summaryrefslogtreecommitdiff
path: root/scripts
AgeCommit message (Collapse)Author
2011-02-08Initial x509 for site-to-site ipsec vpnJohn Southworth
2011-02-07Bugfix 5802: add auto-update feature, for Dynamic DNS peersJohn Southworth
2011-02-04Add the ability to define a default esp group for tunnels under a peer to useJohn Southworth
2011-02-04Move protocol out of local and remote nodes as it has to be the sameJohn Southworth
2011-02-03Initial additions to support local and remote protoport in general instead ↵John Southworth
of just for GRE
2011-01-31Make vpn errors and exiting consistentJohn Southworth
2011-01-31Fix problem with multiple psk being generated per peerJohn Southworth
2011-01-28Bugfix: 5684, added quotes around rsa keys in ipsec.conf so that strongswan ↵John Southworth
doesn't fail on ==
2011-01-26Bugfix: 5677 add protoport option for simpler GRE tunnels, for now this is ↵John Southworth
specifically for GRE more protocols can be added in the future if required.
2011-01-26Make VPN config die after the first error occurs instead of continuing to ↵John Southworth
process the rest of the config
2011-01-26Bug 2506: Moved the connection-type node to the peer level, as discussed ↵John Southworth
with support.
2011-01-25Bugfix 6068. This fixes the given perl problem, however there may be more ↵John Southworth
that appear. We should die when an error is found and stop processing the file
2011-01-25Bugfix 6229: don't allow local and remote subnets to be the sameJohn Southworth
2011-01-25bugfix: 2506 added option to define initiatior or responder modeJohn Southworth
2011-01-20make adjustment so that op mode can deal with new secrets file formatJohn Southworth
(cherry picked from commit ef7acbaef8ccd9305644f22ddb6df1ca985fcf4a)
2011-01-20fix conflict while mergingJohn Southworth
2011-01-17more location based error support.Michael Larson
2011-01-17error location support changes to vpn (local-ip and auth missing only at ↵Michael Larson
this time).
2010-07-22remove unused optionsAn-Cheng Huang
* high-level operations should not access CLI implementation details.
2010-06-03Fix Bug 5652 set ike/ipsec keying tries to foreverMohit Mehta
2010-05-26add passthrough connection if remote-subnet contains local-subnetMohit Mehta
2010-04-19Fix Bug 5542Mohit Mehta
* add commment for op-mode commands' dependency on config-mode check
2010-03-31Fix Bug 5500 Unable to establish a VPN connection from a remote peer with aMohit Mehta
dynamic peer when using FQDN identifier for remote end * allow remote peer with dynamic IP to connect using Main Mode/PSK
2010-03-18Fix Bug 5087 add support to specify PFS group when PFS is enabledMohit Mehta
2010-02-051. use correct notation to represent private,public networksMohit Mehta
i.e. use vhost:%priv,%no instead of %priv,%no. Previously used notation was never supposed to work. Corrected notation is what we use in l2tp/ipsec as well and is also recommended otherwise. 2. cannot use leftsourceip to add route when right-subnet is not specific is based on generalized private,public networks
2010-01-30Fix Bug 1832 VPN copy-tos Disabling copy-tos field doesn't workMohit Mehta
* remove copy-tos field under 'vpn ipsec'. It's not supposed to work with NETKEY
2010-01-28perltidy vpn-config.plMohit Mehta
2010-01-28remove dead code. we use 'ipsec update' to update changes to connections nowMohit Mehta
2010-01-25add back CLI node for disabling uniqreqidMohit Mehta
2010-01-12use leftsourceip to add route to remote subnetMohit Mehta
(cherry picked from commit eb6d27497bab9e82218d8999778f7b4959fd34ea)
2010-01-12Do not start IKEv2 daemon for nowMohit Mehta
(cherry picked from commit 7fab51307ecaf65a7da880f60a97a73bda87e5c7)
2010-01-12* remove extraneous unused codeMohit Mehta
* use @id for identification when it's specified. It can be used even if local-ip is not 0.0.0.0 * extend syntax check for id to allow specifying hostnames * fix ipsec.secrets generation - if specified always use ids for local and remote peer (cherry picked from commit 3e7a4e45af00c11e6009d38fd97c67c2de0fa145)
