| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-09-11 | New release.vyos/1.2.6 | VyOS Maintainers | |
| 2020-07-30 | IPSec tunnels: T2728: Fixed protocol selector for tunnels | zsdc | |
| The protocol selector used for tunnels in transport mode was ignored by the configuration script. This commit adding it as a part of left|rightsubnet, as required by strongSwan. | |||
| 2020-07-30 | ESP: T2701: Fixed "pfs enable" option usage | zsdc | |
| When in ESP group configured "pfs enable" option (default behavior), PFS settings are taken from the IKE proposal 1. In case if there is no "proposal 1", this ends up with broken ESP settings and unusable VPN peer. This fix replacing logic by taking PFS from the first one IKE proposal, regardless of its number. | |||
| 2020-07-26 | dmvpn: T2091: Move variable to cycle for multiple profiles | DmitriyEshenko | |
| 2020-07-26 | strongSwan: T2000: Add warning message if local prefix did not configured | DmitriyEshenko | |
| 2020-05-28 | Merge pull request #32 from zdc/T1291-crux | Christian Poessinger | |
| VTI: T1291: Fix for invlid VTI interface down state | |||
| 2020-05-12 | VTI: T1291: Fix for invlid VTI interface down state | zsdc | |
| In case when between hosts exists two IPSec tunnels for VTI (for example, when both sides act as connection initiators), the older unused/replaced tunnel may switch VTI interface to the "down" state even if a newer IPSec connection is still in-use. Depending on other IPSec settings, this leads to a situation when VTI interfaces continuously flapping or stuck in a "down" state. This fix is an adaptation of PR from @m-asama for the current code base. It adding new dependency from actual SA state of IPSec connection, and do not allow to switch down a VTI interface if at least one of child connections is active or try to change the state of a VTI interface to the same, as already active. | |||
| 2020-03-09 | Merge branch 'crux' of github.com:vyos/vyatta-cfg-vpn into cruxvyos/1.2.5 | Daniil Baturin | |
| 2020-03-09 | New release. | VyOS Maintainers | |
| 2020-01-20 | T1780 Adding IPSec IKE close-action | DmitriyEshenko | |
| 2019-12-12 | T1864: lower IKEv1 DPD timeout value from 10s to 2s | Christian Poessinger | |
| (cherry picked from commit c4c8711939f709c445fe634b2f624933fa9651ab) | |||
| 2019-12-10 | New release.vyos/1.2.4 | VyOS Maintainers | |
| 2019-09-28 | Jenkins: import Pipeline from vyos-1x commit bd00ec7 | Christian Poessinger | |
| 2019-08-31 | [logrotate] T1420 - logrotate permission errors on vyatta logfiles | hagbard | |
| 2019-05-21 | Create Jenkinsfile crux | Kim Hagen | |
| 2019-04-12 | run on remote node | Kim | |
| 2019-04-12 | added node | Kim | |
| 2019-04-12 | pipeline | Kim | |
| 2019-04-12 | add dependency | Kim | |
| 2019-03-14 | Fixes T1298 use vti tunnel with ipsec and dhcp. | Kim | |
| * make dhcp interface work for vti interfaces * clean up code, loger timeout use python api * change vti tunnel ip on new dhcp lease * only change ip on up and do not get non dhcp ip * fix error in function, include up-host and down-host | |||
| 2019-01-26 | Update changelog. | Daniil Baturin | |
| 2019-01-26 | Merge branch 'current' into crux | Daniil Baturin | |
| 2019-01-21 | fix typo in dead-pear-detection | Kim | |
| 2019-01-15 | fix typo | Kim Hagen | |
| 2019-01-15 | do not display connection header when there are no tunnels created | Kim Hagen | |
| 2019-01-11 | Reference IPsec profile name in DMPN connection names for op mode. | Daniil Baturin | |
| 2019-01-07 | fixing cur_vers reference for Makefile | hagbard | |
| 2019-01-07 | bumped config version so the migrate jobs work | hagbard | |
