summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-06-03Fix Bug 5652 set ike/ipsec keying tries to foreverMohit Mehta
2010-05-260.12.36debian/0.12.36Mohit Mehta
2010-05-26add passthrough connection if remote-subnet contains local-subnetMohit Mehta
2010-04-190.12.35debian/0.12.35Mohit Mehta
2010-04-19Fix Bug 5542Mohit Mehta
* add commment for op-mode commands' dependency on config-mode check
2010-03-310.12.34debian/0.12.34Mohit Mehta
2010-03-31Fix Bug 5500 Unable to establish a VPN connection from a remote peer with aMohit Mehta
dynamic peer when using FQDN identifier for remote end * allow remote peer with dynamic IP to connect using Main Mode/PSK
2010-03-300.12.33debian/0.12.33Stephen Hemminger
2010-03-28Fix perl critic warningsStephen Hemminger
Get rid of things deemed undesirable by Perl Best Practices: * Convert to 3 argument open. * Use local file handles
2010-03-19Replace old form (expression) in end: tagStephen Hemminger
Use shell syntax.
2010-03-180.12.32debian/0.12.32Mohit Mehta
2010-03-18Fix Bug 5087 add support to specify PFS group when PFS is enabledMohit Mehta
2010-02-170.12.31debian/0.12.31An-Cheng Huang
2010-02-050.12.30debian/0.12.30Mohit Mehta
2010-02-051. use correct notation to represent private,public networksMohit Mehta
i.e. use vhost:%priv,%no instead of %priv,%no. Previously used notation was never supposed to work. Corrected notation is what we use in l2tp/ipsec as well and is also recommended otherwise. 2. cannot use leftsourceip to add route when right-subnet is not specific is based on generalized private,public networks
2010-01-300.12.29debian/0.12.29Mohit Mehta
2010-01-30Fix Bug 1832 VPN copy-tos Disabling copy-tos field doesn't workMohit Mehta
* remove copy-tos field under 'vpn ipsec'. It's not supposed to work with NETKEY
2010-01-280.12.28debian/0.12.28Mohit Mehta
2010-01-28perltidy vpn-config.plMohit Mehta
2010-01-28remove dead code. we use 'ipsec update' to update changes to connections nowMohit Mehta
2010-01-250.12.27debian/0.12.27Mohit Mehta
2010-01-25add back CLI node for disabling uniqreqidMohit Mehta
2010-01-140.12.26debian/0.12.26Mohit Mehta
2010-01-14bump up ipsec versionMohit Mehta
2010-01-120.12.25debian/0.12.25Mohit Mehta
2010-01-12use leftsourceip to add route to remote subnetMohit Mehta
(cherry picked from commit eb6d27497bab9e82218d8999778f7b4959fd34ea)
2010-01-12Do not start IKEv2 daemon for nowMohit Mehta
(cherry picked from commit 7fab51307ecaf65a7da880f60a97a73bda87e5c7)
2010-01-12* remove extraneous unused codeMohit Mehta
* use @id for identification when it's specified. It can be used even if local-ip is not 0.0.0.0 * extend syntax check for id to allow specifying hostnames * fix ipsec.secrets generation - if specified always use ids for local and remote peer (cherry picked from commit 3e7a4e45af00c11e6009d38fd97c67c2de0fa145)
2010-01-12add comment to identify end of connection descriptionMohit Mehta
(cherry picked from commit cb9ed22ae45d03fa37148273d02cef4a9a179d1d)
2010-01-12no need to maintain state of connections and take state-specific actions forMohit Mehta
each connection when config changes. `ipsec update` in strongswan determines any changes in ipsec.conf and updates the configuration on running daemon (cherry picked from commit 55b703e669e0f792c04d29541d8fe00d2a9d624b)
2010-01-12First pass code changes to vyatta-cfg-vpn for migration to strongswan :Mohit Mehta
Remove CLI support and back-end code for unsupported parameters * No aggressive mode support in strongswan * remove syslog facility.level CLI. strongswan uses authpriv facility by default, no syslog parameter support * remove Robert's disable-uniqreqids option for now. need to get strongswan to do the same thing first Remove Openswan specific parameters added to workaroung bugs * remove plutowait, this was added to workaround Openswan Bug 412 * remove nhelpers, this was added to workaround Openswan Bug 198 Other Changes * add '!' at the end of ike and esp proposal list to signify end of list * replace `ipsec start` commands with built-in commands for `ipsec starter` control utility * replace `ipsec auto` with `ipsec whack` commands. Still need to figure out if `ipsec auto --add|--up $connection` could be replaces by simply using `ipsec update` in stronswan * change pluto.ctl path
2010-01-12vyatta-cfg-vpn depends on vyatta-ipsec provided by vyatta-strongswanMohit Mehta
(cherry picked from commit f830e7cfd66d7cf368d47cd5dea47dd26711875a)
2009-12-020.12.24debian/0.12.24Mohit Mehta
2009-11-300.12.22Michael Larson
2009-11-30added required keyword to help text.Michael Larson
2009-11-250.12.21debian/0.12.21Mohit Mehta
2009-11-250.12.19Mohit Mehta
2009-11-25pptp config check not needed when vpn ipsec is configuredMohit Mehta
2009-11-130.12.18debian/0.12.18Michael Larson
2009-11-13dependency updateMichael Larson
2009-11-060.12.17debian/0.12.17An-Cheng Huang
2009-11-06use vyatta openswanAn-Cheng Huang
2009-11-020.12.16debian/0.12.16Mohit Mehta
2009-11-02more formatting clean-upMohit Mehta
2009-11-02indent and reformat script using perltidy in hope of making it easier to readMohit Mehta
2009-10-27add support for same reqids to openswan cfgRobert Bays
2009-10-200.12.15debian/0.12.15slioch
2009-10-20add priority to project node.slioch
2009-10-090.12.14debian/0.12.14Mohit Mehta
2009-10-09add allowed values for ike, esp groupsMohit Mehta
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 01:12:23 +0000