summaryrefslogtreecommitdiff
path: root/templates/vpn/ipsec/ike-group
AgeCommit message (Collapse)Author
2018-06-03T674: set DH group default in IKE groups to 2.Daniil Baturin
Using the default: tag in the template for now, this issue should be addressed properly when we get to rewriting IPsec scripts.
2018-02-20Lowered minimum DPD interval and timeout as per T542unixninja92
2015-12-05Bug #469: add options for AES-128/256-GCM mode.Daniil Baturin
2015-12-05Add ChaCha20 Poly1305 cipher as an available cipher for IKE exchanges.Jeff Leung
Starting with strongSwan 5.3.3, chacha20poly1305 is a supported cipher for IKE and ESP configurations with an IKEv2 configuration.
2015-02-08Correct typo'd aggressive optionJeff Leung
Originally we meant aggressive, not ikev2
2015-02-07Remove the default value in ipsec ike-group $name modeJeff Leung
Setting this to a default value breaks ikev2 configurations since aggressive mode is only applicable for ikev1 tunnels
2015-02-05Allow users to specify aggressive mode for IKEv1 key exchangesJeff Leung
Although strongly not recommended by the developers of strongSwan, sometimes remote VPN gateways requires this because of interop reasons or a network admin who doesn't have an idea on why aggressive mode is bad.
2014-12-01Exposing ikev2 reauth option in CLI, defaulting to 'no'Jason Hendry
2014-08-03Bug #224: rename "enabled|disabled" to "enable|disable" for consistency.Daniil Baturin
2014-05-26Merge pull request #4 from TriJetScud/heliumDaniil Baturin
Remove automatic IKE version negoiation.
2014-05-25Initial MOBIKE Configuration SupportJeff Leung
For IKEv2, there is support for MOBIKE which basically allows IPSec connections to roam from interface to interface. When MOBIKE is used, the IKE negoiation phase uses UDP port 4500 rather than using proto-51. In strongSwan 4.5.x MOBIKE is automatically enabled for IKEv2 connections. We expose the ability to enable/disable MOBIKE to the user.
2014-05-25Merge pull request #3 from ryanriske/helium-sha2Daniil Baturin
Bug 220: Add support for SHA2 hashes
2014-05-25Remove automatic IKE version negoiation.Jeff Leung
According to the strongSwan 4.5.x documentation, the keyexchange configuration value "ike" is a synonym to "ikev2". In strongSwan 5.0.0 however, the configuration value "ike" will try to negoiate IKEv2 connections but will accept IKEv1 connections if the remote peer sends an IKEv1 request.
2014-05-25Bug 220: Add support for SHA2 hashesRyan Riske
2014-05-24Add support for DH groups 14-26Ryan Riske
2014-05-21Adding initial support for IKEv2/IKEv1 Site-to-Site VPN's by adding the ↵Jeff Leung
optional "vpn ipsec ike-group <IKEGROUP> key-exchange" parameter.
2010-08-17update help text to use val_helpAn-Cheng Huang
2010-07-21remove verb usage from begining of help stringsMohit Mehta
2010-01-12First pass code changes to vyatta-cfg-vpn for migration to strongswan :Mohit Mehta
Remove CLI support and back-end code for unsupported parameters * No aggressive mode support in strongswan * remove syslog facility.level CLI. strongswan uses authpriv facility by default, no syslog parameter support * remove Robert's disable-uniqreqids option for now. need to get strongswan to do the same thing first Remove Openswan specific parameters added to workaroung bugs * remove plutowait, this was added to workaround Openswan Bug 412 * remove nhelpers, this was added to workaround Openswan Bug 198 Other Changes * add '!' at the end of ike and esp proposal list to signify end of list * replace `ipsec start` commands with built-in commands for `ipsec starter` control utility * replace `ipsec auto` with `ipsec whack` commands. Still need to figure out if `ipsec auto --add|--up $connection` could be replaces by simply using `ipsec update` in stronswan * change pluto.ctl path
2009-11-30added required keyword to help text.Michael Larson
2008-04-10Fix Bug 3069 Help strings should be standardizedMohit Mehta
- help strings standardized in vyatta-cfg-vpn
2008-01-31convert templates to new syntaxAn-Cheng Huang
2008-01-17Add help completions for VPN configurationStig Thormodsrud
2007-12-19Port vpn cfg from fairfield to glendale.Stig Thormodsrud
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-03 06:55:37 +0000