#
1.22 |
|
28-May-2021 |
tobhe |
Add experimental post-quantum hybrid key exchange method based on Streamlined NTRU Prime (coupled with X25519).
The sntrup761 implementation is imported from OpenSSH. It is public domain code originally distributed as part of the SUPERCOP cryptography benchmark suite (https://bench.cr.yp.to/supercop.html).
The method is not part of the default proposal, but can be enabled with 'ikesa group sntrup761x25519'.
ok markus@ patrick@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.21 |
|
05-Mar-2021 |
tobhe |
Move policy printing code from parse.y to new print.c
ok patrick@
|
#
1.20 |
|
04-Mar-2021 |
tobhe |
Remove -g from CFLAGS. This was accidentally added with the last commit.
|
#
1.19 |
|
04-Mar-2021 |
tobhe |
Derive config netmask from address pool if not explicitly configured.
ok markus@
|
#
1.18 |
|
13-Feb-2021 |
tobhe |
Add dynamic address configuration for roadwarrior clients. The new 'iface' config option can be used to specify an interface for the virtual addresses received from the peer. Routes are automatically added based on the configured flows.
Input from sthen@ and claudio@ ok patrick@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.17 |
|
19-Jul-2017 |
espie |
more depends gc / yacc rules overhaul
okay millert@
|
#
1.16 |
|
03-Jul-2017 |
espie |
no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing instead of CLEANFILES += y.tab.h
okay millert@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.15 |
|
23-Oct-2015 |
tedu |
push LDSTATIC line down so it's not overridden by makefile.inc. ok reyk
|
#
1.14 |
|
22-Oct-2015 |
reyk |
Stop linking iked -static: It was inherited from isakmpd that is -static for NFS-over-IPsec that might mount the libraries after /usr. The benefit of linking iked dynamic outweighs the historic reason, eg. to get full address space randomization and to benefit from libcrypto updates, so we turn it into a dynamic binary.
OK deraadt@ naddy@
|
#
1.13 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.12 |
|
27-Aug-2014 |
reyk |
Add support for Curve25519 using the public domain code that is found in OpenSSH. The "private use" DH group 1034 is based on the value that was picked by strongswan recently.
OK mikeb@ markus@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.11 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.10 |
|
18-Jan-2014 |
martynas |
Remove -Wbounded: it is now the compiler default.
|
#
1.9 |
|
14-Nov-2013 |
markus |
not need to specify OBJDIR; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
25-Sep-2012 |
brad |
Correct DPADD to not list libssl which is not used by iked.
ok sthen@ mikeb@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
22-Dec-2010 |
reyk |
split util.c into two files: imsg_util.c for ibuf/imsg stuff and util for everything else. we might need to include util.c in ikectl later.
sure mikeb@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.5 |
|
11-Jun-2010 |
reyk |
add some infrastructure to support timers and initiator mode later.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.2 |
|
03-Jun-2010 |
reyk |
remove my BINDIR override, pointed out by deraadt@
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.21 |
|
05-Mar-2021 |
tobhe |
Move policy printing code from parse.y to new print.c
ok patrick@
|
#
1.20 |
|
04-Mar-2021 |
tobhe |
Remove -g from CFLAGS. This was accidentally added with the last commit.
|
#
1.19 |
|
04-Mar-2021 |
tobhe |
Derive config netmask from address pool if not explicitly configured.
ok markus@
|
#
1.18 |
|
13-Feb-2021 |
tobhe |
Add dynamic address configuration for roadwarrior clients. The new 'iface' config option can be used to specify an interface for the virtual addresses received from the peer. Routes are automatically added based on the configured flows.
Input from sthen@ and claudio@ ok patrick@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.17 |
|
19-Jul-2017 |
espie |
more depends gc / yacc rules overhaul
okay millert@
|
#
1.16 |
|
03-Jul-2017 |
espie |
no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing instead of CLEANFILES += y.tab.h
okay millert@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.15 |
|
23-Oct-2015 |
tedu |
push LDSTATIC line down so it's not overridden by makefile.inc. ok reyk
|
#
1.14 |
|
22-Oct-2015 |
reyk |
Stop linking iked -static: It was inherited from isakmpd that is -static for NFS-over-IPsec that might mount the libraries after /usr. The benefit of linking iked dynamic outweighs the historic reason, eg. to get full address space randomization and to benefit from libcrypto updates, so we turn it into a dynamic binary.
