| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-06-14 | Bug #504: add an option for pulling IPsec local id from the cert. | Daniil Baturin | |
| 2015-01-19 | Remove @ from the id/remote-id help string. It was never required. | Daniil Baturin | |
| 2015-01-19 | Bug #348: remove unnecessary restrictions on the PSK format. | Daniil Baturin | |
| 2015-01-17 | vyatta-cfg-vpn: update pre-shared secret key help for single quotes | Alex Harpin | |
| Updated the help for pre-shared secret key usage when special characters are used. These need to be enclosed in single quotes to stop them being expanded by the bash shell. Bug #451 http://bugzilla.vyos.net/show_bug.cgi?id=451 | |||
| 2014-12-01 | Fixing syntax error in vpn-config.pl, fixing allowed parameters in the ↵ | Jason Hendry | |
| per-tunnel ikev2-reauth node | |||
| 2014-12-01 | Exposing ikev2 reauth option in CLI, defaulting to 'no' | Jason Hendry | |
| 2012-10-04 | Bug 8200: Changed grep to not display shim6 | Bharat | |
| 2012-09-10 | Bugfix 8289: Vti mark values should be implicit | Saurabh Mohan | |
| Vti tunnel uses fwmark from the kernel skbuff. This value is now internally allocated instead of getting it from the configuration. Also fixed 8286 where configuration was allowing both a tunnel and VTI between the same vpn src/dst. | |||
| 2012-08-09 | Bugfix 8264: Check if the intf name is defined before using it in the script. | Saurabh Mohan | |
| Fix the error message for undefined intf name in error message. Also, add changes to incorporate mark's from range 0-2047. Print warning if a vti interface is defined but not used. Hopefully this will help users understand that they have a partial configuration. | |||
| 2012-07-25 | Bugfix 8222: deletion and adding bind parameter under vti deletes vti ↵ | Saurabh Mohan | |
| interface in show interfaces output though vti configuration exists The bind, mark parameters can be changed individually but the vti script runs at the vpn node level. By that time the old value is not known. With this change now I find out the exisiting vti tunnels from the kernel and discover the old vti-name, and mark setting from there. After that it is possible to figure out if a. No change was done to a VTI: In that case do not do any config. b. If a tunnel was changed: Delete and create the tunnel again. c. If a tunnel was deleted: Remove the tunnel config from the kernel. d. If the tunnel was added: Configure it. Also, configure the vti interface prior to the strongswan configuration. This way if the ipsec tunnel comes up then we can bring the interface up/down (see Bug 8219). Remove the disable configuration param (see Bug 8221). | |||
| 2012-06-11 | VTI: Add support call for checking for vti interface name. | Saurabh Mohan | |
| 2012-05-31 | Bugfix 8100: Be flexible in char accepted in id field. | Saurabh Mohan | |
| 2012-05-18 | VTI: cfg mark/bind change handlers. | Saurabh Mohan | |
| 2012-05-16 | Vti config support. | Saurabh Mohan | |
| 2012-03-29 | Add any special case for local-address instead of 0.0.0.0. | Daniil Baturin | |
| 2012-03-29 | Rename "local/remote subnet" to "local/remote prefix". | Daniil Baturin | |
| 2012-03-29 | Fix protocol help string capitalization. | Daniil Baturin | |
| 2012-03-29 | Add IPv6 address completion for peer. | Daniil Baturin | |
| 2012-03-29 | Rename local-ip option to local-address. | Daniil Baturin | |
| 2011-09-19 | Switched POSIX character classes to standard character classes representing ↵ | John Southworth | |
| the same data; removed unneeded '.' from regex; add similar regex to match remote-id | |||
| 2011-07-11 | Remove no longer mandatory nodes so that VPN will work smoothly with webgui2 | John Southworth | |
| (cherry picked from commit 3680e3e42b202c78bd3ffe2ec380e007f3359b5f) | |||
| 2011-04-13 | * Add help and checks for IPsec x509 nodes to push | Mohit Mehta | |
