| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-01-27 | Removing pfs and pfsgroup parameter generation | Jeff Leung | |
| In strongSwan 5.0.0 and later series, pfs= and pfsgroup= parameters have now been removed. | |||
| 2015-01-27 | Generate PFS group settings alongside with our ESP settings | Jeff Leung | |
| Since strongSwan 5.0.0, defining the PFS group settings has moved in the esp= parameter. If PFS is simply enabled, it will use the first IKE proposal's dh-group as the PFS group. | |||
| 2015-01-27 | Have the IKE parameter parser to use our new get_dh_cipher_result submodule | Jeff Leung | |
| The IKE parameter parser now uses the new get_dh_cipher_result submodule instead of the old if/else/elseif logic that was hardcoded to the parser. This should help ease developers adding new Diffie-Hellman groups if there are any in the future. | |||
| 2015-01-27 | Add get_dh_cipher_result submodule | Jeff Leung | |
| By adding this submodule we can reduce the amount of code we need to maintain by having a single submodule that takes in a Diffie-Hellman group number and translates it to what strongSwan expects. | |||
| 2015-01-27 | Removing charonstart from the config setup section | Jeff Leung | |
| In preperation of moving towards the strongSwan 5.x series, we are removing the legacy charonstart=yes parameter in ipsec.conf. Since strongSwan 5.0.0 pluto has been removed from the codebase and charon is now the main daemon that handles IKEv1 and IKEv2 connections. | |||
| 2014-12-19 | Bug #415: use remote-id for peer ID unconditionally if it's set. | Daniil Baturin | |
| 2014-12-19 | Bug #414: quote the leftid value to avoid problems with non-alphanumeric ↵ | Daniil Baturin | |
| characters. | |||
| 2014-12-01 | Fixing syntax error in vpn-config.pl, fixing allowed parameters in the ↵ | Jason Hendry | |
| per-tunnel ikev2-reauth node | |||
| 2014-12-01 | Exposing ikev2 reauth option in CLI, defaulting to 'no' | Jason Hendry | |
| 2014-10-05 | vyatta-cfg-vpn: prevent duplicate local rsa key includes | Alex Harpin | |
| Prevent duplicate include statements, for the local rsa keys, being added to the ipsec.secrets file when more than one VPN connection is configured. Bug #332 http://bugzilla.vyos.net/show_bug.cgi?id=332 | |||
| 2014-10-05 | vyatta-cfg-vpn: formatting changes for style consistency | Alex Harpin | |
| Update scripts/vpn-config.pl to have consistent identation levels and style throughout. | |||
| 2014-10-05 | vyatta-cfg-vpn: rename vti-up-down.sh to vti-up-down | Alex Harpin | |
| Rename vti-up-down.sh to vti-up-down to be consistent with others. | |||
| 2014-08-03 | Bug #224: rename "enabled|disabled" to "enable|disable" for consistency. | Daniil Baturin | |
| 2014-06-17 | Bug 241: Use auto=route for connection-type respond. | Ryan Riske | |
| 2014-05-26 | Merge pull request #4 from TriJetScud/helium | Daniil Baturin | |
| Remove automatic IKE version negoiation. | |||
| 2014-05-25 | Initial MOBIKE Configuration Support | Jeff Leung | |
| For IKEv2, there is support for MOBIKE which basically allows IPSec connections to roam from interface to interface. When MOBIKE is used, the IKE negoiation phase uses UDP port 4500 rather than using proto-51. In strongSwan 4.5.x MOBIKE is automatically enabled for IKEv2 connections. We expose the ability to enable/disable MOBIKE to the user. | |||
| 2014-05-25 | Bug 197: Add back support for groups 22-24 for phase2 pfs | Ryan Riske | |
| 2014-05-25 | Remove automatic IKE version negoiation. | Jeff Leung | |
| According to the strongSwan 4.5.x documentation, the keyexchange configuration value "ike" is a synonym to "ikev2". In strongSwan 5.0.0 however, the configuration value "ike" will try to negoiate IKEv2 connections but will accept IKEv1 connections if the remote peer sends an IKEv1 request. | |||
| 2014-05-24 | Add support for DH groups 14-26 | Ryan Riske | |
| 2014-05-21 | Adding initial support for IKEv2/IKEv1 Site-to-Site VPN's by adding the ↵ | Jeff Leung | |
| optional "vpn ipsec ike-group <IKEGROUP> key-exchange" parameter. | |||
| 2014-01-29 | Move %any peers to the end in ipsec.secrets | Stig Thormodsrud | |
| Signed-off-by: Daniil Baturin <daniil@baturin.org> | |||
| 2013-02-05 | Bug 8666: merged. | Saurabh Mohan | |
| 2012-12-27 | DMVPN support with profiles. | Saurabh Mohan | |
| 2012-09-10 | Bugfix 8289: Vti mark values should be implicit | Saurabh Mohan | |
| Vti tunnel uses fwmark from the kernel skbuff. This value is now internally allocated instead of getting it from the configuration. Also fixed 8286 where configuration was allowing both a tunnel and VTI between the same vpn src/dst. | |||
| 2012-09-04 | Bugfix 8277: For connection type respond do not attempt keying forever | Saurabh Mohan | |
| When a connection-type is respond (configured using: set vpn ipsec site-to-site peer <ip-addr> connection-type [initiate | respond]), the device should not keep trying to key forever. | |||
| 2012-08-09 | Bugfix 8264: Check if the intf name is defined before using it in the script. | Saurabh Mohan | |
| Fix the error message for undefined intf name in error message. Also, add changes to incorporate mark's from range 0-2047. Print warning if a vti interface is defined but not used. Hopefully this will help users understand that they have a partial configuration. | |||
| 2012-06-18 | Bugfix: 8015: supress perl warnings. | Saurabh Mohan | |
| 2012-06-04 | VTI bring tunnel based on ipsec-sa state. | Saurabh Mohan | |
| 2012-05-17 | Merge branch 'pacifica' of http://git.vyatta.com/vyatta-cfg-vpn into pacifica | Saurabh Mohan | |
| 2012-05-17 | Default keyexchange ikev1. | Saurabh Mohan | |
| 2012-05-16 | Vti config support. | Saurabh Mohan | |
| 2012-03-29 | Add commit-time config validation. | Daniil Baturin | |
| 2012-03-29 | Add any special case for local-address instead of 0.0.0.0. | Daniil Baturin | |
| 2012-03-29 | Rename "local/remote subnet" to "local/remote prefix". | Daniil Baturin | |
| 2012-03-29 | Rename local-ip option to local-address. | Daniil Baturin | |
| 2012-02-29 | Fix uninitilized bug | John Southworth | |
| 2012-02-28 | Bugfix 6839: Warn that pre-shared key changes aren't loaded until a rekey ↵ | John Southworth | |
| interval | |||
| 2011-06-15 | Bugfix 6767: Move /tmp/ipsec.log to /var/log/vyatta and rotate it. | Bob Gilligan | |
| 2011-06-08 | Bugfix 7145: same changes were needed for site-to-site as well | John Southworth | |
| 2011-02-23 | Much cleaner way to do the check to see if something has changed in the ↵ | John Southworth | |
| ipsec or rsa-key config tree. | |||
| 2011-02-23 | Don't make vpn-config.pl run if there were no relevant changes, before it ↵ | John Southworth | |
| ran everytime there was a change in pptp or l2tp configs as well. | |||
| 2011-02-22 | Fix some dhcp config problems | John Southworth | |
| 2011-02-22 | Make sure only interfaces with dhcp enabled are allowed as a dhcp-interface | John Southworth | |
| 2011-02-22 | Fix minor x509 configuration error message problem | John Southworth | |
| 2011-02-17 | Reread secrets before an update | John Southworth | |
| 2011-02-17 | Fix initial boot problems for dhcp interfaces | John Southworth | |
| 2011-02-16 | Initial support for configuring dhcp-interfaces for IPSEC, needs testing | John Southworth | |
| 2011-02-08 | Initial x509 for site-to-site ipsec vpn | John Southworth | |
| 2011-02-07 | Bugfix 5802: add auto-update feature, for Dynamic DNS peers | John Southworth | |
| 2011-02-04 | Add the ability to define a default esp group for tunnels under a peer to use | John Southworth | |
 |
index : vyatta-cfg-vpn.git | |
| Vyatta VPN configuration (mirror of https://github.com/vyos/vyatta-cfg-vpn.git) |
| summaryrefslogtreecommitdiff |