OK deraadt@ naddy@
|
#
1.13 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.12 |
|
27-Aug-2014 |
reyk |
Add support for Curve25519 using the public domain code that is found in OpenSSH. The "private use" DH group 1034 is based on the value that was picked by strongswan recently.
OK mikeb@ markus@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.11 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.10 |
|
18-Jan-2014 |
martynas |
Remove -Wbounded: it is now the compiler default.
|
#
1.9 |
|
14-Nov-2013 |
markus |
not need to specify OBJDIR; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
25-Sep-2012 |
brad |
Correct DPADD to not list libssl which is not used by iked.
ok sthen@ mikeb@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
22-Dec-2010 |
reyk |
split util.c into two files: imsg_util.c for ibuf/imsg stuff and util for everything else. we might need to include util.c in ikectl later.
sure mikeb@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.5 |
|
11-Jun-2010 |
reyk |
add some infrastructure to support timers and initiator mode later.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.2 |
|
03-Jun-2010 |
reyk |
remove my BINDIR override, pointed out by deraadt@
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.20 |
|
04-Mar-2021 |
tobhe |
Remove -g from CFLAGS. This was accidentally added with the last commit.
|
#
1.19 |
|
04-Mar-2021 |
tobhe |
Derive config netmask from address pool if not explicitly configured.
ok markus@
|
#
1.18 |
|
13-Feb-2021 |
tobhe |
Add dynamic address configuration for roadwarrior clients. The new 'iface' config option can be used to specify an interface for the virtual addresses received from the peer. Routes are automatically added based on the configured flows.
Input from sthen@ and claudio@ ok patrick@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.17 |
|
19-Jul-2017 |
espie |
more depends gc / yacc rules overhaul
okay millert@
|
#
1.16 |
|
03-Jul-2017 |
espie |
no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing instead of CLEANFILES += y.tab.h
okay millert@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.15 |
|
23-Oct-2015 |
tedu |
push LDSTATIC line down so it's not overridden by makefile.inc. ok reyk
|
#
1.14 |
|
22-Oct-2015 |
reyk |
Stop linking iked -static: It was inherited from isakmpd that is -static for NFS-over-IPsec that might mount the libraries after /usr. The benefit of linking iked dynamic outweighs the historic reason, eg. to get full address space randomization and to benefit from libcrypto updates, so we turn it into a dynamic binary.
OK deraadt@ naddy@
|
#
1.13 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.12 |
|
27-Aug-2014 |
reyk |
Add support for Curve25519 using the public domain code that is found in OpenSSH. The "private use" DH group 1034 is based on the value that was picked by strongswan recently.
OK mikeb@ markus@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.11 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.10 |
|
18-Jan-2014 |
martynas |
Remove -Wbounded: it is now the compiler default.
|
#
1.9 |
|
14-Nov-2013 |
markus |
not need to specify OBJDIR; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
25-Sep-2012 |
brad |
Correct DPADD to not list libssl which is not used by iked.
ok sthen@ mikeb@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
22-Dec-2010 |
reyk |
split util.c into two files: imsg_util.c for ibuf/imsg stuff and util for everything else. we might need to include util.c in ikectl later.
sure mikeb@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.5 |
|
11-Jun-2010 |
reyk |
add some infrastructure to support timers and initiator mode later.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.2 |
|
03-Jun-2010 |
reyk |
remove my BINDIR override, pointed out by deraadt@
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
#
1.18 |
|
13-Feb-2021 |
tobhe |
Add dynamic address configuration for roadwarrior clients. The new 'iface' config option can be used to specify an interface for the virtual addresses received from the peer. Routes are automatically added based on the configured flows.