| users towards putting scripts in /config/auth | |||
| 2011-02-22 | Add bond interfaces to available dhcp interfaces in tab completion | John Southworth | |
| 2011-02-22 | fix some node.def errors | John Southworth | |
| 2011-02-16 | Initial support for configuring dhcp-interfaces for IPSEC, needs testing | John Southworth | |
| 2011-02-08 | Initial x509 for site-to-site ipsec vpn | John Southworth | |
| 2011-02-04 | Add the ability to define a default esp group for tunnels under a peer to use | John Southworth | |
| 2011-02-04 | Move protocol out of local and remote nodes as it has to be the same | John Southworth | |
| 2011-02-03 | Initial additions to support local and remote protoport in general instead ↵ | John Southworth | |
| of just for GRE | |||
| 2011-01-26 | Bugfix: 5677 add protoport option for simpler GRE tunnels, for now this is ↵ | John Southworth | |
| specifically for GRE more protocols can be added in the future if required. | |||
| 2011-01-26 | Fixed node.def to adhere to CLI conventions | John Southworth | |
| 2011-01-26 | Bug 2506: Moved the connection-type node to the peer level, as discussed ↵ | John Southworth | |
| with support. | |||
| 2011-01-25 | bugfix: 2506 added option to define initiatior or responder mode | John Southworth | |
| 2010-08-17 | remove low-level config dir usage | An-Cheng Huang | |
| 2010-08-17 | update help text to use val_help | An-Cheng Huang | |
| 2010-07-21 | remove verb usage from begining of help strings | Mohit Mehta | |
| 2010-01-12 | * remove extraneous unused code | Mohit Mehta | |
| * use @id for identification when it's specified. It can be used even if local-ip is not 0.0.0.0 * extend syntax check for id to allow specifying hostnames * fix ipsec.secrets generation - if specified always use ids for local and remote peer (cherry picked from commit 3e7a4e45af00c11e6009d38fd97c67c2de0fa145) | |||
| 2009-11-30 | added required keyword to help text. | Michael Larson | |
| 2009-10-09 | add allowed values for ike, esp groups | Mohit Mehta | |
| 2009-08-14 | convert enable to disable node for vpn tunnel | slioch | |
| 2009-08-14 | add enable node below tunnel with default flag = true | slioch | |
| 2009-08-13 | added description field to site-to-site peer. | slioch | |
| 2009-05-26 | Fix 3836: Allow VPN authentication ID to accept values of IP address, domain ↵ | Stig Thormodsrud | |
| name and "" enclosed phrases | |||
| 2008-11-11 | allow '+' as a valid character in pre-shared-secret | Mohit Mehta | |
| 2008-10-07 | Part of fix for bug 3762 Update help and error strings for vpn pre-shared ↵ | Mohit Mehta | |
| secret value - help and error string updated | |||
| 2008-07-09 | fix for bugs 3044, 3047, and 3048: support ipsec road warriors. | An-Cheng Huang | |
| 2008-06-05 | - disallowing use of special characters ';' and '?' in pre-shared-secret as ↵ | Mohit Mehta | |
| they were not in glendale - as of now only two new characters have been added to be allowed in hollywood from glendale: ',' ':' - these work good with and without quotes being used | |||
| 2008-06-05 | Bug 3194 VPN: xml error in "show vpn ike" command output | Mohit Mehta | |
| - reallowing the use of '&' in pre-shared-secret to prevent migration issues this will need looking into the show command procedures | |||
| 2008-05-14 | Bug 3194 VPN: xml error in "show vpn ike" command output | Mohit Mehta | |
| - looks like the '&' special character is causing this behavior - quick fix: disallowed use of '&' in pre-shared-secret for now | |||
| 2008-05-24 | Fix 2043: enhancement - add ability to use a hostname instead of IP address ↵ | Stig Thormodsrud | |
| fo VPN peer. | |||
 |
index : vyatta-cfg-vpn.git | |
| Vyatta VPN configuration (mirror of https://github.com/vyos/vyatta-cfg-vpn.git) |
| summaryrefslogtreecommitdiff |