summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-03-16Merge pull request #57 from aapostoliuk/T4925-equuleus1.3.3-epa11.3.3Daniil Baturin
ipsec: T4925: Added PRF into IKE group
2023-03-14ipsec: T4925: Added PRF into IKE groupaapostoliuk
Added the possibility to configure Pseudo-Random Functions (PRF) in IKE group set vpn ipsec ike-group <Ike-grp> proposal <number> prf <PRF> Backport from 1.4
2022-01-07Merge pull request #54 from goodNETnick/equuleus1.3.2Daniil Baturin
IPsec: T4087: increasing the maximum number of IKE proposals
2021-12-29Merge pull request #56 from sever-sever/T2922Daniil Baturin
ipsec: T2922: Fix logLevel set when charon not loaded
2021-12-28ipsec: T2922: Fix logLevel set when charon not loadedViacheslav
LogLevel confiugration modes for ipsec are applied without any check the state of the 'charon' process i.e at this time it tries to apply config to not fully loaded charon process Add checks and timeout for charon process, before executing IPSec logging options and logging modes
2021-12-28IPsec: T4087: increasing the number of proposals allowed for the IKE groupgoodNETnick
2021-12-23Merge pull request #52 from sever-sever/T4092Daniil Baturin
dmvpn: T4092: Add new line after mobike option
2021-12-22dmvpn: T4092: Add new line after mobike optionViacheslav
2021-11-23Merge pull request #51 from goodNETnick/ipsecIKE12Christian Poessinger
IPsec: T4005: IKEv1 + IKEv2 in one ike-group
2021-11-22IPsec: T4005: IKEv1 + IKEv2 in one ike-groupgoodNETnick
2021-09-07Merge pull request #48 from jestabro/T3808Daniil Baturin
ipsec: T3808: add missing exit if 'vpn ipsec' has been deleted
2021-09-06ipsec: T3808: add missing exit if 'vpn ipsec' has been deletedJohn Estabrook
2021-08-09VTI: T1501: VPN Commit Errors (#45)Kim
Add a loop to check for the dhcp ip address so the commit will not fail if the interface was configured in the same config session as the vti interface.
2021-04-04Jenkins: use build library from proper branch "equuleus"Christian Poessinger
2021-01-04Update debian version.Daniil Baturin
2020-12-18Merge pull request #40 from srividya0208/T3131Daniil Baturin
pre-shared-secret: T3131: Fix typo of word secret
2020-12-17pre-shared-secret: T3131: Fix typo of word secretsrividya0208
There is typo in the spelling of "secret" mentioned in detailed information of the pre-shared-secret key in the vpn ipsec site-to-site peer authentication hierarchy.
2020-10-31T3035: allow mixed protocol IPsec (IPv4 over IPv6 and vice versa).Daniil Baturin
2020-09-23Merge pull request #39 from sever-sever/T2916Daniil Baturin
cfg-vpn: T2916: Fix typo for vti interface disable state
2020-09-23cfg-vpn: T2916: Fix typo for vti interface disable statesever-sever
2020-09-22Merge pull request #38 from sever-sever/T2895Daniil Baturin
vfg-vpn: T2895: Removing unnecessary duplicate check for leftsubnet
2020-09-22vfg-vpn: T2895: Removing unnecessary duplicate check for leftsubnetsever-sever
2020-09-19Merge pull request #37 from sever-sever/T2806Christian Poessinger
cfg-vpn: T2806: Fix local prefix is source from loopback
2020-09-18cfg-vpn: T2806: Fix local prefix is source from loopbacksever-sever
2020-08-22Merge pull request #36 from erkin/currentDaniil Baturin
IPsec: T2647: Replace obsoleted ipsec.conf option
2020-08-22IPsec: T2647: Replace obsoleted ipsec.conf optionerkin
2020-07-31Merge pull request #35 from zdc/T2728-equuleusDaniil Baturin
IPSec tunnels: T2728: Fixed protocol selector for tunnels
2020-07-30IPSec tunnels: T2728: Fixed protocol selector for tunnelszsdc
The protocol selector used for tunnels in transport mode was ignored by the configuration script. This commit adding it as a part of left|rightsubnet, as required by strongSwan.
