summaryrefslogtreecommitdiff
path: root/scripts
AgeCommit message (Collapse)Author
2010-01-12* remove extraneous unused codeMohit Mehta
* use @id for identification when it's specified. It can be used even if local-ip is not 0.0.0.0 * extend syntax check for id to allow specifying hostnames * fix ipsec.secrets generation - if specified always use ids for local and remote peer (cherry picked from commit 3e7a4e45af00c11e6009d38fd97c67c2de0fa145)
2010-01-12add comment to identify end of connection descriptionMohit Mehta
(cherry picked from commit cb9ed22ae45d03fa37148273d02cef4a9a179d1d)
2010-01-12no need to maintain state of connections and take state-specific actions forMohit Mehta
each connection when config changes. `ipsec update` in strongswan determines any changes in ipsec.conf and updates the configuration on running daemon (cherry picked from commit 55b703e669e0f792c04d29541d8fe00d2a9d624b)
2010-01-12First pass code changes to vyatta-cfg-vpn for migration to strongswan :Mohit Mehta
Remove CLI support and back-end code for unsupported parameters * No aggressive mode support in strongswan * remove syslog facility.level CLI. strongswan uses authpriv facility by default, no syslog parameter support * remove Robert's disable-uniqreqids option for now. need to get strongswan to do the same thing first Remove Openswan specific parameters added to workaroung bugs * remove plutowait, this was added to workaround Openswan Bug 412 * remove nhelpers, this was added to workaround Openswan Bug 198 Other Changes * add '!' at the end of ike and esp proposal list to signify end of list * replace `ipsec start` commands with built-in commands for `ipsec starter` control utility * replace `ipsec auto` with `ipsec whack` commands. Still need to figure out if `ipsec auto --add|--up $connection` could be replaces by simply using `ipsec update` in stronswan * change pluto.ctl path
2009-11-25pptp config check not needed when vpn ipsec is configuredMohit Mehta
2009-11-02more formatting clean-upMohit Mehta
2009-11-02indent and reformat script using perltidy in hope of making it easier to readMohit Mehta
2009-10-27add support for same reqids to openswan cfgRobert Bays
2009-10-06Fix Bug 3011 Remote VPN configuration issues site-to-site warningMohit Mehta
* issue warning when none of site-to-site peers, remote access l2tp/pptp set
2009-09-04Fix 4902: setting ipsec site-to-site tunnel with authentication id <> and ↵Stig Thormodsrud
local-ip 0.0.0.0 got "no connection named <>"
2009-08-20manage state of add|delete|restart on connections for vpn given disable node.slioch
2009-08-20added support in configuration script to support tunnel disable node.slioch
2009-07-10Fix 4623: Removing IPSEC VPN config without removing cluster ipsec config ↵Stig Thormodsrud
drops all interfaces. Add a check to prevent deleting ipsec if it's referenced by cluster. (cherry picked from commit b17d768af5845cb5b74e9ba8c6d8f8e2701bb0f6)
2009-05-26Fix 3836: Allow VPN authentication ID to accept values of IP address, domain ↵Stig Thormodsrud
name and "" enclosed phrases
2009-04-08Bugfix 3284: Allow commit to succeed if local-ip is not configured.Bob Gilligan
Previously, the ipsec setup script would fail the commit if the IPv4 address given in the local-ip parameter was not configured on one of the ipsec-interfaces at the time that the commit took place. This causes problems for PPP interfaces that may be configured, but down for operational reasons. This change makes the setup script more liberal. It will allow the commit to complete, but issue a warning the address, they can restart ipsec. PPP has logic to restart ipsec when a link comes up.
2009-04-06Bugfix 2387: Don't list interfaces in ipsec config file.Bob Gilligan
The "interfaces=..." entry in the /etc/ipsec.conf file needs to list the actual interfaces we are using only if the underlying kernel IPsec support is provided by KLIPS. In our case, we are using NETKEY, so we don't need to list our interfaces there. Not listing them makes ipsec startup a bit more robust.
2009-03-16Fix 4219: IPsec VPN does not launch on boot, error "The local-ip address ↵Stig Thormodsrud
X.X.X.X of peer "X.X.X.X" has not been configured in any of the local.
2009-02-12Fix ambiguous use of $logStephen Hemminger
There were two definitions of $log
2009-02-11Fix use of unitialized valueStephen Hemminger
Bug 4021 Don't die if local ip not configured.
2009-02-11Remove perlcritic warningsStephen Hemminger
Use 3 argument open
2008-11-24Convert to Vyatta:: hierarchyStephen Hemminger
2008-11-21Rename VyattaVPNUtil to Vyatta::VPNUtilStephen Hemminger
2008-07-22Fix 3300: VPN over PPPOE completely fails on rebootStig Thormodsrud
2008-07-11fix for bug 3044: hide perl error messagesAn-Cheng Huang
2008-07-09fix for bugs 3044, 3047, and 3048: support ipsec road warriors.An-Cheng Huang
2008-04-15Fix 3046: vpn: transport mode not working with current vyatta configStig Thormodsrud
2008-03-10Convert from VPL 1.0 to GPLv2Stephen Hemminger
Update license text from VPL 1.0 to GPLv2
2008-02-21Check for the case when authentication mode is not specified to prevent Perl ↵Marat Nepomnyashy
uninitialized value error. Bug 2772 fix.
2008-02-17Fix 2838 Clearing VPN process starts VPN, even if not configuredStig Thormodsrud
2008-01-24Treat ipsec return code 26624 as normal when bringing up a connection, but ↵Marat Nepomnyashy
treat all other error codes as errors. Bug 2671 fix. Also added settings 'nhelpers=5' to mitigate Openswan Bug 412 and 'plutowait=yes' to mitigate Openswan Bug 198.
2008-01-18Properly check that 'esp-group' and 'ike-group' are specified to avoid Perl ↵debian/0.1Marat Nepomnyashy
warnings.
2008-01-10Fix "set vpn rsa-key local-file file".Stig Thormodsrud
2008-01-07allow pptp only vpn config (interoperate with remote access VPN).An-Cheng Huang
2007-12-31interoperate with remote access vpn (if available).An-Cheng Huang
2007-12-20- Fix call to isIPinInterfaces().Stig Thormodsrud
- Add .gitignore - Remove Changelog
2007-12-19Port vpn cfg from fairfield to glendale.Stig Thormodsrud
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-01 23:08:41 +0000