summaryrefslogtreecommitdiff
path: root/scripts
AgeCommit message (Collapse)Author
2012-08-09Bugfix 8264: Check if the intf name is defined before using it in the script.Saurabh Mohan
Fix the error message for undefined intf name in error message. Also, add changes to incorporate mark's from range 0-2047. Print warning if a vti interface is defined but not used. Hopefully this will help users understand that they have a partial configuration.
2012-07-25Bugfix 8222: deletion and adding bind parameter under vti deletes vti ↵Saurabh Mohan
interface in show interfaces output though vti configuration exists The bind, mark parameters can be changed individually but the vti script runs at the vpn node level. By that time the old value is not known. With this change now I find out the exisiting vti tunnels from the kernel and discover the old vti-name, and mark setting from there. After that it is possible to figure out if a. No change was done to a VTI: In that case do not do any config. b. If a tunnel was changed: Delete and create the tunnel again. c. If a tunnel was deleted: Remove the tunnel config from the kernel. d. If the tunnel was added: Configure it. Also, configure the vti interface prior to the strongswan configuration. This way if the ipsec tunnel comes up then we can bring the interface up/down (see Bug 8219). Remove the disable configuration param (see Bug 8221).
2012-07-16Workaround to setup vti ko and cleaner error message.Saurabh Mohan
2012-06-18Bugfix: 8015: supress perl warnings.Saurabh Mohan
2012-06-11VTI: Add support call for checking for vti interface name.Saurabh Mohan
2012-06-04VTI bring tunnel based on ipsec-sa state.Saurabh Mohan
2012-05-18VTI: cfg mark/bind change handlers.Saurabh Mohan
2012-05-17Merge branch 'pacifica' of http://git.vyatta.com/vyatta-cfg-vpn into pacificaSaurabh Mohan
2012-05-17Default keyexchange ikev1.Saurabh Mohan
2012-05-16Vti config support.Saurabh Mohan
2012-03-29Add commit-time config validation.Daniil Baturin
2012-03-29Add any special case for local-address instead of 0.0.0.0.Daniil Baturin
2012-03-29Rename "local/remote subnet" to "local/remote prefix".Daniil Baturin
2012-03-29Rename local-ip option to local-address.Daniil Baturin
2012-03-29Add a script for validating single IPv4 or IPv6 address with no prefixDaniil Baturin
length.
2012-02-29Fix uninitilized bugJohn Southworth
2012-02-28Bugfix 6839: Warn that pre-shared key changes aren't loaded until a rekey ↵John Southworth
interval
2011-06-15Bugfix 6767: Move /tmp/ipsec.log to /var/log/vyatta and rotate it.Bob Gilligan
2011-06-08Bugfix 7145: same changes were needed for site-to-site as wellJohn Southworth
2011-04-01Bugfix 6972: Suppress messages from the ipsec dhcp scriptJohn Southworth
2011-02-23Much cleaner way to do the check to see if something has changed in the ↵John Southworth
ipsec or rsa-key config tree.
2011-02-23Don't make vpn-config.pl run if there were no relevant changes, before it ↵John Southworth
ran everytime there was a change in pptp or l2tp configs as well.
2011-02-22Fix some dhcp config problemsJohn Southworth
2011-02-22Make sure only interfaces with dhcp enabled are allowed as a dhcp-interfaceJohn Southworth
2011-02-22Fix minor x509 configuration error message problemJohn Southworth
2011-02-17Fix the no old ip given from dhclient problemJohn Southworth
2011-02-17Log the change when this script is runJohn Southworth
2011-02-17Reread secrets before an updateJohn Southworth
2011-02-17Fix initial boot problems for dhcp interfacesJohn Southworth
2011-02-17Added Placeholder for ipsec dhclient hookJohn Southworth
2011-02-16Initial support for configuring dhcp-interfaces for IPSEC, needs testingJohn Southworth
2011-02-08Initial x509 for site-to-site ipsec vpnJohn Southworth
2011-02-07Bugfix 5802: add auto-update feature, for Dynamic DNS peersJohn Southworth
2011-02-04Add the ability to define a default esp group for tunnels under a peer to useJohn Southworth
2011-02-04Move protocol out of local and remote nodes as it has to be the sameJohn Southworth
2011-02-03Initial additions to support local and remote protoport in general instead ↵John Southworth
of just for GRE
2011-01-31Make vpn errors and exiting consistentJohn Southworth
2011-01-31Fix problem with multiple psk being generated per peerJohn Southworth
2011-01-28Bugfix: 5684, added quotes around rsa keys in ipsec.conf so that strongswan ↵John Southworth
doesn't fail on ==
2011-01-26Bugfix: 5677 add protoport option for simpler GRE tunnels, for now this is ↵John Southworth
specifically for GRE more protocols can be added in the future if required.
2011-01-26Make VPN config die after the first error occurs instead of continuing to ↵John Southworth
process the rest of the config
2011-01-26Bug 2506: Moved the connection-type node to the peer level, as discussed ↵John Southworth
with support.
2011-01-25Bugfix 6068. This fixes the given perl problem, however there may be more ↵John Southworth
that appear. We should die when an error is found and stop processing the file
2011-01-25Bugfix 6229: don't allow local and remote subnets to be the sameJohn Southworth
2011-01-25bugfix: 2506 added option to define initiatior or responder modeJohn Southworth
2011-01-20make adjustment so that op mode can deal with new secrets file formatJohn Southworth
(cherry picked from commit ef7acbaef8ccd9305644f22ddb6df1ca985fcf4a)
2011-01-20fix conflict while mergingJohn Southworth
2011-01-17more location based error support.Michael Larson
2011-01-17error location support changes to vpn (local-ip and auth missing only at ↵Michael Larson
this time).
2010-07-22remove unused optionsAn-Cheng Huang
* high-level operations should not access CLI implementation details.
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-02 08:51:18 +0000