summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-01-12use leftsourceip to add route to remote subnetMohit Mehta
(cherry picked from commit eb6d27497bab9e82218d8999778f7b4959fd34ea)
2010-01-12Do not start IKEv2 daemon for nowMohit Mehta
(cherry picked from commit 7fab51307ecaf65a7da880f60a97a73bda87e5c7)
2010-01-12* remove extraneous unused codeMohit Mehta
* use @id for identification when it's specified. It can be used even if local-ip is not 0.0.0.0 * extend syntax check for id to allow specifying hostnames * fix ipsec.secrets generation - if specified always use ids for local and remote peer (cherry picked from commit 3e7a4e45af00c11e6009d38fd97c67c2de0fa145)
2010-01-12add comment to identify end of connection descriptionMohit Mehta
(cherry picked from commit cb9ed22ae45d03fa37148273d02cef4a9a179d1d)
2010-01-12no need to maintain state of connections and take state-specific actions forMohit Mehta
each connection when config changes. `ipsec update` in strongswan determines any changes in ipsec.conf and updates the configuration on running daemon (cherry picked from commit 55b703e669e0f792c04d29541d8fe00d2a9d624b)
2010-01-12First pass code changes to vyatta-cfg-vpn for migration to strongswan :Mohit Mehta
Remove CLI support and back-end code for unsupported parameters * No aggressive mode support in strongswan * remove syslog facility.level CLI. strongswan uses authpriv facility by default, no syslog parameter support * remove Robert's disable-uniqreqids option for now. need to get strongswan to do the same thing first Remove Openswan specific parameters added to workaroung bugs * remove plutowait, this was added to workaround Openswan Bug 412 * remove nhelpers, this was added to workaround Openswan Bug 198 Other Changes * add '!' at the end of ike and esp proposal list to signify end of list * replace `ipsec start` commands with built-in commands for `ipsec starter` control utility * replace `ipsec auto` with `ipsec whack` commands. Still need to figure out if `ipsec auto --add|--up $connection` could be replaces by simply using `ipsec update` in stronswan * change pluto.ctl path
2010-01-12vyatta-cfg-vpn depends on vyatta-ipsec provided by vyatta-strongswanMohit Mehta
(cherry picked from commit f830e7cfd66d7cf368d47cd5dea47dd26711875a)
2009-12-020.12.24debian/0.12.24Mohit Mehta
2009-11-300.12.22Michael Larson
2009-11-30added required keyword to help text.Michael Larson
2009-11-250.12.21debian/0.12.21Mohit Mehta
2009-11-250.12.19Mohit Mehta
2009-11-25pptp config check not needed when vpn ipsec is configuredMohit Mehta
2009-11-130.12.18debian/0.12.18Michael Larson
2009-11-13dependency updateMichael Larson
2009-11-060.12.17debian/0.12.17An-Cheng Huang
2009-11-06use vyatta openswanAn-Cheng Huang
2009-11-020.12.16debian/0.12.16Mohit Mehta
2009-11-02more formatting clean-upMohit Mehta
2009-11-02indent and reformat script using perltidy in hope of making it easier to readMohit Mehta
2009-10-27add support for same reqids to openswan cfgRobert Bays
2009-10-200.12.15debian/0.12.15slioch
2009-10-20add priority to project node.slioch
2009-10-090.12.14debian/0.12.14Mohit Mehta
2009-10-09add allowed values for ike, esp groupsMohit Mehta
2009-10-060.12.13debian/0.12.13Mohit Mehta
2009-10-06Fix Bug 3011 Remote VPN configuration issues site-to-site warningMohit Mehta
* issue warning when none of site-to-site peers, remote access l2tp/pptp set
2009-09-040.12.12debian/0.12.12Stig Thormodsrud
2009-09-04Fix 4902: setting ipsec site-to-site tunnel with authentication id <> and ↵Stig Thormodsrud
local-ip 0.0.0.0 got "no connection named <>"
2009-08-270.12.11debian/0.12.11slioch
2009-08-20manage state of add|delete|restart on connections for vpn given disable node.slioch
2009-08-20added support in configuration script to support tunnel disable node.slioch
2009-08-14convert enable to disable node for vpn tunnelslioch
2009-08-14add enable node below tunnel with default flag = trueslioch
2009-08-130.12.10debian/0.12.10slioch
2009-08-13Merge branch 'kenwood' of http://git.vyatta.com/vyatta-cfg-vpn into kenwoodslioch
2009-08-13added description field to site-to-site peer.slioch
2009-07-100.12.9debian/0.12.9Stig Thormodsrud
2009-07-10Fix 4623: Removing IPSEC VPN config without removing cluster ipsec config ↵Stig Thormodsrud
drops all interfaces. Add a check to prevent deleting ipsec if it's referenced by cluster. (cherry picked from commit b17d768af5845cb5b74e9ba8c6d8f8e2701bb0f6)
2009-05-290.12.8debian/0.12.8An-Cheng Huang
2009-05-260.12.7debian/0.12.7Stig Thormodsrud
2009-05-26Fix 3836: Allow VPN authentication ID to accept values of IP address, domain ↵Stig Thormodsrud
name and "" enclosed phrases
2009-04-080.12.6debian/0.12.6Bob Gilligan
2009-04-08Bugfix 3284: Allow commit to succeed if local-ip is not configured.Bob Gilligan
Previously, the ipsec setup script would fail the commit if the IPv4 address given in the local-ip parameter was not configured on one of the ipsec-interfaces at the time that the commit took place. This causes problems for PPP interfaces that may be configured, but down for operational reasons. This change makes the setup script more liberal. It will allow the commit to complete, but issue a warning the address, they can restart ipsec. PPP has logic to restart ipsec when a link comes up.
2009-04-060.12.5debian/0.12.5Bob Gilligan
2009-04-06Bugfix 2387: Don't list interfaces in ipsec config file.Bob Gilligan
The "interfaces=..." entry in the /etc/ipsec.conf file needs to list the actual interfaces we are using only if the underlying kernel IPsec support is provided by KLIPS. In our case, we are using NETKEY, so we don't need to list our interfaces there. Not listing them makes ipsec startup a bit more robust.
2009-03-260.12.4debian/0.12.4Stig Thormodsrud
2009-03-26Change "ipsec-interfaces" to use vyatta-interfaces.pl for allowed tag.Stig Thormodsrud
2009-03-160.12.3debian/0.12.3Stig Thormodsrud
2009-03-16Fix 4219: IPsec VPN does not launch on boot, error "The local-ip address ↵Stig Thormodsrud
X.X.X.X of peer "X.X.X.X" has not been configured in any of the local.
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-30 21:20:52 +0000