vyos-1x.git - VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git)

Age	Commit message (Collapse)	Author
2021-07-02	ipsec: T2816: adjust Jinja2 template to coding style	Christian Poessinger
	* use indent = 2 * prefer 'if foo.bar is defined' over 'if "bar" in foo'
2021-07-01	Merge branch 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x into pki-cli	Christian Poessinger
	* 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x: pki: ipsec: T3642: Update migration script to account for file permission issues pki: ipsec: T3642: Migrate IPSec to use PKI configuration pki: T3642: New PKI config and management
2021-06-29	pki: ipsec: T3642: Migrate IPSec to use PKI configuration	sarthurdev

2021-06-28	ipsec: T1441: switch from vti to xfrm interfaces	Christian Poessinger
	XFRM interfaces are similar to VTI devices in their basic functionality but offer several advantages: * No tunnel endpoint addresses have to be configured on the interfaces. Compared to VTIs, which are layer 3 tunnel devices with mandatory endpoints, this resolves issues with wildcard addresses (only one VTI with wildcard endpoints is supported), avoids a 1:1 mapping between SAs and interfaces, and easily allows SAs with multiple peers to share the same interface. * Because there are no endpoint addresses, IPv4 and IPv6 SAs are supported on the same interface (VTI devices only support one address family). * IPsec modes other than tunnel are supported (VTI devices only support tunnel mode). * No awkward configuration via GRE keys and XFRM marks. Instead, a new identifier (XFRM interface ID) links policies and SAs with XFRM interfaces.
2021-06-15	ipsec: T2816: T645: T3613: Migrated IPsec to swanctl, includes multiple ↵	sarthurdev
	selectors, and selectors with VTI.
2021-06-12	ipsec: T57: Support disable on peer, tunnel, dmvpn profile	sarthurdev

2021-06-12	ipsec: T1501: T3617: Add handling for missing addresses on boot when using ↵	sarthurdev
	dhcp-interface
2021-06-07	ipsec: T2816: adjust Jinja2 template to common style pattern	Christian Poessinger

2021-05-31	ipsec: T2816: Continued refactor, added proper ipsec-interfaces handling	Simon

2021-05-29	vti: ipsec: T2816: Fix vti-up-down	sarthurdev

2021-05-28	ipsec: T2816: IPSec python rework, includes DMVPN and VTI support	Simon

2020-04-05	ipsec: T2230: move inlined templates to dedicated files	Christian Poessinger

2018-08-05	T71: initial implementation of global IPsec settings.	Daniil Baturin
	Only disable-route-autoinstall (install_routes = yes/no) for now.