| 2019-01-07 | Fix: T1168 - Upgrade: 1,1,7 -> 1.2.0-epa2 Ipsec logging command failure. | hagbard | |
| 2018-12-31 | Merge branch 'current' into crux | Daniil Baturin | |
| Conflicts: debian/changelog | |||
| 2018-12-31 | T777: improve "connection-type" option help strings. | Daniil Baturin | |
| 2018-12-06 | Fix: T1048: [IPSec] Protocol all does not work in IPSec Tunnel | hagbard | |
| 2018-11-13 | T1006: allow the "any" value for the local-address option. | Daniil Baturin | |
| 2018-11-13 | T1006: allow the "any" value for the local-address option. | Daniil Baturin | |
| 2018-11-13 | Set the architecture to 'all' since this package has no ↵ | Daniil Baturin | |
| architecture-dependent files. | |||
| 2018-11-13 | T1006: replace the is_valid_address.pl script with ipaddrcheck. | Daniil Baturin | |
| 2018-11-13 | Set the architecture to 'all' since this package has no ↵ | Daniil Baturin | |
| architecture-dependent files. | |||
| 2018-11-13 | T1006: replace the is_valid_address.pl script with ipaddrcheck. | Daniil Baturin | |
| 2018-09-28 | New branch. | Daniil Baturin | |
| 2018-08-27 | Add plugins to dependencies. | Daniil Baturin | |
| 2018-08-20 | Merge pull request #19 from runborg/current | Daniil Baturin | |
| T787: Make sure dmvpn config is generated after ipsec config. | |||
| 2018-08-19 | T787: Make sure dmvpn config is generated after ipsec config. this one needs ↵ | Runar Borge | |
| more testing to test for breakages on ipsec | |||
| 2018-08-08 | T767: cleanup vpn-config.pl - removal of KLIPS | Christian Poessinger | |
| Two IPsec kernel stacks are currently available: KLIPS and NETKEY. The Linux kernel NETKEY code is a rewrite from scratch of the KAME IPsec code. The KAME Project was a group effort of six companies in Japan to provide a free IPv6 and IPsec (for both IPv4 and IPv6) protocol stack implementation for variants of the BSD UNIX computer operating system. KLIPS is not a part of the Linux kernel. When using KLIPS, you must apply a patch to the kernel to support NAT-T. When using NETKEY, NAT-T support is already inside the kernel, and there is no need to patch the kernel. [1] KLIPS part has been removed as we always used the NETKEY path in the Perl script. [1]: https://www.linuxjournal.com/article/9916 | |||
| 2018-08-08 | T767: remove IPSEC deprecated keyword 'interfaces' | Christian Poessinger | |
| 'interfaces' option no longer available in StrongSWAN as of their Wiki [1]. [1]: https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection | |||
| 2018-08-05 | T71: call the ipsec-settings.py script in VPN. | Daniil Baturin | |
| 2018-08-05 | T628: delete the default route from the StrongSWAN table (220 hardcoded) for ↵ | Daniil Baturin | |
| VTI connections | |||
| 2018-06-03 | T674: set DH group default in IKE groups to 2. | Daniil Baturin | |
| Using the default: tag in the template for now, this issue should be addressed properly when we get to rewriting IPsec scripts. | |||
| 2018-06-02 | Merge branch 'current' of github.com:vyos/vyatta-cfg-vpn into current | Daniil Baturin | |
| 2018-06-02 | T675: for downgrading strongswan to 5.5, remove explicit dependency on libvici. | Daniil Baturin | |
| In 5.5 from stretch, it's inside the swanctl package. In 5.6 from sid, the swanctl package depends on it so we don't need to mention it explicitly anyway. | |||
| 2018-02-27 | Merge pull request #18 from unixninja92/T542 | Kim | |
| Lowered minimum DPD interval and timeout as per T542 | |||
 |
index : vyatta-cfg-vpn.git | |
| Vyatta VPN configuration (mirror of https://github.com/vyos/vyatta-cfg-vpn.git) |
| summaryrefslogtreecommitdiff |