summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-03-04T287: Merge pull request #14 from paulgear/patch-1Daniil Baturin
T287: Add missingok to logrotate for ipsec
2017-03-02Add missingok to logrotate for ipsecPaul Gear
If this is not present, it causes hourly messages in /var/log/messages like this: Mar 2 19:17:01 vyos /USR/SBIN/CRON[9140]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 2 19:17:01 vyos /USR/SBIN/CRON[9138]: (CRON) error (grandchild #9140 failed with exit status 1) Mar 2 19:17:01 vyos /USR/SBIN/CRON[9138]: (CRON) info (No MTA installed, discarding output) This is because cron wants to produce output like the following when ipsec.log is not present: /etc/cron.hourly/vyatta-logrotate-hourly: error: stat of /var/log/vyatta/ipsec.log failed: No such file or directory run-parts: /etc/cron.hourly/vyatta-logrotate-hourly exited with return code 1
2016-03-23load swanctl configuration on ipsec startUnicronNL
2016-03-16use 'dh-group' for first ike proposalUnicronNL
enable config for dead peer detection
2016-03-08add secret from config to swanctl.confUnicronNL
2016-03-07add dependencies needed for dmvpn configurationKim Hagen
2016-02-25add libcrypt-openssl-rsa-perl dependencyKim Hagen
2016-02-24First version of new dmvpn script rewrite.Kim Hagen
2016-02-24remove reference to dmvpn.secrets and chang dmvpn.conf to swanctl.confKim Hagen
2016-02-23Update vpn check file from "charon.ctl" to "charon.pid".Kim Hagen
2016-02-11Update the changelog.Daniil Baturin
2016-02-11Merge branch 'lithium-strongswan5' of ↵Daniil Baturin
https://github.com/TriJetScud/vyatta-cfg-vpn into current
2016-02-11Revert "Remove charonstart an interfaces from ipsec.conf file, they are ↵Kim Hagen
depricated." This reverts commit fbddff7f2b6b485c93b5d3cf4d60a75f84c3a2b6.
2016-02-11Revert "Set default pfs and ike dh group. (required by strongswan charon)"Kim Hagen
This reverts commit 8353f0f8fc746c69d6006e5bba9baf45afe16385.
2016-02-11Set default pfs and ike dh group. (required by strongswan charon)Kim Hagen
2016-02-11Remove charonstart an interfaces from ipsec.conf file, they are depricated.Kim Hagen
2016-02-09Merge branch 'current' of github.com:vyos/vyatta-cfg-vpn into currentKim Hagen
2016-02-09Use dhcp instead of dhcp3.Kim Hagen
2016-01-29vyatta-cfg-vpn: Properly implement force-encapsulation and fix descriptionsJeff Leung
2016-01-250.12.105+vyos2+current2debian/0.12.105+vyos2+current2Daniil Baturin
2016-01-25Remove dependency on vyatta-ipsec for migration to upstream strongswan.Daniil Baturin
Update standards version and description.
2016-01-240.12.105+vyos2+current1debian/0.12.105+vyos2+current1Kim Hagen
2015-12-16Fix build depends.Thomas Jepp
2015-12-06Merge branch 'lithium' into lithium-strongswan5Jeff Leung
Conflicts: templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def Get the GCM and ChaCha20+Poly1305 ciphers to play nice with each other
2015-12-05vyatta-cfg-vpn: validate peer address for vti based vpn connectionsAlex Harpin
Validate the peer address used for VTI based VPN connections to ensure only either an IPv4 or IPv6 address is used. Currently VTIs can only accept these for peer addresses, other values will fail with extraneous error messages, trap these earlier in the configuation commit process for now. Bug #359 http://bugzilla.vyos.net/show_bug.cgi?id=359
2015-12-05vyatta-cfg-vpn: validate local address for vti based vpn connectionsAlex Harpin
Validate the local address used for VTI based VPN connections to ensure only either an IPv4 or IPv6 address is used. Currently VTIs can only accept these for local addresses, other values will fail with extraneous error messages, trap these earlier in the configuation commit process for now. Bug #213 http://bugzilla.vyos.net/show_bug.cgi?id=213
2015-12-05vyatta-cfg-vpn: vti interfaces remain link down after ipsec sa renewalAlex Harpin
VTI interfaces can remain link down after IPSec SA expiry and renewal, leaving the actual IPSec tunnel up and active but the route relating to this VTI interface absent from the routing table; with the end result of no traffic passing through it without manual intervention. Earlier fixes for this issue in both bug #183 and bug #291 fixed one issue but introduced another, this commit fixes both scenarios. Bug #568 http://bugzilla.vyos.net/show_bug.cgi?id=568
2015-12-05vyatta-cfg-vpn: further tidy up of vyatta-vti-config.plAlex Harpin
Remove old comments and other minor tidying up / rearranging of scripts/vyatta-vti-config.pl
2015-12-05vyatta-cfg-vpn: formatting changes for style consistencyAlex Harpin
Perltidy run on scripts/vyatta-vti-config.pl to have consistent identation levels and style throughout.
