summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-08-030.12.105+vyos1+helium2vyos/1.1.0-beta1debian/0.12.105+vyos1+helium2Daniil Baturin
2014-08-03Bug #224: rename "enabled|disabled" to "enable|disable" for consistency.Daniil Baturin
2014-06-25Merge pull request #8 from ryanriske/helium-bug241Daniil Baturin
Bug 241: Use auto=route for connection-type respond.
2014-06-17Bug 241: Use auto=route for connection-type respond.Ryan Riske
2014-05-26Merge pull request #4 from TriJetScud/heliumDaniil Baturin
Remove automatic IKE version negoiation.
2014-05-25Merge pull request #6 from TriJetScud/helium-pull-reqDaniil Baturin
Initial MOBIKE Configuration Support
2014-05-25Initial MOBIKE Configuration SupportJeff Leung
For IKEv2, there is support for MOBIKE which basically allows IPSec connections to roam from interface to interface. When MOBIKE is used, the IKE negoiation phase uses UDP port 4500 rather than using proto-51. In strongSwan 4.5.x MOBIKE is automatically enabled for IKEv2 connections. We expose the ability to enable/disable MOBIKE to the user.
2014-05-25Merge pull request #5 from ryanriske/helium-dhgroupsDaniil Baturin
Bug 197: Add back support for groups 22-24 for phase2 pfs
2014-05-25Bug 197: Add back support for groups 22-24 for phase2 pfsRyan Riske
2014-05-25Merge pull request #3 from ryanriske/helium-sha2Daniil Baturin
Bug 220: Add support for SHA2 hashes
2014-05-25Remove automatic IKE version negoiation.Jeff Leung
According to the strongSwan 4.5.x documentation, the keyexchange configuration value "ike" is a synonym to "ikev2". In strongSwan 5.0.0 however, the configuration value "ike" will try to negoiate IKEv2 connections but will accept IKEv1 connections if the remote peer sends an IKEv1 request.
2014-05-25Bug 220: Add support for SHA2 hashesRyan Riske
2014-05-24Merge pull request #2 from ryanriske/helium-dhgroupsDaniil Baturin
Add support for DH groups 14-26
2014-05-24Add support for DH groups 14-26Ryan Riske
2014-05-22Merge pull request #1 from TriJetScud/heliumDaniil Baturin
Adding initial support for IKEv2 Site-to-Site VPNs
2014-05-21Adding initial support for IKEv2/IKEv1 Site-to-Site VPN's by adding the ↵Jeff Leung
optional "vpn ipsec ike-group <IKEGROUP> key-exchange" parameter.
2014-04-27Bug #183: Add up-client action to the interface up/down script.Daniil Baturin
Patch by Masakazu Asama.
2014-02-150.12.105+vyos1+helium1debian/0.12.105+vyos1+helium1Daniil Baturin
2014-02-15New branchDaniil Baturin
2014-01-290.12.105+hydrogen2debian/0.12.105+hydrogen2Daniil Baturin
2014-01-29Fix vpn ppp up scriptStig Thormodsrud
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2014-01-29Move %any peers to the end in ipsec.secretsStig Thormodsrud
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2013-11-170.12.105+hydrogen1vyos/1.0.0debian/0.12.105+hydrogen1Daniil Baturin
2013-11-17New branchDaniil Baturin
2013-02-190.12.105+daisy6vyatta/VC6.6R1/i386vyatta/VC6.6R1/amd64debian/0.12.105+daisy6daisySaurabh Mohan
2013-02-19perltidy run for vyatta-cfg-vpnSaurabh Mohan
2013-02-120.12.105+daisy5debian/0.12.105+daisy5Saurabh Mohan
2013-02-12mGRE support for change of local-ip addr change.Saurabh Mohan
VYATTA-118: workaround added to update ipsec settings when tunnel local-ip is modified.
2013-02-050.12.105+daisy4debian/0.12.105+daisy4Saurabh Mohan
2013-02-05Bug 8666: merged.Saurabh Mohan
2013-01-220.12.105+daisy3debian/0.12.105+daisy3Saurabh Mohan
2013-01-22Dmvpn merge with mirantis jan22-2013Saurabh Mohan
2012-12-270.12.105+daisy2debian/0.12.105+daisy2Saurabh Mohan
2012-12-27DMVPN support with profiles.Saurabh Mohan
2012-10-130.12.105+daisy1debian/0.12.105+daisy1John Southworth
2012-10-13create daisy branchJohn Southworth
2012-10-120.12.105debian/0.12.105John Southworth
2012-10-12new branchJohn Southworth
2012-10-040.12.104debian/0.12.104bharat
2012-10-04Merge branch 'pacifica' of http://git.vyatta.com/vyatta-cfg-vpn into pacificabharat
2012-10-04Bug 8200: Changed grep to not display shim6Bharat
2012-09-180.12.103debian/0.12.103Saurabh Mohan
2012-09-18Bugfix 8358: Handle vti tunnel src, dst changing while the bind tunnel name ↵Saurabh Mohan
stays the same. Fix the case when case the <peer,local-address> pairing changes but the tunnel is still bound to the same vti tunnel interface name(vtiXX). In that case when doing the cleanup do not delete the vti tunnel of the same name. Also fixed 8264: When the vti bind interface name is deleted.
2012-09-100.12.102debian/0.12.102Saurabh Mohan
2012-09-10Bugfix 8289: Vti mark values should be implicitSaurabh Mohan
Vti tunnel uses fwmark from the kernel skbuff. This value is now internally allocated instead of getting it from the configuration. Also fixed 8286 where configuration was allowing both a tunnel and VTI between the same vpn src/dst.
2012-09-040.12.101debian/0.12.101Saurabh Mohan
2012-09-04Bugfix 8277: For connection type respond do not attempt keying foreverSaurabh Mohan
When a connection-type is respond (configured using: set vpn ipsec site-to-site peer <ip-addr> connection-type [initiate | respond]), the device should not keep trying to key forever.
2012-08-230.12.100debian/0.12.100Daniil Baturin
2012-08-23Update config version from 3 to 4.Daniil Baturin
2012-08-130.12.99debian/0.12.99Saurabh Mohan
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-29 20:12:02 +0000