vyatta-cfg-vpn.git - Vyatta VPN configuration (mirror of https://github.com/vyos/vyatta-cfg-vpn.git)

Age	Commit message (Collapse)	Author
2014-12-04	vyatta-cfg-vpn: update vti creation in line with changes to strongswan	Alex Harpin
	Update the VTI creation process to go along with the changes added to the vyatta-strongswan package, due to changes in the kernel vti module. This also removes the need for additional netfilter rules to ensure that packets are directed to the corresponding VTI. Bug #358 http://bugzilla.vyos.net/show_bug.cgi?id=358
2014-10-19	Remove the VTI script after use.	Daniil Baturin

2012-09-18	Bugfix 8358: Handle vti tunnel src, dst changing while the bind tunnel name ↵	Saurabh Mohan
	stays the same. Fix the case when case the <peer,local-address> pairing changes but the tunnel is still bound to the same vti tunnel interface name(vtiXX). In that case when doing the cleanup do not delete the vti tunnel of the same name. Also fixed 8264: When the vti bind interface name is deleted.
2012-09-10	Bugfix 8289: Vti mark values should be implicit	Saurabh Mohan
	Vti tunnel uses fwmark from the kernel skbuff. This value is now internally allocated instead of getting it from the configuration. Also fixed 8286 where configuration was allowing both a tunnel and VTI between the same vpn src/dst.
2012-08-09	Bugfix 8264: Check if the intf name is defined before using it in the script.	Saurabh Mohan
	Fix the error message for undefined intf name in error message. Also, add changes to incorporate mark's from range 0-2047. Print warning if a vti interface is defined but not used. Hopefully this will help users understand that they have a partial configuration.
2012-07-25	Bugfix 8222: deletion and adding bind parameter under vti deletes vti ↵	Saurabh Mohan
	interface in show interfaces output though vti configuration exists The bind, mark parameters can be changed individually but the vti script runs at the vpn node level. By that time the old value is not known. With this change now I find out the exisiting vti tunnels from the kernel and discover the old vti-name, and mark setting from there. After that it is possible to figure out if a. No change was done to a VTI: In that case do not do any config. b. If a tunnel was changed: Delete and create the tunnel again. c. If a tunnel was deleted: Remove the tunnel config from the kernel. d. If the tunnel was added: Configure it. Also, configure the vti interface prior to the strongswan configuration. This way if the ipsec tunnel comes up then we can bring the interface up/down (see Bug 8219). Remove the disable configuration param (see Bug 8221).
2012-07-16	Workaround to setup vti ko and cleaner error message.	Saurabh Mohan

2012-06-11	VTI: Add support call for checking for vti interface name.	Saurabh Mohan

2012-06-04	VTI bring tunnel based on ipsec-sa state.	Saurabh Mohan

2012-05-18	VTI: cfg mark/bind change handlers.	Saurabh Mohan

2012-05-16	Vti config support.	Saurabh Mohan