summaryrefslogtreecommitdiff
path: root/op-mode-definitions/vpn-ipsec.xml.in
AgeCommit message (Collapse)Author
2024-07-17op-mode: T6577: create generic service restart helper to work with the APIChristian Breunig
Right now we have multiple restart helpers (e.g. dhcp server, ssh, ntp) that all do the same (more or less): * Check if service is configured on CLI * Restart if configured * Error out if unconfigured This is not available via the op-mode API. Create a new restart.py op-mode helper that takes the service name and possible VRF as argument so it's also exposed via API. (cherry picked from commit c74ae852152b0c3c3f00a1847d081d28f500e178)
2023-09-05T5423: Fix for op-mode show vpn ike secretsViacheslav Hletenko
We don't use ipsec.secrets anymore Fix op-mode for "show vpn ike secrets". Ability to get "RAW" format
2023-05-04opmode: T5191: replace underscores with hyphens in generated optionsDaniil Baturin
2023-04-14ipsec: T5042: Rewritten 'show vpn ipsec remote-access' commandaapostoliuk
Now 'show vpn ipsec remote-access' shows only IKEv2 Remote access VPN IPSec connections. Added option 'summary' that shows a summary table for these connections. Added option 'detail' that shows only RA SAs output of 'swanctl -l' Added options 'username' and 'connection-id' that filters output. Fixed output 'show vpn ipsec sa detail', the previous was 'show vpn ipsec sa verbose'.
2023-03-30ipsec: T5093: Fixed 'reset vpn ipsec profile' commandaapostoliuk
Fixed 'reset vpn ipsec profile' command using vici library and new op-mode style. Added ability to use 'reset vpn ipsec profile' command with 'remote-host' option.
2023-03-16ipsec: T5043: Rewritten and fixed 'reset vpn' commandsaapostoliuk
1. Rewritten CLI of 'reset vpn' commands. 2. Created 'reset vpn ipsec remote-access' commands to reset RA IKEv2 session. 3. Created 'reset vpn ipsec site-to-site all' command to reset all configured IPSec site-to-site peers sessions. 4. Rewritten 'reset vpn l2t|pptp|sstp' commands to new opmode style.
2023-02-24ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici libraryaapostoliuk
1. Changed reset IPSEC, IKE SAs to use vici library. 2. Created package vyos.ipsec to communicate with vici library.
2023-02-14strongSwan: T4593: move to charon-systemdChristian Breunig
2023-02-14ipsec: T4985: Fixed 'reset vpn ipsec-peer {peer}' commandaapostoliuk
Fixed 'reset vpn ipsec-peer {peer}' command. The op-mode script uses value 'None' in the 'tunnel' parameter to clear all CHILD SAs.
2022-11-15T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states. Ability to get --raw data
2022-10-01T4722: consistently use the "IPsec" spelling for IPsecDaniil Baturin
2022-08-04ipsec: T4594: Rewrite op-mode show vpn ipsec saViacheslav Hletenko
Rewrite op-mode "show vpn ipsec sa" to new format Use vyos.opmode format Ability to get raw and formatted output
2022-07-25Merge pull request #1433 from sever-sever/T4568Christian Poessinger
ipsec: T4568: Fix debug IPsec peer op-mode
2022-07-25ipsec: T4568: Fix debug IPsec peerViacheslav Hletenko
Debug Connections for a peer wasn't checked because of typo in var `conns` Replace ':' to '-' for IPv6 peers
2022-07-25IPsec: T4552: Fix reset vpn ipsec peerViacheslav Hletenko
When we use IPv6 peer we need to make a replacement ":" => "-" for correct resetting as it doesn't match get_peer_connections() regex Use new format "vyos.opmode"
2021-08-14op-mode: vpn: use over absolute pathChristian Poessinger
2021-08-14op-mode: combine two "show vpn" definitionsChristian Poessinger
2021-07-07pki: T3642: Migrate rsa-keys to PKI configurationsarthurdev
2021-07-02ipsec: T3656: T3659: Fix pass-through with ipv6. Fix op-mode ipsec commands. ↵sarthurdev
Remove python3-crypto dependency.
2021-06-01ipsec: T2816: XML in op-mode should not contain ' in the help stringChristian Poessinger
2021-05-28ipsec: T2816: IPSec python rework, includes DMVPN and VTI supportSimon