summaryrefslogtreecommitdiff
path: root/src/op_mode/ipsec.py
AgeCommit message (Collapse)Author
2023-04-14ipsec: T5042: Rewritten 'show vpn ipsec remote-access' commandaapostoliuk
Now 'show vpn ipsec remote-access' shows only IKEv2 Remote access VPN IPSec connections. Added option 'summary' that shows a summary table for these connections. Added option 'detail' that shows only RA SAs output of 'swanctl -l' Added options 'username' and 'connection-id' that filters output. Fixed output 'show vpn ipsec sa detail', the previous was 'show vpn ipsec sa verbose'.
2023-03-30ipsec: T5093: Fixed 'reset vpn ipsec profile' commandaapostoliuk
Fixed 'reset vpn ipsec profile' command using vici library and new op-mode style. Added ability to use 'reset vpn ipsec profile' command with 'remote-host' option.
2023-03-16ipsec: T5043: Rewritten and fixed 'reset vpn' commandsaapostoliuk
1. Rewritten CLI of 'reset vpn' commands. 2. Created 'reset vpn ipsec remote-access' commands to reset RA IKEv2 session. 3. Created 'reset vpn ipsec site-to-site all' command to reset all configured IPSec site-to-site peers sessions. 4. Rewritten 'reset vpn l2t|pptp|sstp' commands to new opmode style.
2023-02-24ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici libraryaapostoliuk
1. Changed reset IPSEC, IKE SAs to use vici library. 2. Created package vyos.ipsec to communicate with vici library.
2023-02-14ipsec: T4985: Fixed 'reset vpn ipsec-peer {peer}' commandaapostoliuk
Fixed 'reset vpn ipsec-peer {peer}' command. The op-mode script uses value 'None' in the 'tunnel' parameter to clear all CHILD SAs.
2023-01-10T4906: Fix show vpn ipsec connections dataViacheslav Hletenko
We get incorrect data when shows connections As we get list of all connections we should compare the connection name with entries in list and set correct data if they match
2022-11-20IPsec: T4829: use type hint Optional for arg tunnel in reset_peerJohn Estabrook
2022-11-20IPsec: T4829: add missing import TimeoutExpiredJohn Estabrook
2022-11-20Merge pull request #1657 from sever-sever/T4812Daniil Baturin
T4812: Add op-mode Show vpn ipsec connections
2022-11-18IPsec: T4828: raise op-mode error on incorrect valueJohn Estabrook
2022-11-15T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states. Ability to get --raw data
2022-10-27ipsec: T4778: raise UnconfiguredSubsystem if IPsec not initializedJohn Estabrook
2022-10-14T4725: Fix Regex for correctly reset IPsec peersViacheslav Hletenko
As IPsec site-so-site was rewritten we do not need replace ':' => '-' as ':' can not be in the connection name So connection name can not use IP(v6) address as peer name And current peers/connections not required prefix 'peer_' Fix template that search correctly connection name of the peers that allow to reset them again (reset ipsec peer was broken)
2022-08-25Merge pull request #1458 from sever-sever/T4594Christian Poessinger
ipsec: T4594: Rewrite op-mode 'show vpn ipsec sa' to the new format
2022-08-04T2719: add an exception hierarchy for op mode errorsDaniil Baturin
2022-08-04ipsec: T4594: Rewrite op-mode show vpn ipsec saViacheslav Hletenko
Rewrite op-mode "show vpn ipsec sa" to new format Use vyos.opmode format Ability to get raw and formatted output
2022-07-25IPsec: T4552: Fix reset vpn ipsec peerViacheslav Hletenko
When we use IPv6 peer we need to make a replacement ":" => "-" for correct resetting as it doesn't match get_peer_connections() regex Use new format "vyos.opmode"