| #
b8d79964 |
| 26-Dec-2024 |
sthen <sthen@openbsd.org> |
Print "request" instead of "config" if dumping config when "request XX"
is used. From William Rusnack, ok tobhe@
|
| #
9a836554 |
| 04-Nov-2024 |
dlg <dlg@openbsd.org> |
add a "natt" option that forces negotiation of nat-t (and udpencap).
this is like the -t command line option on iked itself, but you get
to keep the ike listener on port 500 and you can enable this
add a "natt" option that forces negotiation of nat-t (and udpencap).
this is like the -t command line option on iked itself, but you get
to keep the ike listener on port 500 and you can enable this on
specific policies instead of all of them.
this is useful if you're dealing with an org that can't firewall
ESP traffic well and so you need to force the traffic to be udp
encapsulated even if there's no NAT involved.
ok markus@ tobhe@
show more ...
|
| #
14e2a040 |
| 13-Jun-2023 |
tb <tb@openbsd.org> |
iked: introduce and use print_addr()
The vast majority of print_host() callers cast the first argument
(usually a sockaddr_storage *) to (struct sockaddr *) and pass both
a NULL buffer and 0 length.
iked: introduce and use print_addr()
The vast majority of print_host() callers cast the first argument
(usually a sockaddr_storage *) to (struct sockaddr *) and pass both
a NULL buffer and 0 length. Cast and useless arguments lead to
awkward line wrapping in many places. Clean this up by introducing a
helper. Make this helper take a void pointer, so all casts go away.
ok claudio kn tobhe
show more ...
|
| #
fc3e0ec8 |
| 26-Oct-2021 |
tobhe <tobhe@openbsd.org> |
Make proto config option accept a list to allow specifying multiple
protocols for a single policy, e.g. "proto { ipencap, ipv6 }".
feedback and ok benno@
ok patrick@
|
| #
0ec391d6 |
| 21-Mar-2021 |
tobhe <tobhe@openbsd.org> |
The tag comes after iface in iked.conf(5).
|
| #
97ca1c62 |
| 05-Mar-2021 |
tobhe <tobhe@openbsd.org> |
Move policy printing code from parse.y to new print.c
ok patrick@
|