summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2009-11-280.12.23debian/0.12.23Mohit Mehta
2009-11-28add comment to identify end of connection descriptionMohit Mehta
2009-11-250.12.22debian/0.12.22Mohit Mehta
2009-11-250.12.21Mohit Mehta
2009-11-25no need to maintain state of connections and take state-specific actions forMohit Mehta
each connection when config changes. `ipsec update` in strongswan determines any changes in ipsec.conf and updates the configuration on running daemon
2009-11-240.12.20debian/0.12.20Mohit Mehta
2009-11-24First pass code changes to vyatta-cfg-vpn for migration to strongswan :Mohit Mehta
Remove CLI support and back-end code for unsupported parameters * No aggressive mode support in strongswan * remove syslog facility.level CLI. strongswan uses authpriv facility by default, no syslog parameter support * remove Robert's disable-uniqreqids option for now. need to get strongswan to do the same thing first Remove Openswan specific parameters added to workaroung bugs * remove plutowait, this was added to workaround Openswan Bug 412 * remove nhelpers, this was added to workaround Openswan Bug 198 Other Changes * add '!' at the end of ike and esp proposal list to signify end of list * replace `ipsec start` commands with built-in commands for `ipsec starter` control utility * replace `ipsec auto` with `ipsec whack` commands. Still need to figure out if `ipsec auto --add|--up $connection` could be replaces by simply using `ipsec update` in stronswan * change pluto.ctl path
2009-11-200.12.19debian/0.12.19Mohit Mehta
2009-11-20vyatta-cfg-vpn depends on vyatta-ipsec provided by vyatta-strongswanMohit Mehta
2009-11-130.12.18debian/0.12.18Michael Larson
2009-11-13dependency updateMichael Larson
2009-11-060.12.17debian/0.12.17An-Cheng Huang
2009-11-06use vyatta openswanAn-Cheng Huang
2009-11-020.12.16debian/0.12.16Mohit Mehta
2009-11-02more formatting clean-upMohit Mehta
2009-11-02indent and reformat script using perltidy in hope of making it easier to readMohit Mehta
2009-10-27add support for same reqids to openswan cfgRobert Bays
2009-10-200.12.15debian/0.12.15slioch
2009-10-20add priority to project node.slioch
2009-10-090.12.14debian/0.12.14Mohit Mehta
2009-10-09add allowed values for ike, esp groupsMohit Mehta
2009-10-060.12.13debian/0.12.13Mohit Mehta
2009-10-06Fix Bug 3011 Remote VPN configuration issues site-to-site warningMohit Mehta
* issue warning when none of site-to-site peers, remote access l2tp/pptp set
2009-09-040.12.12debian/0.12.12Stig Thormodsrud
2009-09-04Fix 4902: setting ipsec site-to-site tunnel with authentication id <> and ↵Stig Thormodsrud
local-ip 0.0.0.0 got "no connection named <>"
2009-08-270.12.11debian/0.12.11slioch
2009-08-20manage state of add|delete|restart on connections for vpn given disable node.slioch
2009-08-20added support in configuration script to support tunnel disable node.slioch
2009-08-14convert enable to disable node for vpn tunnelslioch
2009-08-14add enable node below tunnel with default flag = trueslioch
2009-08-130.12.10debian/0.12.10slioch
2009-08-13Merge branch 'kenwood' of http://git.vyatta.com/vyatta-cfg-vpn into kenwoodslioch
2009-08-13added description field to site-to-site peer.slioch
2009-07-100.12.9debian/0.12.9Stig Thormodsrud
2009-07-10Fix 4623: Removing IPSEC VPN config without removing cluster ipsec config ↵Stig Thormodsrud
drops all interfaces. Add a check to prevent deleting ipsec if it's referenced by cluster. (cherry picked from commit b17d768af5845cb5b74e9ba8c6d8f8e2701bb0f6)
2009-05-290.12.8debian/0.12.8An-Cheng Huang
2009-05-260.12.7debian/0.12.7Stig Thormodsrud
2009-05-26Fix 3836: Allow VPN authentication ID to accept values of IP address, domain ↵Stig Thormodsrud
name and "" enclosed phrases
2009-04-080.12.6debian/0.12.6Bob Gilligan
2009-04-08Bugfix 3284: Allow commit to succeed if local-ip is not configured.Bob Gilligan
Previously, the ipsec setup script would fail the commit if the IPv4 address given in the local-ip parameter was not configured on one of the ipsec-interfaces at the time that the commit took place. This causes problems for PPP interfaces that may be configured, but down for operational reasons. This change makes the setup script more liberal. It will allow the commit to complete, but issue a warning the address, they can restart ipsec. PPP has logic to restart ipsec when a link comes up.
2009-04-060.12.5debian/0.12.5Bob Gilligan
2009-04-06Bugfix 2387: Don't list interfaces in ipsec config file.Bob Gilligan
The "interfaces=..." entry in the /etc/ipsec.conf file needs to list the actual interfaces we are using only if the underlying kernel IPsec support is provided by KLIPS. In our case, we are using NETKEY, so we don't need to list our interfaces there. Not listing them makes ipsec startup a bit more robust.
2009-03-260.12.4debian/0.12.4Stig Thormodsrud
2009-03-26Change "ipsec-interfaces" to use vyatta-interfaces.pl for allowed tag.Stig Thormodsrud
2009-03-160.12.3debian/0.12.3Stig Thormodsrud
2009-03-16Fix 4219: IPsec VPN does not launch on boot, error "The local-ip address ↵Stig Thormodsrud
X.X.X.X of peer "X.X.X.X" has not been configured in any of the local.
2009-02-120.12.2debian/0.12.2Stephen Hemminger
2009-02-12Fix ambiguous use of $logStephen Hemminger
There were two definitions of $log
2009-02-11Fix use of unitialized valueStephen Hemminger
Bug 4021 Don't die if local ip not configured.
2009-02-11Remove perlcritic warningsStephen Hemminger
Use 3 argument open
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-02 04:41:08 +0000