summaryrefslogtreecommitdiff
path: root/src/op_mode/ipsec.py
AgeCommit message (Collapse)Author
2024-07-31ipsec: T6148: Removed unused imports (#3915)aapostoliuk
Removed unused pprint module (cherry picked from commit cb1834742f4ed01d99d6396af8339dd59788ef65)
2024-07-31ipsec: T6148: Fixed reset command by adding init after terminating (#3763) ↵mergify[bot]
(#3909) Strongswan does not initiate session after termination via vici. Added an CHILD SAs initialization on the initiator side of the tunnel. (cherry picked from commit 8838b29180ccc26d2aca0c22c9c8ca5e274825b2) Co-authored-by: aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>
2023-09-08T5423: Fix for op-mode show vpn ike secretsViacheslav Hletenko
We don't use ipsec.secrets anymore Fix op-mode for "show vpn ike secrets". Ability to get "RAW" format (cherry picked from commit 97326920e2907bdb545853887dc54c6a02b76f28)
2023-07-15T5195: vyos.util -> vyos.utils package refactoring part #2Christian Breunig
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-05-28ipsec: T5042: fix remote-access "Tunnel IP" columnChristian Breunig
Connection ID Username Protocol State Uptime Tunnel IP --------------- ---------- ---------- ------- -------- ----------------- 27 cpo IKEv2 UP 11s ['172.16.222.17'] "Tunnel IP" should be a string over list.
2023-04-14ipsec: T5042: Rewritten 'show vpn ipsec remote-access' commandaapostoliuk
Now 'show vpn ipsec remote-access' shows only IKEv2 Remote access VPN IPSec connections. Added option 'summary' that shows a summary table for these connections. Added option 'detail' that shows only RA SAs output of 'swanctl -l' Added options 'username' and 'connection-id' that filters output. Fixed output 'show vpn ipsec sa detail', the previous was 'show vpn ipsec sa verbose'.
2023-03-30ipsec: T5093: Fixed 'reset vpn ipsec profile' commandaapostoliuk
Fixed 'reset vpn ipsec profile' command using vici library and new op-mode style. Added ability to use 'reset vpn ipsec profile' command with 'remote-host' option.
2023-03-16ipsec: T5043: Rewritten and fixed 'reset vpn' commandsaapostoliuk
1. Rewritten CLI of 'reset vpn' commands. 2. Created 'reset vpn ipsec remote-access' commands to reset RA IKEv2 session. 3. Created 'reset vpn ipsec site-to-site all' command to reset all configured IPSec site-to-site peers sessions. 4. Rewritten 'reset vpn l2t|pptp|sstp' commands to new opmode style.
2023-02-24ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici libraryaapostoliuk
1. Changed reset IPSEC, IKE SAs to use vici library. 2. Created package vyos.ipsec to communicate with vici library.
2023-02-14ipsec: T4985: Fixed 'reset vpn ipsec-peer {peer}' commandaapostoliuk
Fixed 'reset vpn ipsec-peer {peer}' command. The op-mode script uses value 'None' in the 'tunnel' parameter to clear all CHILD SAs.
2023-01-10T4906: Fix show vpn ipsec connections dataViacheslav Hletenko
We get incorrect data when shows connections As we get list of all connections we should compare the connection name with entries in list and set correct data if they match
2022-11-20IPsec: T4829: use type hint Optional for arg tunnel in reset_peerJohn Estabrook
2022-11-20IPsec: T4829: add missing import TimeoutExpiredJohn Estabrook
2022-11-20Merge pull request #1657 from sever-sever/T4812Daniil Baturin
T4812: Add op-mode Show vpn ipsec connections
2022-11-18IPsec: T4828: raise op-mode error on incorrect valueJohn Estabrook
2022-11-15T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states. Ability to get --raw data
2022-10-27ipsec: T4778: raise UnconfiguredSubsystem if IPsec not initializedJohn Estabrook
2022-10-14T4725: Fix Regex for correctly reset IPsec peersViacheslav Hletenko
As IPsec site-so-site was rewritten we do not need replace ':' => '-' as ':' can not be in the connection name So connection name can not use IP(v6) address as peer name And current peers/connections not required prefix 'peer_' Fix template that search correctly connection name of the peers that allow to reset them again (reset ipsec peer was broken)
2022-08-25Merge pull request #1458 from sever-sever/T4594Christian Poessinger
ipsec: T4594: Rewrite op-mode 'show vpn ipsec sa' to the new format
2022-08-04T2719: add an exception hierarchy for op mode errorsDaniil Baturin
2022-08-04ipsec: T4594: Rewrite op-mode show vpn ipsec saViacheslav Hletenko
Rewrite op-mode "show vpn ipsec sa" to new format Use vyos.opmode format Ability to get raw and formatted output
2022-07-25IPsec: T4552: Fix reset vpn ipsec peerViacheslav Hletenko
When we use IPv6 peer we need to make a replacement ":" => "-" for correct resetting as it doesn't match get_peer_connections() regex Use new format "vyos.opmode"