vyatta-cfg-vpn.git - Vyatta VPN configuration (mirror of https://github.com/vyos/vyatta-cfg-vpn.git)

Age	Commit message (Collapse)	Author
2016-03-23	load swanctl configuration on ipsec start	UnicronNL

2016-03-16	use 'dh-group' for first ike proposal	UnicronNL
	enable config for dead peer detection
2016-03-08	add secret from config to swanctl.conf	UnicronNL

2016-03-07	add dependencies needed for dmvpn configuration	Kim Hagen

2016-02-25	add libcrypt-openssl-rsa-perl dependency	Kim Hagen

2016-02-24	First version of new dmvpn script rewrite.	Kim Hagen

2016-02-24	remove reference to dmvpn.secrets and chang dmvpn.conf to swanctl.conf	Kim Hagen

2016-02-23	Update vpn check file from "charon.ctl" to "charon.pid".	Kim Hagen

2016-02-11	Update the changelog.	Daniil Baturin

2016-02-11	Merge branch 'lithium-strongswan5' of ↵	Daniil Baturin
	https://github.com/TriJetScud/vyatta-cfg-vpn into current
2016-02-11	Revert "Remove charonstart an interfaces from ipsec.conf file, they are ↵	Kim Hagen
	depricated." This reverts commit fbddff7f2b6b485c93b5d3cf4d60a75f84c3a2b6.
2016-02-11	Revert "Set default pfs and ike dh group. (required by strongswan charon)"	Kim Hagen
	This reverts commit 8353f0f8fc746c69d6006e5bba9baf45afe16385.
2016-02-11	Set default pfs and ike dh group. (required by strongswan charon)	Kim Hagen

2016-02-11	Remove charonstart an interfaces from ipsec.conf file, they are depricated.	Kim Hagen

2016-02-09	Merge branch 'current' of github.com:vyos/vyatta-cfg-vpn into current	Kim Hagen

2016-02-09	Use dhcp instead of dhcp3.	Kim Hagen

2016-01-29	vyatta-cfg-vpn: Properly implement force-encapsulation and fix descriptions	Jeff Leung

2016-01-25	0.12.105+vyos2+current2debian/0.12.105+vyos2+current2	Daniil Baturin

2016-01-25	Remove dependency on vyatta-ipsec for migration to upstream strongswan.	Daniil Baturin
	Update standards version and description.
2016-01-24	0.12.105+vyos2+current1debian/0.12.105+vyos2+current1	Kim Hagen

2015-12-16	Fix build depends.	Thomas Jepp

2015-12-06	Merge branch 'lithium' into lithium-strongswan5	Jeff Leung
	Conflicts: templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def Get the GCM and ChaCha20+Poly1305 ciphers to play nice with each other
2015-12-05	vyatta-cfg-vpn: validate peer address for vti based vpn connections	Alex Harpin
	Validate the peer address used for VTI based VPN connections to ensure only either an IPv4 or IPv6 address is used. Currently VTIs can only accept these for peer addresses, other values will fail with extraneous error messages, trap these earlier in the configuation commit process for now. Bug #359 http://bugzilla.vyos.net/show_bug.cgi?id=359
2015-12-05	vyatta-cfg-vpn: validate local address for vti based vpn connections	Alex Harpin
	Validate the local address used for VTI based VPN connections to ensure only either an IPv4 or IPv6 address is used. Currently VTIs can only accept these for local addresses, other values will fail with extraneous error messages, trap these earlier in the configuation commit process for now. Bug #213 http://bugzilla.vyos.net/show_bug.cgi?id=213
2015-12-05	vyatta-cfg-vpn: vti interfaces remain link down after ipsec sa renewal	Alex Harpin
	VTI interfaces can remain link down after IPSec SA expiry and renewal, leaving the actual IPSec tunnel up and active but the route relating to this VTI interface absent from the routing table; with the end result of no traffic passing through it without manual intervention. Earlier fixes for this issue in both bug #183 and bug #291 fixed one issue but introduced another, this commit fixes both scenarios. Bug #568 http://bugzilla.vyos.net/show_bug.cgi?id=568
2015-12-05	vyatta-cfg-vpn: further tidy up of vyatta-vti-config.pl	Alex Harpin
	Remove old comments and other minor tidying up / rearranging of scripts/vyatta-vti-config.pl
2015-12-05	vyatta-cfg-vpn: formatting changes for style consistency	Alex Harpin
	Perltidy run on scripts/vyatta-vti-config.pl to have consistent identation levels and style throughout.
2015-12-05	Bug #469: add options for AES-128/256-GCM mode.	Daniil Baturin

