| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-03-06 | removing script call for pptp which is now being handled by accel-ppp | hagbard | |
| 2019-01-21 | fix typo in dead-pear-detection | Kim | |
| 2019-01-15 | fix typo | Kim Hagen | |
| 2019-01-15 | do not display connection header when there are no tunnels created | Kim Hagen | |
| 2019-01-11 | Reference IPsec profile name in DMPN connection names for op mode. | Daniil Baturin | |
| 2019-01-07 | fixing cur_vers reference for Makefile | hagbard | |
| 2019-01-07 | bumped config version so the migrate jobs work | hagbard | |
| 2019-01-07 | Fix: T1168 - Upgrade: 1,1,7 -> 1.2.0-epa2 Ipsec logging command failure. | hagbard | |
| 2018-12-31 | T777: improve "connection-type" option help strings. | Daniil Baturin | |
| 2018-12-06 | Fix: T1048: [IPSec] Protocol all does not work in IPSec Tunnel | hagbard | |
| 2018-11-13 | T1006: allow the "any" value for the local-address option. | Daniil Baturin | |
| 2018-11-13 | Set the architecture to 'all' since this package has no ↵ | Daniil Baturin | |
| architecture-dependent files. | |||
| 2018-11-13 | T1006: replace the is_valid_address.pl script with ipaddrcheck. | Daniil Baturin | |
| 2018-08-27 | Add plugins to dependencies. | Daniil Baturin | |
| 2018-08-20 | Merge pull request #19 from runborg/current | Daniil Baturin | |
| T787: Make sure dmvpn config is generated after ipsec config. | |||
| 2018-08-19 | T787: Make sure dmvpn config is generated after ipsec config. this one needs ↵ | Runar Borge | |
| more testing to test for breakages on ipsec | |||
| 2018-08-08 | T767: cleanup vpn-config.pl - removal of KLIPS | Christian Poessinger | |
| Two IPsec kernel stacks are currently available: KLIPS and NETKEY. The Linux kernel NETKEY code is a rewrite from scratch of the KAME IPsec code. The KAME Project was a group effort of six companies in Japan to provide a free IPv6 and IPsec (for both IPv4 and IPv6) protocol stack implementation for variants of the BSD UNIX computer operating system. KLIPS is not a part of the Linux kernel. When using KLIPS, you must apply a patch to the kernel to support NAT-T. When using NETKEY, NAT-T support is already inside the kernel, and there is no need to patch the kernel. [1] KLIPS part has been removed as we always used the NETKEY path in the Perl script. [1]: https://www.linuxjournal.com/article/9916 | |||
| 2018-08-08 | T767: remove IPSEC deprecated keyword 'interfaces' | Christian Poessinger | |
| 'interfaces' option no longer available in StrongSWAN as of their Wiki [1]. [1]: https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection | |||
| 2018-08-05 | T71: call the ipsec-settings.py script in VPN. | Daniil Baturin | |
| 2018-08-05 | T628: delete the default route from the StrongSWAN table (220 hardcoded) for ↵ | Daniil Baturin | |
| VTI connections | |||
| 2018-06-03 | T674: set DH group default in IKE groups to 2. | Daniil Baturin | |
| Using the default: tag in the template for now, this issue should be addressed properly when we get to rewriting IPsec scripts. | |||
| 2018-06-02 | Merge branch 'current' of github.com:vyos/vyatta-cfg-vpn into current | Daniil Baturin | |
| 2018-06-02 | T675: for downgrading strongswan to 5.5, remove explicit dependency on libvici. | Daniil Baturin | |
| In 5.5 from stretch, it's inside the swanctl package. In 5.6 from sid, the swanctl package depends on it so we don't need to mention it explicitly anyway. | |||
| 2018-02-27 | Merge pull request #18 from unixninja92/T542 | Kim | |
| Lowered minimum DPD interval and timeout as per T542 | |||
| 2018-02-20 | Lowered minimum DPD interval and timeout as per T542 | unixninja92 | |
