summaryrefslogtreecommitdiff
path: root/scripts
AgeCommit message (Collapse)Author
2014-05-29Add support for IPsec phase 1 ID of IPv4 address formatMasakazu Asama
2014-04-27Bug #183: Add up-client action to the interface up/down script.Daniil Baturin
Patch by Masakazu Asama.
2014-01-29Fix vpn ppp up scriptStig Thormodsrud
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2014-01-29Move %any peers to the end in ipsec.secretsStig Thormodsrud
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2013-02-19perltidy run for vyatta-cfg-vpnSaurabh Mohan
2013-02-12mGRE support for change of local-ip addr change.Saurabh Mohan
VYATTA-118: workaround added to update ipsec settings when tunnel local-ip is modified.
2013-02-05Bug 8666: merged.Saurabh Mohan
2013-01-22Dmvpn merge with mirantis jan22-2013Saurabh Mohan
2012-12-27DMVPN support with profiles.Saurabh Mohan
2012-09-18Bugfix 8358: Handle vti tunnel src, dst changing while the bind tunnel name ↵Saurabh Mohan
stays the same. Fix the case when case the <peer,local-address> pairing changes but the tunnel is still bound to the same vti tunnel interface name(vtiXX). In that case when doing the cleanup do not delete the vti tunnel of the same name. Also fixed 8264: When the vti bind interface name is deleted.
2012-09-10Bugfix 8289: Vti mark values should be implicitSaurabh Mohan
Vti tunnel uses fwmark from the kernel skbuff. This value is now internally allocated instead of getting it from the configuration. Also fixed 8286 where configuration was allowing both a tunnel and VTI between the same vpn src/dst.
2012-09-04Bugfix 8277: For connection type respond do not attempt keying foreverSaurabh Mohan
When a connection-type is respond (configured using: set vpn ipsec site-to-site peer <ip-addr> connection-type [initiate | respond]), the device should not keep trying to key forever.
2012-08-09Bugfix 8264: Check if the intf name is defined before using it in the script.Saurabh Mohan
Fix the error message for undefined intf name in error message. Also, add changes to incorporate mark's from range 0-2047. Print warning if a vti interface is defined but not used. Hopefully this will help users understand that they have a partial configuration.
2012-07-25Bugfix 8222: deletion and adding bind parameter under vti deletes vti ↵Saurabh Mohan
interface in show interfaces output though vti configuration exists The bind, mark parameters can be changed individually but the vti script runs at the vpn node level. By that time the old value is not known. With this change now I find out the exisiting vti tunnels from the kernel and discover the old vti-name, and mark setting from there. After that it is possible to figure out if a. No change was done to a VTI: In that case do not do any config. b. If a tunnel was changed: Delete and create the tunnel again. c. If a tunnel was deleted: Remove the tunnel config from the kernel. d. If the tunnel was added: Configure it. Also, configure the vti interface prior to the strongswan configuration. This way if the ipsec tunnel comes up then we can bring the interface up/down (see Bug 8219). Remove the disable configuration param (see Bug 8221).
2012-07-16Workaround to setup vti ko and cleaner error message.Saurabh Mohan
2012-06-18Bugfix: 8015: supress perl warnings.Saurabh Mohan
2012-06-11VTI: Add support call for checking for vti interface name.Saurabh Mohan
2012-06-04VTI bring tunnel based on ipsec-sa state.Saurabh Mohan
2012-05-18VTI: cfg mark/bind change handlers.Saurabh Mohan
2012-05-17Merge branch 'pacifica' of http://git.vyatta.com/vyatta-cfg-vpn into pacificaSaurabh Mohan
2012-05-17Default keyexchange ikev1.Saurabh Mohan
2012-05-16Vti config support.Saurabh Mohan
2012-03-29Add commit-time config validation.Daniil Baturin
2012-03-29Add any special case for local-address instead of 0.0.0.0.Daniil Baturin
2012-03-29Rename "local/remote subnet" to "local/remote prefix".Daniil Baturin
2012-03-29Rename local-ip option to local-address.Daniil Baturin
2012-03-29Add a script for validating single IPv4 or IPv6 address with no prefixDaniil Baturin
length.
2012-02-29Fix uninitilized bugJohn Southworth
2012-02-28Bugfix 6839: Warn that pre-shared key changes aren't loaded until a rekey ↵John Southworth
interval
2011-06-15Bugfix 6767: Move /tmp/ipsec.log to /var/log/vyatta and rotate it.Bob Gilligan
2011-06-08Bugfix 7145: same changes were needed for site-to-site as wellJohn Southworth
2011-04-01Bugfix 6972: Suppress messages from the ipsec dhcp scriptJohn Southworth
2011-02-23Much cleaner way to do the check to see if something has changed in the ↵John Southworth
ipsec or rsa-key config tree.
2011-02-23Don't make vpn-config.pl run if there were no relevant changes, before it ↵John Southworth
ran everytime there was a change in pptp or l2tp configs as well.
2011-02-22Fix some dhcp config problemsJohn Southworth
2011-02-22Make sure only interfaces with dhcp enabled are allowed as a dhcp-interfaceJohn Southworth
2011-02-22Fix minor x509 configuration error message problemJohn Southworth
2011-02-17Fix the no old ip given from dhclient problemJohn Southworth
2011-02-17Log the change when this script is runJohn Southworth
2011-02-17Reread secrets before an updateJohn Southworth
2011-02-17Fix initial boot problems for dhcp interfacesJohn Southworth
2011-02-17Added Placeholder for ipsec dhclient hookJohn Southworth
2011-02-16Initial support for configuring dhcp-interfaces for IPSEC, needs testingJohn Southworth
2011-02-08Initial x509 for site-to-site ipsec vpnJohn Southworth
2011-02-07Bugfix 5802: add auto-update feature, for Dynamic DNS peersJohn Southworth
2011-02-04Add the ability to define a default esp group for tunnels under a peer to useJohn Southworth
2011-02-04Move protocol out of local and remote nodes as it has to be the sameJohn Southworth
2011-02-03Initial additions to support local and remote protoport in general instead ↵John Southworth
of just for GRE
2011-01-31Make vpn errors and exiting consistentJohn Southworth
2011-01-31Fix problem with multiple psk being generated per peerJohn Southworth
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-22 13:58:07 +0000