Name Date Size #Lines LOC

..08-May-2022-

sysdep/openbsd/H08-May-2022-13390

BUGSH A D08-May-20221.8 KiB5332

DESIGN-NOTESH A D08-May-202216 KiB415337

MakefileH A D08-May-20223.5 KiB9338

QUESTIONSH A D08-May-20221.7 KiB3527

READMEH A D08-May-20223.3 KiB6955

TO-DOH A D08-May-20223.6 KiB14678

app.cH A D08-May-20222.1 KiB6621

app.hH A D08-May-20221.7 KiB438

attribute.cH A D08-May-20223.6 KiB11267

attribute.hH A D08-May-20222 KiB4812

cert.cH A D08-May-20224.3 KiB165105

cert.hH A D08-May-20223.7 KiB10240

conf.cH A D08-May-202227.7 KiB1,042811

conf.hH A D08-May-20224 KiB10656

connection.cH A D08-May-202212 KiB451316

connection.hH A D08-May-20222.1 KiB5212

constants.cH A D08-May-20222.8 KiB9855

constants.hH A D08-May-20222 KiB4813

cookie.cH A D08-May-20222.7 KiB7431

cookie.hH A D08-May-20221.7 KiB459

crypto.cH A D08-May-20228.7 KiB333250

crypto.hH A D08-May-20225.1 KiB14279

dh.cH A D19-Apr-202317.6 KiB628522

dh.hH A D08-May-20221.7 KiB6335

dnssec.cH A D08-May-20227.6 KiB291208

dnssec.hH A D08-May-20221.7 KiB4716

doi.cH A D08-May-20221.9 KiB6022

doi.hH A D08-May-20223.8 KiB10055

dpd.cH A D08-May-202210.2 KiB381267

dpd.hH A D08-May-20221.6 KiB4010

exchange.cH A D08-May-202252.4 KiB1,8611,365

exchange.hH A D08-May-20229.1 KiB25597

exchange_num.cstH A D08-May-20221.8 KiB4339

field.cH A D08-May-20226.1 KiB238149

field.hH A D08-May-20222.1 KiB5519

genconstants.shH A D08-May-20222.7 KiB11367

genfields.shH A D08-May-20224.1 KiB184135

hash.cH A D08-May-20224.8 KiB16599

hash.hH A D08-May-20222.7 KiB7735

if.cH A D08-May-20222 KiB6023

if.hH A D08-May-20221.7 KiB448

ike_aggressive.cH A D08-May-20225.2 KiB17896

ike_aggressive.hH A D08-May-20221.7 KiB416

ike_auth.cH A D08-May-202231 KiB1,165953

ike_auth.hH A D08-May-20221.9 KiB4912

ike_main_mode.cH A D08-May-20223.5 KiB12270

ike_main_mode.hH A D08-May-20221.7 KiB416

ike_phase_1.cH A D08-May-202240 KiB1,4341,109

ike_phase_1.hH A D08-May-20222.5 KiB5420

ike_quick_mode.cH A D19-Apr-202358.4 KiB2,0221,567

ike_quick_mode.hH A D08-May-20221.7 KiB416

init.cH A D08-May-20223.6 KiB14262

init.hH A D08-May-20221.6 KiB395

ipsec.cH A D12-Jan-202467.5 KiB2,6312,032

ipsec.hH A D08-May-20225 KiB17293

ipsec_doi.hH A D08-May-20221.8 KiB457

ipsec_fld.fldH A D08-May-20222.4 KiB6155

ipsec_num.cstH A D08-May-20225.6 KiB274247

isakmp.hH A D08-May-20222.4 KiB6519

isakmp_cfg.cH A D08-May-202226.7 KiB980764

isakmp_cfg.hH A D08-May-20221.9 KiB5416

isakmp_doi.cH A D08-May-20227 KiB267189

isakmp_doi.hH A D08-May-20221.6 KiB384

isakmp_fld.fldH A D08-May-20223.7 KiB165142

isakmp_num.cstH A D08-May-20226.3 KiB263246

isakmpd.8H A D08-May-202221 KiB828827

isakmpd.cH A D08-Mar-202311.9 KiB533334

isakmpd.conf.5H A D09-Aug-202337 KiB1,3941,287

isakmpd.policy.5H A D08-May-202222.4 KiB637615

key.cH A D08-May-20224.2 KiB183142

key.hH A D08-May-20221.5 KiB4014

libcrypto.hH A D08-May-20221.8 KiB4711

log.cH A D29-Apr-202416.5 KiB697531

log.hH A D08-May-20223.6 KiB9847

message.cH A D08-May-202272.4 KiB2,5161,857

message.hH A D08-May-20226.4 KiB20875

monitor.cH A D08-Feb-202318.2 KiB885667

monitor.hH A D08-May-20222.4 KiB6731

monitor_fdpass.cH A D08-May-20223.2 KiB12083

nat_traversal.cH A D08-May-202211.5 KiB437305

nat_traversal.hH A D08-May-20222 KiB5621

pf_key_v2.cH A D07-Aug-202388 KiB3,3702,692

pf_key_v2.hH A D08-May-20222.5 KiB6326

policy.cH A D29-Apr-202460 KiB2,3151,920

policy.hH A D08-May-20223 KiB7034

prf.cH A D08-May-20224.3 KiB159100

prf.hH A D08-May-20222.3 KiB5920

sa.cH A D08-May-202234 KiB1,401990

sa.hH A D07-Aug-20239.1 KiB317137

timer.cH A D08-May-20223.9 KiB14195

timer.hH A D08-May-20222.1 KiB5619

transport.cH A D08-May-202211.6 KiB415249

transport.hH A D08-May-20225.3 KiB16252

udp.cH A D08-May-202213.9 KiB546402

udp.hH A D08-May-20221.9 KiB5215

udp_encap.cH A D08-May-202212.3 KiB461335

udp_encap.hH A D08-May-20221.6 KiB376

ui.cH A D08-May-202214.7 KiB642495

ui.hH A D08-May-20221.8 KiB4711

util.cH A D08-May-202213.4 KiB597459

util.hH A D08-May-20222.7 KiB6728

vendor.cH A D08-May-20223.6 KiB140104

vendor.hH A D08-May-20221 KiB278

virtual.cH A D08-May-202219.9 KiB750558

virtual.hH A D08-May-20221.8 KiB4313

x509.cH A D29-Apr-202433.3 KiB1,3831,087

x509.hH A D08-May-20223.4 KiB9241

README

1$OpenBSD: README,v 1.20 2016/09/02 12:17:32 tb Exp $
2$EOM: README,v 1.28 1999/10/10 22:53:24 angelos Exp $
3
4This is isakmpd, a BSD-licensed ISAKMP/Oakley (a.k.a. IKE)
5implementation.  It's written by Niklas Hallqvist and Niels Provos,
6funded by Ericsson Radio Systems AB.  Isakmpd's home is in the
7OpenBSD main source tree under src/sbin/isakmpd.  Look at
8https://www.openbsd.org/ for details on how to get OpenBSD source.
9
10Isakmpd is being developed under OpenBSD, with OpenBSD as its primary
11target, however, it is ported to Linux with FreeS/WAN IPsec.  The
12makefile support assumes a BSD environment nonetheless as it is not too
13hard to get such an environment to work under other operating systems.
14For example, Red Hat 5.2 shipped with pmake installed.  Read sysdep/README
15for further details about this issue.  Other systems isakmpd has been
16ported to, but no code has been made available for, includes Solaris
17and Win32s.  I mention this just because it shows that the code is
18fairly portable.
19
20First edit the Makefile in a manner you see fit.  Specifically the OS
21define is important to get right of course.
22Assuming you have an OpenBSD /usr/share/mk and use the OpenBSD (or
23similar) make(1), you build isakmpd this way:
24
25make obj && make depend && make
26
27Then obj/isakmpd will be the daemon.  I suggest you try it by running
28under gdb with args similar to:
29	-d -n -p5000 -DA=99 -f/tmp/isakmpd.fifo -csamples/VPN-east.conf
30
31That will run isakmpd in the foreground, not connected to any application
32(like an IPsec implementation) logging to stderr with full debugging output,
33listening on UDP port 5000, accepting control commands via the named pipe
34called /tmp/isakmpd.fifo and reading its configuration from the
35VPN-east.conf file (found in the isakmpd/samples directory).
36
37If you are root you can try to run without -n -p5000 thus getting it to
38talk to your IPsec stack and use the standard port 500 instead.
39
40The logging classes are Miscellaneous = 0, Transports = 1, Messages = 2,
41Crypto = 3, Timers = 4, System Dependencies = 5, Security Associations = 6,
42and Exchanges = 7.  The debug levels increase in verbosity from 0 (off) to
4399 (max). Read log.[ch] and ui.c to see how to alter the debugging levels.
44
45Now you have setup your daemon and can watch incoming negotiations.
46But how do you get such?  Either use http://isakmp-test.ssh.fi/,
47there's an excellent service, just waiting for you.  Or you can try to
48start another isakmpd on another port (say -p5001 or so, instead)
49and another fifo (let's say /tmp/other.fifo).  Then edit the config
50file to have some peer descriptions that fit your need and issue a
51command like this:
52
53$ echo "c IPsec-east-west" >/tmp/other.fifo
54
55and watch.  You can turn on debugging on that isakmpd too of course, for
56greater fun.  This rudimentary user interface is slightly described in
57DESIGN-NOTES.  If you are going to look at the config file, don't be scared,
58the man page isakmpd.conf(5) covers every detail, and the flexibility will
59be hidden under a userfriendlier layer in a later release.  I did this
60first config-file syntax just because it should be easy to parse. The man
61page isakmpd.policy(5) describes the policy model used in conjunction with
62KeyNote.
63
64Happy IKEing!
65
66Niklas Hallqvist <niklas@openbsd.org>
67Niels Provos <provos@openbsd.org>
68H�kan Olsson <ho@openbsd.org>
69