vyos-1x.git/data/templates/ipsec/swanctl, branch current VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) https://git.amelek.net/marekm72/vyos-1x.git/atom?h=current 2024-07-27T01:26:30+00:00 T5873: vpn ipsec remote-access: improve child ESP session naming 2024-07-27T01:26:30+00:00 Lucas Christian lucas@lucasec.com 2024-07-07T10:19:02+00:00 urn:sha1:50cf1746d3ab5e3666a3e502c67d7d853ae7f932 T5873: vpn ipsec remote-access: support VTI interfaces 2024-07-22T17:57:45+00:00 Lucas Christian lucas@lucasec.com 2023-12-29T06:26:56+00:00 urn:sha1:4d2c89dcd50d3c158dc76ac5ab843dd66105bc02 T6599: ipsec: support disabling rekey of CHILD_SA. 2024-07-22T09:15:36+00:00 Lucas Christian lucas@lucasec.com 2024-07-21T02:29:14+00:00 urn:sha1:fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections. T6237: IPSec remote access VPN: ability to set EAP ID of clients 2024-04-21T20:59:56+00:00 Alex W embezzle.dev@proton.me 2024-04-21T20:59:56+00:00 urn:sha1:78ea623df20b44309cc6ac9848ed18e97fc4ed03 T5871: ipsec remote access VPN: specify "cacerts" for client auth. 2024-04-12T04:12:34+00:00 Lucas Christian lucas@lucasec.com 2023-12-29T06:08:36+00:00 urn:sha1:ecc83562b4d756cc50910561a3f52ec260aeb478 T5872: re-write exit hook to always regenerate config 2024-03-12T06:08:40+00:00 Lucas Christian lucas@lucasec.com 2024-03-10T18:39:19+00:00 urn:sha1:679b78356cbda4de15f96a7f22d4a98037dbeea4 T5872: fix ipsec dhclient exit hook 2024-03-10T18:40:23+00:00 Lucas Christian lucas@lucasec.com 2024-02-09T06:04:16+00:00 urn:sha1:cd8ef21f280f726955f537132e3fab2bcb3c286f T5872: ipsec remote access VPN: support dhcp-interface. 2024-03-10T18:40:23+00:00 Lucas Christian lucas@lucasec.com 2023-12-29T06:11:26+00:00 urn:sha1:f7834324d3d9edd7e161e7f2f3868452997c9c81 ipsec: T5998: add replay-windows setting 2024-02-03T12:01:02+00:00 Christian Breunig christian@breunig.cc 2024-02-02T19:44:29+00:00 urn:sha1:4d943d8fbf1253154897179b0e3ea2d93b898197 The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040> T5953: Changed values of 'close-action' to Strongswan values 2024-01-17T15:46:38+00:00 aapostoliuk a.apostoliuk@vyos.io 2024-01-17T15:46:38+00:00 urn:sha1:8870fabf1b4358618fca7db459515106653214b5 Changed the value from 'hold' to 'trap' in the 'close-action' option in the IKE group. Changed the value from 'restart' to 'start' in the 'close-action' option in the IKE group.