Input from sthen@ and claudio@ ok patrick@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE
|
#
1.17 |
|
19-Jul-2017 |
espie |
more depends gc / yacc rules overhaul
okay millert@
|
#
1.16 |
|
03-Jul-2017 |
espie |
no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing instead of CLEANFILES += y.tab.h
okay millert@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.15 |
|
23-Oct-2015 |
tedu |
push LDSTATIC line down so it's not overridden by makefile.inc. ok reyk
|
#
1.14 |
|
22-Oct-2015 |
reyk |
Stop linking iked -static: It was inherited from isakmpd that is -static for NFS-over-IPsec that might mount the libraries after /usr. The benefit of linking iked dynamic outweighs the historic reason, eg. to get full address space randomization and to benefit from libcrypto updates, so we turn it into a dynamic binary.
OK deraadt@ naddy@
|
#
1.13 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.12 |
|
27-Aug-2014 |
reyk |
Add support for Curve25519 using the public domain code that is found in OpenSSH. The "private use" DH group 1034 is based on the value that was picked by strongswan recently.
OK mikeb@ markus@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.11 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.10 |
|
18-Jan-2014 |
martynas |
Remove -Wbounded: it is now the compiler default.
|
#
1.9 |
|
14-Nov-2013 |
markus |
not need to specify OBJDIR; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
25-Sep-2012 |
brad |
Correct DPADD to not list libssl which is not used by iked.
ok sthen@ mikeb@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
22-Dec-2010 |
reyk |
split util.c into two files: imsg_util.c for ibuf/imsg stuff and util for everything else. we might need to include util.c in ikectl later.
sure mikeb@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.5 |
|
11-Jun-2010 |
reyk |
add some infrastructure to support timers and initiator mode later.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.2 |
|
03-Jun-2010 |
reyk |
remove my BINDIR override, pointed out by deraadt@
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.17 |
|
19-Jul-2017 |
espie |
more depends gc / yacc rules overhaul
okay millert@
|
#
1.16 |
|
03-Jul-2017 |
espie |
no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing instead of CLEANFILES += y.tab.h
okay millert@
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE
|
#
1.15 |
|
23-Oct-2015 |
tedu |
push LDSTATIC line down so it's not overridden by makefile.inc. ok reyk
|
#
1.14 |
|
22-Oct-2015 |
reyk |
Stop linking iked -static: It was inherited from isakmpd that is -static for NFS-over-IPsec that might mount the libraries after /usr. The benefit of linking iked dynamic outweighs the historic reason, eg. to get full address space randomization and to benefit from libcrypto updates, so we turn it into a dynamic binary.
OK deraadt@ naddy@
|
#
1.13 |
|
19-Oct-2015 |
reyk |
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs.
OK mikeb@
|
Revision tags: OPENBSD_5_7_BASE OPENBSD_5_8_BASE
|
#
1.12 |
|
27-Aug-2014 |
reyk |
Add support for Curve25519 using the public domain code that is found in OpenSSH. The "private use" DH group 1034 is based on the value that was picked by strongswan recently.
OK mikeb@ markus@
|
Revision tags: OPENBSD_5_5_BASE OPENBSD_5_6_BASE
|
#
1.11 |
|
17-Feb-2014 |
markus |
basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' ok mikeb@
|
#
1.10 |
|
18-Jan-2014 |
martynas |
Remove -Wbounded: it is now the compiler default.
|
#
1.9 |
|
14-Nov-2013 |
markus |
not need to specify OBJDIR; ok mikeb
|
Revision tags: OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.8 |
|
08-Jan-2013 |
reyk |
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
|
#
1.7 |
|
25-Sep-2012 |
brad |
Correct DPADD to not list libssl which is not used by iked.
ok sthen@ mikeb@
|
Revision tags: OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.6 |
|
22-Dec-2010 |
reyk |
split util.c into two files: imsg_util.c for ibuf/imsg stuff and util for everything else. we might need to include util.c in ikectl later.
sure mikeb@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.5 |
|
11-Jun-2010 |
reyk |
add some infrastructure to support timers and initiator mode later.
|
#
1.4 |
|
11-Jun-2010 |
jsg |
tweak the code slightly so we can remove -lssl
ok reyk@
|
#
1.3 |
|
10-Jun-2010 |
reyk |
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
|
#
1.2 |
|
03-Jun-2010 |
reyk |
remove my BINDIR override, pointed out by deraadt@
|
#
1.1 |
|
03-Jun-2010 |
reyk |
Import iked, a new implementation of the IKEv2 protocol.
iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder.
with lots of help and debugging by jsg@ ok deraadt@
|