summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-05-29Merge pull request #7 from m-asama/hydrogen-ipv4idhydrogenDaniil Baturin
Add support for IPsec phase 1 ID of IPv4 address format
2014-05-29Add support for IPsec phase 1 ID of IPv4 address formatMasakazu Asama
2014-04-270.12.105+hydrogen3debian/0.12.105+hydrogen3Daniil Baturin
2014-04-27Bug #183: Add up-client action to the interface up/down script.Daniil Baturin
Patch by Masakazu Asama.
2014-01-290.12.105+hydrogen2debian/0.12.105+hydrogen2Daniil Baturin
2014-01-29Fix vpn ppp up scriptStig Thormodsrud
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2014-01-29Move %any peers to the end in ipsec.secretsStig Thormodsrud
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2013-11-170.12.105+hydrogen1vyos/1.0.0debian/0.12.105+hydrogen1Daniil Baturin
2013-11-17New branchDaniil Baturin
2013-02-190.12.105+daisy6vyatta/VC6.6R1/i386vyatta/VC6.6R1/amd64debian/0.12.105+daisy6daisySaurabh Mohan
2013-02-19perltidy run for vyatta-cfg-vpnSaurabh Mohan
2013-02-120.12.105+daisy5debian/0.12.105+daisy5Saurabh Mohan
2013-02-12mGRE support for change of local-ip addr change.Saurabh Mohan
VYATTA-118: workaround added to update ipsec settings when tunnel local-ip is modified.
2013-02-050.12.105+daisy4debian/0.12.105+daisy4Saurabh Mohan
2013-02-05Bug 8666: merged.Saurabh Mohan
2013-01-220.12.105+daisy3debian/0.12.105+daisy3Saurabh Mohan
2013-01-22Dmvpn merge with mirantis jan22-2013Saurabh Mohan
2012-12-270.12.105+daisy2debian/0.12.105+daisy2Saurabh Mohan
2012-12-27DMVPN support with profiles.Saurabh Mohan
2012-10-130.12.105+daisy1debian/0.12.105+daisy1John Southworth
2012-10-13create daisy branchJohn Southworth
2012-10-120.12.105debian/0.12.105John Southworth
2012-10-12new branchJohn Southworth
2012-10-040.12.104debian/0.12.104bharat
2012-10-04Merge branch 'pacifica' of http://git.vyatta.com/vyatta-cfg-vpn into pacificabharat
2012-10-04Bug 8200: Changed grep to not display shim6Bharat
2012-09-180.12.103debian/0.12.103Saurabh Mohan
2012-09-18Bugfix 8358: Handle vti tunnel src, dst changing while the bind tunnel name ↵Saurabh Mohan
stays the same. Fix the case when case the <peer,local-address> pairing changes but the tunnel is still bound to the same vti tunnel interface name(vtiXX). In that case when doing the cleanup do not delete the vti tunnel of the same name. Also fixed 8264: When the vti bind interface name is deleted.
2012-09-100.12.102debian/0.12.102Saurabh Mohan
2012-09-10Bugfix 8289: Vti mark values should be implicitSaurabh Mohan
Vti tunnel uses fwmark from the kernel skbuff. This value is now internally allocated instead of getting it from the configuration. Also fixed 8286 where configuration was allowing both a tunnel and VTI between the same vpn src/dst.
2012-09-040.12.101debian/0.12.101Saurabh Mohan
2012-09-04Bugfix 8277: For connection type respond do not attempt keying foreverSaurabh Mohan
When a connection-type is respond (configured using: set vpn ipsec site-to-site peer <ip-addr> connection-type [initiate | respond]), the device should not keep trying to key forever.
2012-08-230.12.100debian/0.12.100Daniil Baturin
2012-08-23Update config version from 3 to 4.Daniil Baturin
2012-08-130.12.99debian/0.12.99Saurabh Mohan
2012-08-13Bugfix: 8276: Change htonl after parsing the input.Saurabh Mohan
2012-08-130.12.98debian/0.12.98Saurabh Mohan
2012-08-13Bugfix 8276: Vti not working on a 32-bit machine due to sign bit overload.Saurabh Mohan
In a 32-bit machine the signed bit is at the 32'nd bit position. Mark used by vti set's (0x9000-0000) that bit position. Changed the api to use strtoul to read the data from the command line and configure the mark. Also, changed the vyatta-cfg-vpn package to be arch dependent since it now has a binary that it generates.
2012-08-090.12.97debian/0.12.97Saurabh Mohan
2012-08-09Bugfix 8264: Check if the intf name is defined before using it in the script.Saurabh Mohan
Fix the error message for undefined intf name in error message. Also, add changes to incorporate mark's from range 0-2047. Print warning if a vti interface is defined but not used. Hopefully this will help users understand that they have a partial configuration.
2012-07-250.12.96debian/0.12.96Saurabh Mohan
2012-07-25Bugfix 8222: deletion and adding bind parameter under vti deletes vti ↵Saurabh Mohan
interface in show interfaces output though vti configuration exists The bind, mark parameters can be changed individually but the vti script runs at the vpn node level. By that time the old value is not known. With this change now I find out the exisiting vti tunnels from the kernel and discover the old vti-name, and mark setting from there. After that it is possible to figure out if a. No change was done to a VTI: In that case do not do any config. b. If a tunnel was changed: Delete and create the tunnel again. c. If a tunnel was deleted: Remove the tunnel config from the kernel. d. If the tunnel was added: Configure it. Also, configure the vti interface prior to the strongswan configuration. This way if the ipsec tunnel comes up then we can bring the interface up/down (see Bug 8219). Remove the disable configuration param (see Bug 8221).
2012-07-160.12.95debian/0.12.95Saurabh Mohan
2012-07-16Workaround to setup vti ko and cleaner error message.Saurabh Mohan
2012-06-180.12.94debian/0.12.94Saurabh Mohan
2012-06-18Bugfix: 8015: supress perl warnings.Saurabh Mohan
2012-06-110.12.93debian/0.12.93Saurabh Mohan
2012-06-11VTI: Add support call for checking for vti interface name.Saurabh Mohan
2012-06-040.12.92debian/0.12.92Saurabh Mohan
2012-06-04VTI bring tunnel based on ipsec-sa state.Saurabh Mohan
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 06:39:05 +0000