summaryrefslogtreecommitdiff
path: root/scripts
AgeCommit message (Collapse)Author
2012-03-29Rename "local/remote subnet" to "local/remote prefix".Daniil Baturin
2012-03-29Rename local-ip option to local-address.Daniil Baturin
2012-03-29Add a script for validating single IPv4 or IPv6 address with no prefixDaniil Baturin
length.
2012-02-29Fix uninitilized bugJohn Southworth
2012-02-28Bugfix 6839: Warn that pre-shared key changes aren't loaded until a rekey ↵John Southworth
interval
2011-06-15Bugfix 6767: Move /tmp/ipsec.log to /var/log/vyatta and rotate it.Bob Gilligan
2011-06-08Bugfix 7145: same changes were needed for site-to-site as wellJohn Southworth
2011-04-01Bugfix 6972: Suppress messages from the ipsec dhcp scriptJohn Southworth
2011-02-23Much cleaner way to do the check to see if something has changed in the ↵John Southworth
ipsec or rsa-key config tree.
2011-02-23Don't make vpn-config.pl run if there were no relevant changes, before it ↵John Southworth
ran everytime there was a change in pptp or l2tp configs as well.
2011-02-22Fix some dhcp config problemsJohn Southworth
2011-02-22Make sure only interfaces with dhcp enabled are allowed as a dhcp-interfaceJohn Southworth
2011-02-22Fix minor x509 configuration error message problemJohn Southworth
2011-02-17Fix the no old ip given from dhclient problemJohn Southworth
2011-02-17Log the change when this script is runJohn Southworth
2011-02-17Reread secrets before an updateJohn Southworth
2011-02-17Fix initial boot problems for dhcp interfacesJohn Southworth
2011-02-17Added Placeholder for ipsec dhclient hookJohn Southworth
2011-02-16Initial support for configuring dhcp-interfaces for IPSEC, needs testingJohn Southworth
2011-02-08Initial x509 for site-to-site ipsec vpnJohn Southworth
2011-02-07Bugfix 5802: add auto-update feature, for Dynamic DNS peersJohn Southworth
2011-02-04Add the ability to define a default esp group for tunnels under a peer to useJohn Southworth
2011-02-04Move protocol out of local and remote nodes as it has to be the sameJohn Southworth
2011-02-03Initial additions to support local and remote protoport in general instead ↵John Southworth
of just for GRE
2011-01-31Make vpn errors and exiting consistentJohn Southworth
2011-01-31Fix problem with multiple psk being generated per peerJohn Southworth
2011-01-28Bugfix: 5684, added quotes around rsa keys in ipsec.conf so that strongswan ↵John Southworth
doesn't fail on ==
2011-01-26Bugfix: 5677 add protoport option for simpler GRE tunnels, for now this is ↵John Southworth
specifically for GRE more protocols can be added in the future if required.
2011-01-26Make VPN config die after the first error occurs instead of continuing to ↵John Southworth
process the rest of the config
2011-01-26Bug 2506: Moved the connection-type node to the peer level, as discussed ↵John Southworth
with support.
2011-01-25Bugfix 6068. This fixes the given perl problem, however there may be more ↵John Southworth
that appear. We should die when an error is found and stop processing the file
2011-01-25Bugfix 6229: don't allow local and remote subnets to be the sameJohn Southworth
2011-01-25bugfix: 2506 added option to define initiatior or responder modeJohn Southworth
2011-01-20make adjustment so that op mode can deal with new secrets file formatJohn Southworth
(cherry picked from commit ef7acbaef8ccd9305644f22ddb6df1ca985fcf4a)
2011-01-20fix conflict while mergingJohn Southworth
2011-01-17more location based error support.Michael Larson
2011-01-17error location support changes to vpn (local-ip and auth missing only at ↵Michael Larson
this time).
2010-07-22remove unused optionsAn-Cheng Huang
* high-level operations should not access CLI implementation details.
2010-06-03Fix Bug 5652 set ike/ipsec keying tries to foreverMohit Mehta
2010-05-26add passthrough connection if remote-subnet contains local-subnetMohit Mehta
2010-04-19Fix Bug 5542Mohit Mehta
* add commment for op-mode commands' dependency on config-mode check
2010-03-31Fix Bug 5500 Unable to establish a VPN connection from a remote peer with aMohit Mehta
dynamic peer when using FQDN identifier for remote end * allow remote peer with dynamic IP to connect using Main Mode/PSK
2010-03-18Fix Bug 5087 add support to specify PFS group when PFS is enabledMohit Mehta
2010-02-051. use correct notation to represent private,public networksMohit Mehta
i.e. use vhost:%priv,%no instead of %priv,%no. Previously used notation was never supposed to work. Corrected notation is what we use in l2tp/ipsec as well and is also recommended otherwise. 2. cannot use leftsourceip to add route when right-subnet is not specific is based on generalized private,public networks
2010-01-30Fix Bug 1832 VPN copy-tos Disabling copy-tos field doesn't workMohit Mehta
* remove copy-tos field under 'vpn ipsec'. It's not supposed to work with NETKEY
2010-01-28perltidy vpn-config.plMohit Mehta
2010-01-28remove dead code. we use 'ipsec update' to update changes to connections nowMohit Mehta
2010-01-25add back CLI node for disabling uniqreqidMohit Mehta
2010-01-12use leftsourceip to add route to remote subnetMohit Mehta
(cherry picked from commit eb6d27497bab9e82218d8999778f7b4959fd34ea)
2010-01-12Do not start IKEv2 daemon for nowMohit Mehta
(cherry picked from commit 7fab51307ecaf65a7da880f60a97a73bda87e5c7)
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-01 21:09:36 +0000