table fix;

Document which crypto transforms are enabled by default.

Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.
They can be configured with the new ikesa enc options aes-128-gcm,
aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.

Tested with Strongswan by

Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.
They can be configured with the new ikesa enc options aes-128-gcm,
aes-256-gcm, aes-128-gcm-12 and aes-256-gcm-12.

Tested with Strongswan by Stephan Mendling and myself
Tested with Juniper SRX by remi@
ok sthen@, patrick@

show more ...

Clarify global 'set active' and 'set passive' options and how they
interact with the per-policy active/passive options.

ok kn@

Remove support for insecure EC2N groups. Clarify which Diffie-Hellman
groups are not recommended to use and are only supported for backwards
compatibility.

Feedback from sthen@
ok kn@

Add curve25519 IANA group number.

ce examples of "Ar arg Ar arg" with "Ar arg arg" and stop the spread;

Add support for switching rdomain on IPsec encryption/decryption.
It can be configured per policy with the new 'rdomain' option
(see iked.conf(5)).
Only the unencrypted (inner) rdomain has to be conf

Add support for switching rdomain on IPsec encryption/decryption.
It can be configured per policy with the new 'rdomain' option
(see iked.conf(5)).
Only the unencrypted (inner) rdomain has to be configured, the
encrypted rdomain is always the one the responsible iked instance
is running in.

The configured rdomain must exist before iked activates the IPsec SAs,
otherwise pfkey will return an error.

ok markus@, patrick@

show more ...

Add transport mode for child SAs. This is useful for GRE over IPsec and
similar settings to prevent double encapsulation.

ok kn@

Quote variables in pf tag strings

Macros are expanded by the parser at parse time, whereas variables are
read as ordinary strings and left unmodified; hence, quoted `"$domain"'
gets passed to the d

Quote variables in pf tag strings

Macros are expanded by the parser at parse time, whereas variables are
read as ordinary strings and left unmodified; hence, quoted `"$domain"'
gets passed to the daemon as is, which substitutes proper values before
passing it to the kernel. `$domain' without quotes never makes it to
the daemon, that is with `domain = foo' somewhere else "foo" is being
eventually passed unmodified to the kernel.

jmc prompted for a proper explanation and provided the final wording.

OK tobhe jmc

show more ...

briefly mention /etc/examples/ in the FILES section of all the
manual pages that document the corresponding configuration files;
OK jmc@, and general direction discussed with many

Explain how ipcomp can be enabled.

ok reyk@

fix a formatting warning;

Add configuration options to explicitly specify ESN support for child SAs.
The default behaviour remains unchanged.

ok mikeb@ bluhm@

Clarify "protected-subnet" option.

Explain the use of the option (according to the RFC) and make clear it is
not usually needed for subnets specified in "from" and "to" options.

ok sthen@

Add explanation for the [IKE/ESP only] column of the transform table.

Ok kn@

Add support for IKEv2 Message Fragmentation as defined in RFC 7383.

ok sthen@

When curve25519 was added to iked, it was based on the internet-draft and
used a private-use group number. Switch to the group number assigned in
RFC8031 as used in other implementations.

"this is t

When curve25519 was added to iked, it was based on the internet-draft and
used a private-use group number. Switch to the group number assigned in
RFC8031 as used in other implementations.

"this is the right time" deraadt@ "I like the idea" reyk@


If you use iked<>iked and have configured curve25519 in iked.conf (this
is not the default), you can switch to another PFS group before updating
then switch back. OpenBSD 6.3+ allows multiple "ikesa" lines so the
initiator can choose which to use.

show more ...

Add support for specifying multiple transforms within a single proposal.
This gives us more flexibilty for negotiating with other IKEv2 setups.

Tested by and ok sthen@

Implement support for specifying multiple proposals. This means we can
have a higher flexibility in negotiating with other peers, or even ease
migration from one proposal to a more secure one.

ok s

Implement support for specifying multiple proposals. This means we can
have a higher flexibility in negotiating with other peers, or even ease
migration from one proposal to a more secure one.

ok sthen@

show more ...

Implement MOBIKE (RFC 4555) support in iked(8), with us acting as
responder. In practice this support means that clients like iPhones
can roam in different networks (LTE, WiFi) and change their exte

Implement MOBIKE (RFC 4555) support in iked(8), with us acting as
responder. In practice this support means that clients like iPhones
can roam in different networks (LTE, WiFi) and change their external
addresses without having to re-do the whole handshake. It allows the
client to choose how and when to change the external tunnel endpoint
addresses on demand, depending on which network is better or even is
connected at all.

ok sthen@
tweaks from jmc@
tested by a handful

show more ...

Expand $eapid in iked tags, allowing PF rules to be written based on EAP
identity (username). OK mikeb@

correct verb pattern;

Add support for RFC4754 (ECDSA) and RFC7427 authentication.

These modes provide stronger and more flexible ways for
authentication: while RSA public key auth relies on SHA-1 hashes, the
news modes u

Add support for RFC4754 (ECDSA) and RFC7427 authentication.

These modes provide stronger and more flexible ways for
authentication: while RSA public key auth relies on SHA-1 hashes, the
news modes use SHA2-256 and up to SHA2-512 hashes.

Original diff from markus@ with patches from mikeb@ and me.

OK mikeb@ patrick@

show more ...

Clarify iked.conf(5) manpage in regards to IP compression.

ok markus@ reyk@