2015-12-05Bug #469: add options for AES-128/256-GCM mode.Daniil Baturin
2015-12-05Move execution of nhrp script to "end" of ipsec config so it executes on all ↵Kim Hagen
changes made to the ipsec config
2015-12-05Add ChaCha20 Poly1305 cipher as an available cipher for IKE exchanges.Jeff Leung
Starting with strongSwan 5.3.3, chacha20poly1305 is a supported cipher for IKE and ESP configurations with an IKEv2 configuration.
2015-11-04Whitespace fixesJeff Leung
2015-11-04Allow the user to include a custom ipsec.secrets file.Jeff Leung
This may be useful for scenarios where a user prefers to use an ECDSA key or implement an xauth IPSec RA server without having to code for the VyOS/EdgeOS platform.
2015-11-04Actually implement custom ipsec.conf filesJeff Leung
2015-06-280.12.105+vyos2+lithium17debian/0.12.105+vyos2+lithium17Alex Harpin
2015-06-26vyatta-cfg-vpn: validate local address for vti based vpn connectionsAlex Harpin
Validate the local address used for VTI based VPN connections to ensure only either an IPv4 or IPv6 address is used. Currently VTIs can only accept these for local addresses, other values will fail with extraneous error messages, trap these earlier in the configuation commit process for now. Bug #213 http://bugzilla.vyos.net/show_bug.cgi?id=213
2015-06-260.12.105+vyos2+lithium16debian/0.12.105+vyos2+lithium16Alex Harpin
2015-06-22vyatta-cfg-vpn: validate peer address for vti based vpn connectionsAlex Harpin
Validate the peer address used for VTI based VPN connections to ensure only either an IPv4 or IPv6 address is used. Currently VTIs can only accept these for peer addresses, other values will fail with extraneous error messages, trap these earlier in the configuation commit process for now. Bug #359 http://bugzilla.vyos.net/show_bug.cgi?id=359
2015-06-180.12.105+vyos2+lithium15debian/0.12.105+vyos2+lithium15Alex Harpin
2015-06-18vyatta-cfg-vpn: vti interfaces remain link down after ipsec sa renewalAlex Harpin
VTI interfaces can remain link down after IPSec SA expiry and renewal, leaving the actual IPSec tunnel up and active but the route relating to this VTI interface absent from the routing table; with the end result of no traffic passing through it without manual intervention. Earlier fixes for this issue in both bug #183 and bug #291 fixed one issue but introduced another, this commit fixes both scenarios. Bug #568 http://bugzilla.vyos.net/show_bug.cgi?id=568
2015-06-17vyatta-cfg-vpn: further tidy up of vyatta-vti-config.plAlex Harpin
Remove old comments and other minor tidying up / rearranging of scripts/vyatta-vti-config.pl
2015-06-17vyatta-cfg-vpn: formatting changes for style consistencyAlex Harpin
Perltidy run on scripts/vyatta-vti-config.pl to have consistent identation levels and style throughout.
2015-06-160.12.105+vyos2+lithium14debian/0.12.105+vyos2+lithium14Alex Harpin
2015-06-16vyatta-cfg-vpn: update dh_gencontrol with new development build flagAlex Harpin
2015-06-140.12.105+vyos2+lithium13debian/0.12.105+vyos2+lithium13Daniil Baturin
2015-06-14Bug #504: add an option for pulling IPsec local id from the cert.Daniil Baturin
2015-06-09Merge pull request #1 from ryanriske/lithium-strongswan5-rsaJeff Leung
Update support for RSA keys with strongSwan 5.2.x
2015-05-040.12.105+vyos2+lithium12debian/0.12.105+vyos2+lithium12Daniil Baturin
2015-05-04Bug #469: add options for AES-128/256-GCM mode.Daniil Baturin
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-03 11:57:05 +0000