| 2017-10-31 | Merge pull request #17 from Taniadz/current | Daniil Baturin | |
| T126: charon listening on ALL interfaces | |||
| 2017-10-31 | T126: charon listening on ALL interfaces(correct sorting) | Taniadz | |
| 2017-10-27 | T126: charon listening on ALL interfaces(add ipsec restart) | Taniadz | |
| 2017-10-25 | T126: charon listening on ALL interfaces( fix the style issues) | Taniadz | |
| 2017-10-24 | T126: charon listening on ALL interfaces | Taniadz | |
| 2017-10-13 | T423: use listNodes rather than listActiveNodes to enable completion for ↵ | Daniil Baturin | |
| uncommited IKE and ESP groups. | |||
| 2017-04-25 | Merge pull request #15 from smunaut/T137 | Kim | |
| Fix VTI interface configuration to set both ikey and okey | |||
| 2017-03-23 | Fix VTI interface configuration to set both ikey and okey | Sylvain Munaut | |
| Without this, the outgoing traffic is marked and encrypted but incoming traffic isn't properly forwarded to the VTI and just gets dropped. Partially Fixes T137 Signed-off-by: Sylvain Munaut <s.munaut@whatever-company.com> | |||
| 2017-03-04 | T287: Merge pull request #14 from paulgear/patch-1 | Daniil Baturin | |
| T287: Add missingok to logrotate for ipsec | |||
| 2017-03-02 | Add missingok to logrotate for ipsec | Paul Gear | |
| If this is not present, it causes hourly messages in /var/log/messages like this: Mar 2 19:17:01 vyos /USR/SBIN/CRON[9140]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 2 19:17:01 vyos /USR/SBIN/CRON[9138]: (CRON) error (grandchild #9140 failed with exit status 1) Mar 2 19:17:01 vyos /USR/SBIN/CRON[9138]: (CRON) info (No MTA installed, discarding output) This is because cron wants to produce output like the following when ipsec.log is not present: /etc/cron.hourly/vyatta-logrotate-hourly: error: stat of /var/log/vyatta/ipsec.log failed: No such file or directory run-parts: /etc/cron.hourly/vyatta-logrotate-hourly exited with return code 1 | |||
| 2016-03-23 | load swanctl configuration on ipsec start | UnicronNL | |
| 2016-03-16 | use 'dh-group' for first ike proposal | UnicronNL | |
| enable config for dead peer detection | |||
| 2016-03-08 | add secret from config to swanctl.conf | UnicronNL | |
| 2016-03-07 | add dependencies needed for dmvpn configuration | Kim Hagen | |
| 2016-02-25 | add libcrypt-openssl-rsa-perl dependency | Kim Hagen | |
| 2016-02-24 | First version of new dmvpn script rewrite. | Kim Hagen | |
| 2016-02-24 | remove reference to dmvpn.secrets and chang dmvpn.conf to swanctl.conf | Kim Hagen | |
| 2016-02-23 | Update vpn check file from "charon.ctl" to "charon.pid". | Kim Hagen | |
| 2016-02-11 | Update the changelog. | Daniil Baturin | |
| 2016-02-11 | Merge branch 'lithium-strongswan5' of ↵ | Daniil Baturin | |
| https://github.com/TriJetScud/vyatta-cfg-vpn into current | |||
| 2016-02-11 | Revert "Remove charonstart an interfaces from ipsec.conf file, they are ↵ | Kim Hagen | |
| depricated." This reverts commit fbddff7f2b6b485c93b5d3cf4d60a75f84c3a2b6. | |||
| 2016-02-11 | Revert "Set default pfs and ike dh group. (required by strongswan charon)" | Kim Hagen | |
| This reverts commit 8353f0f8fc746c69d6006e5bba9baf45afe16385. | |||
| 2016-02-11 | Set default pfs and ike dh group. (required by strongswan charon) | Kim Hagen | |
| 2016-02-11 | Remove charonstart an interfaces from ipsec.conf file, they are depricated. | Kim Hagen | |
| 2016-02-09 | Merge branch 'current' of github.com:vyos/vyatta-cfg-vpn into current | Kim Hagen | |
 |
index : vyatta-cfg-vpn.git | |
| Vyatta VPN configuration (mirror of https://github.com/vyos/vyatta-cfg-vpn.git) |
| summaryrefslogtreecommitdiff |