aboutsummaryrefslogtreecommitdiffstats
path: root/man/ipsec.conf.5.in
Commit message (Collapse)AuthorAgeFilesLines
* man: Document replay_window ipsec.conf optionTobias Brunner2014-06-301-0/+9
|
* ike: Restart inactivity counter after doing a CHILD_SA rekeyMartin Willi2014-01-231-1/+3
| | | | | | | | | | | | When doing a rekey for a CHILD_SA, the use counters get reset. An inactivity job is queued for a time unrelated to the rekey time, so it might happen that the inactivity job gets executed just after rekeying. If this happens, inactivity is detected even if we had traffic on the rekeyed CHILD_SA just before rekeying. This change implies that inactivity checks can't handle inactivity timeouts for rekeyed CHILD_SAs, and therefore requires that inactivity timeout is shorter than the rekey time to have any effect.
* ipsec.conf.5: Note about ICMP[v6] message type/code addedTobias Brunner2013-10-171-0/+8
|
* ipsec.conf: Add a description for the new 'ah' keyword.Martin Willi2013-10-111-0/+41
|
* Build generated man pages via configure scriptTobias Brunner2013-09-131-1/+1
|
* man: add support for multiple addresses/ranges/subnets in ipsec.conf left=Martin Willi2013-09-041-3/+10
|
* man: update ipsec.conf modeconfig keywordMartin Willi2013-09-041-2/+1
|
* Fix various API doc issues and typosTobias Brunner2013-07-181-1/+1
| | | | Partially based on an old patch by Adrian-Ken Rueegsegger.
* ipsec.conf.5: closeaction is now supported for IKEv1Tobias Brunner2013-07-171-2/+1
|
* stroke: Changed how proto/port are specified in left|rightsubnetTobias Brunner2013-06-281-6/+7
| | | | Using a colon as separator conflicts with IPv6 addresses.
* man: update ipsec.conf.5, describing new proto/port definition within leftsubnetMartin Willi2013-06-191-24/+34
|
* Load any type (RSA/ECDSA) of public key via left|rightsigkeyTobias Brunner2013-05-071-4/+6
|
* left|rightrsasigkey accepts SSH keys but the key format has to be specified ↵Tobias Brunner2013-05-071-3/+9
| | | | | | | explicitly The default is now PKCS#1. With the dns: and ssh: prefixes other formats can be selected.
* Merge branch 'multi-cert'Martin Willi2013-03-011-0/+4
|\ | | | | | | | | Allows the configuration of multiple certificates in leftcert, and select the correct certificate to use based on the received certificate requests.
| * Add ipsec.conf.5 updates regarding multiple certificates in leftcertMartin Willi2013-01-181-0/+4
| |
* | Merge branch 'opaque-ports'Martin Willi2013-03-011-0/+8
|\ \ | | | | | | | | | | | | Adds a %opaque port option and support for port ranges in left/rightprotoport. Currently not supported by any of our kernel backends.
| * | Document ipsec.conf leftprotoport extensions in manpageMartin Willi2013-02-211-0/+8
| |/
* / Add ikedscp documentation to ipsec.conf.5Martin Willi2013-02-061-0/+5
|/
* Added an option that allows to force IKEv1 fragmentationTobias Brunner2013-01-121-4/+9
|
* Use a connection specific option to en-/disable IKEv1 fragmentationTobias Brunner2012-12-241-0/+10
|
* Updated ipsec.conf.5 regarding (CA) certificates loaded from smartcardsMartin Willi2012-10-241-5/+7
|
* Add leftcert ipsec.conf.5 documentation about smartcard certificatesMartin Willi2012-10-241-0/+12
|
* Add ipsec.conf.5 documentation for explicit PRFs in IKE proposalsMartin Willi2012-10-241-7/+17
|
* Update ipsec.conf.5, leftsubnet can handle multiple subnets in IKEv1 with UnityMartin Willi2012-09-181-2/+3
|
* Set AUTH_RULE_IDENTITY_LOOSE for rightid=%<identity>Tobias Brunner2012-09-181-0/+12
|
* Some updates to ipsec.conf(5) man pageTobias Brunner2012-09-121-49/+70
|
* Add uniqueids=never to ignore INITIAL_CONTACT notifiesTobias Brunner2012-09-101-9/+16
| | | | | | With uniqueids=no the daemon still deletes any existing IKE_SA with the same peer if an INITIAL_CONTACT notify is received. With this new option it also ignores these notifies.