2015-12-05	Move execution of nhrp script to "end" of ipsec config so it executes on all ↵	Kim Hagen
	changes made to the ipsec config
2015-12-05	Add ChaCha20 Poly1305 cipher as an available cipher for IKE exchanges.	Jeff Leung
	Starting with strongSwan 5.3.3, chacha20poly1305 is a supported cipher for IKE and ESP configurations with an IKEv2 configuration.
2015-11-04	Whitespace fixes	Jeff Leung

2015-11-04	Allow the user to include a custom ipsec.secrets file.	Jeff Leung
	This may be useful for scenarios where a user prefers to use an ECDSA key or implement an xauth IPSec RA server without having to code for the VyOS/EdgeOS platform.
2015-11-04	Actually implement custom ipsec.conf files	Jeff Leung

2015-06-28	0.12.105+vyos2+lithium17debian/0.12.105+vyos2+lithium17	Alex Harpin

2015-06-26	vyatta-cfg-vpn: validate local address for vti based vpn connections	Alex Harpin
	Validate the local address used for VTI based VPN connections to ensure only either an IPv4 or IPv6 address is used. Currently VTIs can only accept these for local addresses, other values will fail with extraneous error messages, trap these earlier in the configuation commit process for now. Bug #213 http://bugzilla.vyos.net/show_bug.cgi?id=213
2015-06-26	0.12.105+vyos2+lithium16debian/0.12.105+vyos2+lithium16	Alex Harpin

2015-06-22	vyatta-cfg-vpn: validate peer address for vti based vpn connections	Alex Harpin
	Validate the peer address used for VTI based VPN connections to ensure only either an IPv4 or IPv6 address is used. Currently VTIs can only accept these for peer addresses, other values will fail with extraneous error messages, trap these earlier in the configuation commit process for now. Bug #359 http://bugzilla.vyos.net/show_bug.cgi?id=359
2015-06-18	0.12.105+vyos2+lithium15debian/0.12.105+vyos2+lithium15	Alex Harpin

2015-06-18	vyatta-cfg-vpn: vti interfaces remain link down after ipsec sa renewal	Alex Harpin
	VTI interfaces can remain link down after IPSec SA expiry and renewal, leaving the actual IPSec tunnel up and active but the route relating to this VTI interface absent from the routing table; with the end result of no traffic passing through it without manual intervention. Earlier fixes for this issue in both bug #183 and bug #291 fixed one issue but introduced another, this commit fixes both scenarios. Bug #568 http://bugzilla.vyos.net/show_bug.cgi?id=568
2015-06-17	vyatta-cfg-vpn: further tidy up of vyatta-vti-config.pl	Alex Harpin
	Remove old comments and other minor tidying up / rearranging of scripts/vyatta-vti-config.pl
2015-06-17	vyatta-cfg-vpn: formatting changes for style consistency	Alex Harpin
	Perltidy run on scripts/vyatta-vti-config.pl to have consistent identation levels and style throughout.
2015-06-16	0.12.105+vyos2+lithium14debian/0.12.105+vyos2+lithium14	Alex Harpin

2015-06-16	vyatta-cfg-vpn: update dh_gencontrol with new development build flag	Alex Harpin

2015-06-14	0.12.105+vyos2+lithium13debian/0.12.105+vyos2+lithium13	Daniil Baturin

2015-06-14	Bug #504: add an option for pulling IPsec local id from the cert.	Daniil Baturin

2015-06-09	Merge pull request #1 from ryanriske/lithium-strongswan5-rsa	Jeff Leung
	Update support for RSA keys with strongSwan 5.2.x
2015-05-04	0.12.105+vyos2+lithium12debian/0.12.105+vyos2+lithium12	Daniil Baturin

2015-05-04	Bug #469: add options for AES-128/256-GCM mode.	Daniil Baturin

2015-04-02	0.12.105+vyos2+lithium11debian/0.12.105+vyos2+lithium11	Alex Harpin

2015-03-02	Fix ipsec.secrets generation for PEM-formatted RSA key.	Ryan Riske