Project

General

Profile

Actions
Copy link

Bug #5782

closed

ike.config(4) needs additional oakley_group numbers

Added by Eric Sproul almost 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Eric Sproul
Category:
-
Start date:
2015-04-02
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage
Gerrit CR:

Description

While setting up a new IPsec tunnel, I noticed that the documented oakley_group numbers in ike.config(4) are not the only ones supported. We appear to support some or all of the additional numbers from RFC 5114, section 3.2 (I used 21). The man page should be enhanced to list the additional group numbers that we support.

Actions
Copy link
 #1

Updated by Dan McDonald almost 7 years ago

The ikedoor.h file has the values we support: http://src.illumos.org/source/xref/illumos-gate/usr/src/lib/libipsecutil/common/ikedoor.h. Look for IKE_GRP_DESC_*.

Actions
Copy link
 #2

Updated by Eric Sproul almost 7 years ago

  • Status changed from New to Feedback
  • Assignee set to Eric Sproul
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Electric Monk almost 7 years ago

  • Status changed from Feedback to Closed

git commit 808449d51f6ccd25ce8ca4ff2e7cb4302ad9b574

commit  808449d51f6ccd25ce8ca4ff2e7cb4302ad9b574
Author: Eric Sproul <eric.sproul@circonus.com>
Date:   2015-04-07T16:15:51.000Z

    5782 ike.config(4) needs additional oakley_group numbers
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Reviewed by: Bayard Bell <buffer.g.overflow@gmail.com>
    Approved by: Robert Mustacchi <rm@joyent.com>

Actions
Copy link

Also available in: Atom PDF