artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 88dbeb6) | patch
Add iked support for route based sec(4) tunnels.
authortobhe <tobhe@openbsd.org>
Fri, 11 Aug 2023 11:24:55 +0000 (11:24 +0000)
committertobhe <tobhe@openbsd.org>
Fri, 11 Aug 2023 11:24:55 +0000 (11:24 +0000)
commit1c18b69367c703c733c6898fbefe53a795dd7913
tree50329a3a90e18cc0081b44b62a05bbf2848d0d63tree | snapshot
parent88dbeb6fd6094817c82a7cd285c5a34274957112commit | diff
Add iked support for route based sec(4) tunnels.

To use sec(4) instead of policy based tunnels, create a sec(4)
interface and add 'iface secXX' to your policy config.
sec(4) interfaces also support auto configuration for dynamic client
IPs via 'request any' like all other interfaces.
The config won't work without traffic selectors, 'from any to any'
should work for now but I plan to make this optional in the future.

ok dlg@
sbin/iked/iked.h diff | blob | history
sbin/iked/ikev2.c diff | blob | history
sbin/iked/parse.y diff | blob | history
sbin/iked/pfkey.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim