vyatta-cfg-vpn.git - Vyatta VPN configuration (mirror of https://github.com/vyos/vyatta-cfg-vpn.git)

Age	Commit message (Collapse)	Author
2012-09-10	Bugfix 8289: Vti mark values should be implicit	Saurabh Mohan
	Vti tunnel uses fwmark from the kernel skbuff. This value is now internally allocated instead of getting it from the configuration. Also fixed 8286 where configuration was allowing both a tunnel and VTI between the same vpn src/dst.
2012-09-04	Bugfix 8277: For connection type respond do not attempt keying forever	Saurabh Mohan
	When a connection-type is respond (configured using: set vpn ipsec site-to-site peer <ip-addr> connection-type [initiate \| respond]), the device should not keep trying to key forever.
2012-08-09	Bugfix 8264: Check if the intf name is defined before using it in the script.	Saurabh Mohan
	Fix the error message for undefined intf name in error message. Also, add changes to incorporate mark's from range 0-2047. Print warning if a vti interface is defined but not used. Hopefully this will help users understand that they have a partial configuration.
2012-06-18	Bugfix: 8015: supress perl warnings.	Saurabh Mohan

2012-06-04	VTI bring tunnel based on ipsec-sa state.	Saurabh Mohan

2012-05-17	Merge branch 'pacifica' of http://git.vyatta.com/vyatta-cfg-vpn into pacifica	Saurabh Mohan

2012-05-17	Default keyexchange ikev1.	Saurabh Mohan

2012-05-16	Vti config support.	Saurabh Mohan

2012-03-29	Add commit-time config validation.	Daniil Baturin

2012-03-29	Add any special case for local-address instead of 0.0.0.0.	Daniil Baturin

2012-03-29	Rename "local/remote subnet" to "local/remote prefix".	Daniil Baturin

2012-03-29	Rename local-ip option to local-address.	Daniil Baturin

2012-02-29	Fix uninitilized bug	John Southworth

2012-02-28	Bugfix 6839: Warn that pre-shared key changes aren't loaded until a rekey ↵	John Southworth
	interval
2011-06-15	Bugfix 6767: Move /tmp/ipsec.log to /var/log/vyatta and rotate it.	Bob Gilligan

2011-06-08	Bugfix 7145: same changes were needed for site-to-site as well	John Southworth

2011-02-23	Much cleaner way to do the check to see if something has changed in the ↵	John Southworth
	ipsec or rsa-key config tree.
2011-02-23	Don't make vpn-config.pl run if there were no relevant changes, before it ↵	John Southworth
	ran everytime there was a change in pptp or l2tp configs as well.
2011-02-22	Fix some dhcp config problems	John Southworth

2011-02-22	Make sure only interfaces with dhcp enabled are allowed as a dhcp-interface	John Southworth

2011-02-22	Fix minor x509 configuration error message problem	John Southworth

2011-02-17	Reread secrets before an update	John Southworth

2011-02-17	Fix initial boot problems for dhcp interfaces	John Southworth

2011-02-16	Initial support for configuring dhcp-interfaces for IPSEC, needs testing	John Southworth

2011-02-08	Initial x509 for site-to-site ipsec vpn	John Southworth

2011-02-07	Bugfix 5802: add auto-update feature, for Dynamic DNS peers	John Southworth

2011-02-04	Add the ability to define a default esp group for tunnels under a peer to use	John Southworth

2011-02-04	Move protocol out of local and remote nodes as it has to be the same	John Southworth

2011-02-03	Initial additions to support local and remote protoport in general instead ↵	John Southworth
	of just for GRE
2011-01-31	Make vpn errors and exiting consistent	John Southworth

2011-01-31	Fix problem with multiple psk being generated per peer	John Southworth

2011-01-28	Bugfix: 5684, added quotes around rsa keys in ipsec.conf so that strongswan ↵	John Southworth
	doesn't fail on ==
2011-01-26	Bugfix: 5677 add protoport option for simpler GRE tunnels, for now this is ↵	John Southworth
	specifically for GRE more protocols can be added in the future if required.
2011-01-26	Make VPN config die after the first error occurs instead of continuing to ↵	John Southworth
	process the rest of the config
2011-01-26	Bug 2506: Moved the connection-type node to the peer level, as discussed ↵	John Southworth
	with support.
2011-01-25	Bugfix 6068. This fixes the given perl problem, however there may be more ↵	John Southworth
	that appear. We should die when an error is found and stop processing the file
2011-01-25	Bugfix 6229: don't allow local and remote subnets to be the same	John Southworth

2011-01-25	bugfix: 2506 added option to define initiatior or responder mode	John Southworth

2011-01-20	make adjustment so that op mode can deal with new secrets file format	John Southworth
	(cherry picked from commit ef7acbaef8ccd9305644f22ddb6df1ca985fcf4a)
2011-01-20	fix conflict while merging	John Southworth

2011-01-17	more location based error support.	Michael Larson

2011-01-17	error location support changes to vpn (local-ip and auth missing only at ↵	Michael Larson
	this time).
2010-07-22	remove unused options	An-Cheng Huang
	* high-level operations should not access CLI implementation details.
2010-06-03	Fix Bug 5652 set ike/ipsec keying tries to forever	Mohit Mehta

2010-05-26	add passthrough connection if remote-subnet contains local-subnet	Mohit Mehta

2010-04-19	Fix Bug 5542	Mohit Mehta
	* add commment for op-mode commands' dependency on config-mode check
2010-03-31	Fix Bug 5500 Unable to establish a VPN connection from a remote peer with a	Mohit Mehta
	dynamic peer when using FQDN identifier for remote end * allow remote peer with dynamic IP to connect using Main Mode/PSK
2010-03-18	Fix Bug 5087 add support to specify PFS group when PFS is enabled	Mohit Mehta

2010-02-05	1. use correct notation to represent private,public networks	Mohit Mehta
	i.e. use vhost:%priv,%no instead of %priv,%no. Previously used notation was never supposed to work. Corrected notation is what we use in l2tp/ipsec as well and is also recommended otherwise. 2. cannot use leftsourceip to add route when right-subnet is not specific is based on generalized private,public networks
2010-01-30	Fix Bug 1832 VPN copy-tos Disabling copy-tos field doesn't work	Mohit Mehta
	* remove copy-tos field under 'vpn ipsec'. It's not supposed to work with NETKEY