2020-07-30Merge pull request #34 from zdc/T2701Daniil Baturin
ESP: T2701: Fixed "pfs enable" option usage
2020-07-13ESP: T2701: Fixed "pfs enable" option usagezsdc
When in ESP group configured "pfs enable" option (default behavior), PFS settings are taken from the IKE proposal 1. In case if there is no "proposal 1", this ends up with broken ESP settings and unusable VPN peer. This fix replacing logic by taking PFS from the first one IKE proposal, regardless of its number.
2020-06-23Jenkins: T2625: migrate to build libraryChristian Poessinger
2020-05-28Merge pull request #33 from DmitriyEshenko/cur-fix28052020Daniil Baturin
strongSwan: T2000: Add warning message if local prefix did not config…
2020-05-28strongSwan: T2000: Add warning message if local prefix did not configuredDmitriyEshenko
2020-05-25Merge pull request #30 from DmitriyEshenko/rolling-dmvpnDaniil Baturin
dmvpn: T2091: Move variable to cycle for multiple profiles
2020-05-08T2431: fix a reference to valida-value.pyDaniil Baturin
2020-05-04Merge pull request #31 from zdc/T1291Christian Poessinger
VTI: T1291: Fix for invlid VTI interface down state
2020-05-04VTI: T1291: Fix for invlid VTI interface down statezsdc
In case when between hosts exists two IPSec tunnels for VTI (for example, when both sides act as connection initiators), the older unused/replaced tunnel may switch VTI interface to the "down" state even if a newer IPSec connection is still in-use. Depending on other IPSec settings, this leads to a situation when VTI interfaces continuously flapping or stuck in a "down" state. This fix is an adaptation of PR from @m-asama for the current code base. It adding new dependency from actual SA state of IPSec connection, and do not allow to switch down a VTI interface if at least one of child connections is active or try to change the state of a VTI interface to the same, as already active.
2020-04-23dmvpn: T2091: Move variable to cycle for multiple profilesDmitriyEshenko
2020-04-08Merge pull request #29 from zdc/T2049Christian Poessinger
strongSwan: T2049: Added lost "disable" option to ESP PFS settings
2020-04-08strongSwan: T2049: Added lost "disable" option to ESP PFS settingszsdc
2020-03-26strongSwan: T2164: add dependency on libstrongswan-standard-pluginsJohn Estabrook
2020-03-21Jenkins: T1870: support GitHub PullRequest buildsChristian Poessinger
2020-03-11Merge pull request #28 from zdc/T2049Christian Poessinger
strongSwan: T2049: Extended list of cipher suites
2020-03-11strongSwan: T2049: Extended list of cipher suiteszsdc
The list of supported cipher suites actualized according to the: https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
2019-12-27Jenkins: make pipeline branch independentChristian Poessinger
2019-12-18Jenkins: adjust to new Debian Buster buildChristian Poessinger
2019-12-18Merge branch 'equuleus' of github.com:vyos/vyatta-cfg-vpn into currentChristian Poessinger
* 'equuleus' of github.com:vyos/vyatta-cfg-vpn: Jenkins: import Pipeline from vyos-1x commit bd00ec7 update Jenkins file for equuleus
2019-12-08T1864: lower IKEv1 DPD timeout value from 10s to 2sVyOS_1.2-2019Q4Christian Poessinger
2019-12-07Merge branch 'current' of github.com:vyos/vyatta-cfg-vpn into equuleusChristian Poessinger
* 'current' of github.com:vyos/vyatta-cfg-vpn: dmvpn: T1784: Run ipsec-settings before DMVPN T1780 Adding IPSec IKE close-action Jenkins: import Pipeline from vyos-1x commit bd00ec7
2019-12-05Merge pull request #27 from DmitriyEshenko/dmvpnChristian Poessinger
dmvpn: T1784: Run ipsec-settings before DMVPN
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-25 16:25:47 +0000