veeos-1x.git/data/templates/ipsec/swanctl/peer.tmpl, branch current VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos-contrib/veeos-1x.git) https://git.amelek.net/vyos-contrib/veeos-1x.git/atom?h=current 2022-05-01T17:44:52+00:00 ipsec: T4353: fix Jinja2 linting errors 2022-05-01T17:44:52+00:00 Christian Poessinger christian@poessinger.com 2022-05-01T17:44:52+00:00 urn:sha1:49b1afc25b73d9c5daae1c76edb88aab42afa83e vpn-ipsec: T4398: Fix unexpected passthrough policy for peer 2022-04-25T20:59:45+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-04-25T20:59:45+00:00 urn:sha1:408917a0e619286c1cc1e74bde6cd8f257d5aeb9 Set default passtrough list to None to prevent unexpected policy for peers with not overplapped local and remote prefixes ipsec: T4333: migrate to new vyos_defined Jinja2 test 2022-04-13T20:51:42+00:00 Christian Poessinger christian@poessinger.com 2022-04-13T20:51:42+00:00 urn:sha1:e8a637eec0cc398f78a877ece6b9c7cdca418970 ike-group: T4288 : close-action is missing in swanctl.conf 2022-03-24T16:00:11+00:00 srividya0208 a.srividya@vyos.io 2022-03-18T12:39:14+00:00 urn:sha1:78a4676f787e5e37f67afd5c2453ce06e3f0f9e9 close-action parameter is missing in the swanctl.conf file Merge pull request #1230 from sever-sever/T1856 2022-02-22T06:55:41+00:00 Christian Poessinger christian@poessinger.com 2022-02-22T06:55:41+00:00 urn:sha1:78f4a0776feef885f277939c498a3efbbebe2071 ipsec: T1856: Ability to set SA life bytes and packets ipsec: T3948: Add CLI site-to-site peer connection-type none 2022-02-20T20:32:06+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-02-20T20:32:06+00:00 urn:sha1:4ec6262629393bd8a88951970c367a5cc3d57a42 set vpn ipsec site-to-site peer 192.0.2.14 connection-type none ipsec: T1856: Ability to set SA life bytes and packets 2022-02-20T19:02:26+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-02-20T18:30:44+00:00 urn:sha1:6bf5a0b0dd489a480dce6030e1c61d29e77fa107 set vpn ipsec esp-group grp-ESP life-bytes '100000' set vpn ipsec esp-group grp-ESP life-packets '2000000' vpn: T4254: Add cisco_flexvpn and install_virtual_ip_on options 2022-02-19T16:50:29+00:00 Viacheslav Hletenko v.gletenko@vyos.i 2022-02-17T21:18:37+00:00 urn:sha1:f6c2b5e4762e7713c5868bebf8e482ce732e3302 Ability to set Cisco FlexVPN vendor ID payload: charon.cisco_flexvpn charon.install_virtual_ip_on swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z set vpn ipsec options flexvpn set vpn ipsec options virtual-ip set vpn ipsec options interface tunX set vpn ipsec site-to-site peer x.x.x.x virtual-address x.x.x.x ipsec: T4126: Ability to set priorities for installed policy 2021-12-31T14:52:18+00:00 Viacheslav v.gletenko@vyos.io 2021-12-31T14:52:18+00:00 urn:sha1:78494fe6de5372939e05dd65b01acd3e786b5602 Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable ipsec: T4111: Fix for swanctl configuration IPV6 peers 2021-12-28T11:45:37+00:00 Viacheslav v.gletenko@vyos.io 2021-12-28T11:45:37+00:00 urn:sha1:5e05bfe790035f7d53dede8d76bccb089a186864 Peer name must not contain dots and colons, otherwise swanct can't generate correct configuration for swanctl.conf This is used in connection names and child SA names Add filter 'dot_colon_to_dash' which replace dots and colons