| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
Remove automatic IKE version negoiation.
|
|
For IKEv2, there is support for MOBIKE which basically allows IPSec connections to roam from interface to interface. When MOBIKE is used, the IKE negoiation phase uses UDP port 4500 rather than using proto-51.
In strongSwan 4.5.x MOBIKE is automatically enabled for IKEv2 connections. We expose the ability to enable/disable MOBIKE to the user.
|
|
Bug 220: Add support for SHA2 hashes
|
|
According to the strongSwan 4.5.x documentation, the keyexchange configuration value "ike" is a synonym to "ikev2".
In strongSwan 5.0.0 however, the configuration value "ike" will try to negoiate IKEv2 connections but will accept IKEv1 connections if the remote peer sends an IKEv1 request.
|
|
|
|
|
|
optional "vpn ipsec ike-group <IKEGROUP> key-exchange" parameter.
|
|
|
|
|
|
Remove CLI support and back-end code for unsupported parameters
* No aggressive mode support in strongswan
* remove syslog facility.level CLI. strongswan uses
authpriv facility by default, no syslog parameter support
* remove Robert's disable-uniqreqids option for now. need to get
strongswan to do the same thing first
Remove Openswan specific parameters added to workaroung bugs
* remove plutowait, this was added to workaround Openswan Bug 412
* remove nhelpers, this was added to workaround Openswan Bug 198
Other Changes
* add '!' at the end of ike and esp proposal list to signify end of list
* replace `ipsec start` commands with built-in commands for
`ipsec starter` control utility
* replace `ipsec auto` with `ipsec whack` commands. Still need to figure
out if `ipsec auto --add|--up $connection` could be replaces by simply
using `ipsec update` in stronswan
* change pluto.ctl path
|
|
|
|
- help strings standardized in vyatta-cfg-vpn
|
|
|
|
|
|
|
