| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
strongSwan 5.2.x no longer recognizes keys in RFC 3110 format inlined in
ipsec.conf and ipsec.secrets. We need to convert the local private key
and peer public keys to PEM format, without changing the config templates
or user-visible key formats.
This patch will require the Debian packages 'libcrypt-openssl-bignum-perl'
and 'libcrypt-openssl-rsa-perl' to be added to the system.
|
|
This needs to be updated or VPN configurations won't be properly
handled on subsequent updates.
|
|
Update lib/Vyatta/VPN/vtiIntf.pm to have consistent identation levels
and style throughout.
|
|
Reduce the vtiMarkBase value to prevent integer overflow on the created
ip xfrm states and policies.
|
|
Update the parseVtiTun function to account for the new way of
configuring VTIs.
Bug #358 http://bugzilla.vyos.net/show_bug.cgi?id=358
|
|
Move vtiIntf.pm to a more logical place, in line with all the other
packages.
|
|
|
|
|
|
of just for GRE
|
|
Get rid of things deemed undesirable by Perl Best Practices:
* Convert to 3 argument open.
* Use local file handles
|
|
Remove CLI support and back-end code for unsupported parameters
* No aggressive mode support in strongswan
* remove syslog facility.level CLI. strongswan uses
authpriv facility by default, no syslog parameter support
* remove Robert's disable-uniqreqids option for now. need to get
strongswan to do the same thing first
Remove Openswan specific parameters added to workaroung bugs
* remove plutowait, this was added to workaround Openswan Bug 412
* remove nhelpers, this was added to workaround Openswan Bug 198
Other Changes
* add '!' at the end of ike and esp proposal list to signify end of list
* replace `ipsec start` commands with built-in commands for
`ipsec starter` control utility
* replace `ipsec auto` with `ipsec whack` commands. Still need to figure
out if `ipsec auto --add|--up $connection` could be replaces by simply
using `ipsec update` in stronswan
* change pluto.ctl path
|
|
|
|
|
