@luffy.cx>: TLS support for LDAP 2011-11-15 13:51:23 +00:00
tteras 84d53e8c5d From Marcelo Leitner <mleitner@redhat.com>: do not shrink pfkey socket 
buffers (if system default is larger than what we want as minimum)
 2011-11-14 13:24:04 +00:00
tteras a09a6d0cd5 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Release unused 
phase2 of passive remotes after acquire.
 2011-10-11 14:50:15 +00:00
tteras 4c2f40f96a From Wolfgang Schmieder <wolfgang.schmieder@honeywell.com>: setup phase1 
port properly.
 2011-10-11 14:37:17 +00:00
tteras cbb586e05f Allow inherited remote blocks without additional remote statements to 
be specified in a simpler way. patch by Roman Hoog Antink <rha@open.ch>
 2011-08-19 05:36:47 +00:00