summaryrefslogtreecommitdiff
path: root/src/migration-scripts/ipsec/9-to-10
AgeCommit message (Collapse)Author
2022-12-19T4879: IPsec migration script remote-id for peer name eq addressViacheslav Hletenko
Migration for "remote-id" where peer is IPv4 or IPv6 address was missed It was only migration if peer starts with "@" It cause that you must manualy set 'remote-id' to get it working correctly replace 'vpn ipsec site-to-site peer 192.0.2.2' => 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'
2022-09-20ipsec: T4118: bugfix migration of IKEv2 road-warrior "id" CLI optionChristian Poessinger
The "authentication id" option for road-warriors did not get migrated to the new local-id CLI node. This has been fixed.
2022-09-19ipsec: T4118: bugfix config migrator 9-to-10Christian Poessinger
When a CLI node is set with a migrator and is not a valueLess node, we need to specify the "value" using the value= operation in config.set(). This fixes the config load error: vyos.configsession.ConfigSessionError: Invalid config file (syntax error): error at line 353
2022-09-16ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peerViacheslav Hletenko
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script