2010-01-12add comment to identify end of connection descriptionMohit Mehta
(cherry picked from commit cb9ed22ae45d03fa37148273d02cef4a9a179d1d)
2010-01-12no need to maintain state of connections and take state-specific actions forMohit Mehta
each connection when config changes. `ipsec update` in strongswan determines any changes in ipsec.conf and updates the configuration on running daemon (cherry picked from commit 55b703e669e0f792c04d29541d8fe00d2a9d624b)
2010-01-12First pass code changes to vyatta-cfg-vpn for migration to strongswan :Mohit Mehta
Remove CLI support and back-end code for unsupported parameters * No aggressive mode support in strongswan * remove syslog facility.level CLI. strongswan uses authpriv facility by default, no syslog parameter support * remove Robert's disable-uniqreqids option for now. need to get strongswan to do the same thing first Remove Openswan specific parameters added to workaroung bugs * remove plutowait, this was added to workaround Openswan Bug 412 * remove nhelpers, this was added to workaround Openswan Bug 198 Other Changes * add '!' at the end of ike and esp proposal list to signify end of list * replace `ipsec start` commands with built-in commands for `ipsec starter` control utility * replace `ipsec auto` with `ipsec whack` commands. Still need to figure out if `ipsec auto --add|--up $connection` could be replaces by simply using `ipsec update` in stronswan * change pluto.ctl path
2009-11-25pptp config check not needed when vpn ipsec is configuredMohit Mehta
2009-11-02more formatting clean-upMohit Mehta
2009-11-02indent and reformat script using perltidy in hope of making it easier to readMohit Mehta
2009-10-27add support for same reqids to openswan cfgRobert Bays
2009-10-06Fix Bug 3011 Remote VPN configuration issues site-to-site warningMohit Mehta
* issue warning when none of site-to-site peers, remote access l2tp/pptp set
2009-09-04Fix 4902: setting ipsec site-to-site tunnel with authentication id <> and ↵Stig Thormodsrud
local-ip 0.0.0.0 got "no connection named <>"
2009-08-20manage state of add|delete|restart on connections for vpn given disable node.slioch
2009-08-20added support in configuration script to support tunnel disable node.slioch
2009-07-10Fix 4623: Removing IPSEC VPN config without removing cluster ipsec config ↵Stig Thormodsrud
drops all interfaces. Add a check to prevent deleting ipsec if it's referenced by cluster. (cherry picked from commit b17d768af5845cb5b74e9ba8c6d8f8e2701bb0f6)
2009-05-26Fix 3836: Allow VPN authentication ID to accept values of IP address, domain ↵Stig Thormodsrud
name and "" enclosed phrases
2009-04-08Bugfix 3284: Allow commit to succeed if local-ip is not configured.Bob Gilligan
Previously, the ipsec setup script would fail the commit if the IPv4 address given in the local-ip parameter was not configured on one of the ipsec-interfaces at the time that the commit took place. This causes problems for PPP interfaces that may be configured, but down for operational reasons. This change makes the setup script more liberal. It will allow the commit to complete, but issue a warning the address, they can restart ipsec. PPP has logic to restart ipsec when a link comes up.
2009-04-06Bugfix 2387: Don't list interfaces in ipsec config file.Bob Gilligan
The "interfaces=..." entry in the /etc/ipsec.conf file needs to list the actual interfaces we are using only if the underlying kernel IPsec support is provided by KLIPS. In our case, we are using NETKEY, so we don't need to list our interfaces there. Not listing them makes ipsec startup a bit more robust.
2009-03-16Fix 4219: IPsec VPN does not launch on boot, error "The local-ip address ↵Stig Thormodsrud
X.X.X.X of peer "X.X.X.X" has not been configured in any of the local.
2009-02-12Fix ambiguous use of $logStephen Hemminger
There were two definitions of $log
2009-02-11Fix use of unitialized valueStephen Hemminger
Bug 4021 Don't die if local ip not configured.
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-14 22:43:43 +0000