* Merge branch 'multi-vip'Martin Willi2012-08-311-6/+16
|\ | | | | | | | | | | | | Brings support for multiple virtual IPs and multiple pools in left/rigthsourceip definitions. Also introduces the new left/rightdns options to configure requested DNS server address family and respond with multiple connection specific servers.
| * Updated ipsec.conf.5 with multiple left/rightsourceip supportMartin Willi2012-08-301-6/+6
| |
| * Add a description of the leftdns option to ipsec.conf.5Martin Willi2012-08-211-0/+10
| |
* | Documentation for eap-dynamic addedTobias Brunner2012-08-311-0/+1
|/
* Added ESP log group for libipsec log messages.Tobias Brunner2012-08-081-1/+2
|
* Add an ipsec.conf leftgroups2 parameter for the second authentication roundMartin Willi2012-07-261-0/+6
|
* Some updates in ipsec.conf(5) for 5.0.0Tobias Brunner2012-06-261-36/+50
|
* added secret as valid authby argumentAndreas Steffen2012-06-181-1/+1
|
* Add documentation for signature hash algorithm enforcing to man ipsec.confMartin Willi2012-06-121-4/+11
|
* starter: Drop support for %defaultroute.Tobias Brunner2012-06-111-16/+2
|
* Updated ipsec.conf(5) to reflect changes to IPComp support.Tobias Brunner2012-05-241-4/+2
|
* Merge branch 'ikev1'Martin Willi2012-05-021-367/+79
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/encoding/generator.c src/libcharon/encoding/payloads/notify_payload.c src/libcharon/encoding/payloads/notify_payload.h src/libcharon/encoding/payloads/payload.c src/libcharon/network/receiver.c src/libcharon/sa/authenticator.c src/libcharon/sa/authenticator.h src/libcharon/sa/ikev2/tasks/ike_init.c src/libcharon/sa/task_manager.c src/libstrongswan/credentials/auth_cfg.c
| * Merge branch 'ikev1-clean' into ikev1-masterMartin Willi2012-03-201-360/+78
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: configure.in man/ipsec.conf.5.in src/libcharon/daemon.c src/libcharon/plugins/eap_ttls/eap_ttls_peer.c src/libcharon/plugins/eap_radius/eap_radius_accounting.c src/libcharon/plugins/eap_radius/eap_radius_forward.c src/libcharon/plugins/farp/farp_listener.c src/libcharon/sa/ike_sa.c src/libcharon/sa/keymat.c src/libcharon/sa/task_manager.c src/libcharon/sa/trap_manager.c src/libstrongswan/plugins/x509/x509_cert.c src/libstrongswan/utils.h Applied lost changes of moved files keymat.c and task_manager.c. Updated listener_t.message hook signature in new plugins.
| | * Updated ipsec.conf man page for the use of IKEv1 with plutoMartin Willi2012-03-201-332/+73
| | |
| | * Dropped support of deprecated authby=eap and eap= optionsMartin Willi2012-03-201-33/+4
| | |
* | | updated supported EAP methodsAndreas Steffen2012-03-301-5/+14
|/ /
* | Added ASN debug group to log low-level encoding/decoding (ASN.1, X.509).Tobias Brunner2011-12-161-1/+1
| | | | | | | | | | This will allow us to remove quite some clutter from the LIB debug group for higher debug levels.
* | Charon also supports type=passthrough|drop.Tobias Brunner2011-12-141-6/+0
| |
* | Documented xauth_identity in ipsec.conf(5) man page.Tobias Brunner2011-12-141-3/+7
|/
* Documented the strict flag (!) for ike and esp options in ipsec.conf.Tobias Brunner2011-09-261-8/+38
|
* PTS log group documented in man pages.Tobias Brunner2011-09-121-1/+1
|
* Document charon's default log levels in ipsec.conf(5).Tobias Brunner2011-09-121-4/+6
|
* Fixed common misspellings.Tobias Brunner2011-07-201-2/+2
| | | | Mostly found by 'codespell'.
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 20:15:58 +0000