vyatta-cfg-vpn.git - Vyatta VPN configuration (mirror of https://github.com/vyos/vyatta-cfg-vpn.git)

Age	Commit message (Collapse)	Author
2020-12-18	pre-shared-secret:T3136: Fix typo of word secret (LTS)	srividya0208
	There is typo in the spelling of "secret" mentioned in detailed information of the pre-shared-secret key in the vpn ipsec site-to-site peer authentication hierarchy in the LTS release.
2020-12-17	pre-shared-secret: T3131: Fixed the typo of secret	srividya0208
	There is typo in the spelling of "secret" mentioned in detailed information of the pre-shared-secret key in the vpn ipsec site-to-site peer authentication hierarchy.
2020-01-20	T1780 Adding IPSec IKE close-action	DmitriyEshenko

2019-12-12	T1864: lower IKEv1 DPD timeout value from 10s to 2s	Christian Poessinger
	(cherry picked from commit c4c8711939f709c445fe634b2f624933fa9651ab)
2019-01-07	Fix: T1168 - Upgrade: 1,1,7 -> 1.2.0-epa2 Ipsec logging command failure.	hagbard

2018-12-31	T777: improve "connection-type" option help strings.	Daniil Baturin

2018-11-13	T1006: allow the "any" value for the local-address option.	Daniil Baturin

2018-11-13	T1006: replace the is_valid_address.pl script with ipaddrcheck.	Daniil Baturin

2018-06-03	T674: set DH group default in IKE groups to 2.	Daniil Baturin
	Using the default: tag in the template for now, this issue should be addressed properly when we get to rewriting IPsec scripts.
2018-02-20	Lowered minimum DPD interval and timeout as per T542	unixninja92

2017-10-13	T423: use listNodes rather than listActiveNodes to enable completion for ↵	Daniil Baturin
	uncommited IKE and ESP groups.
2016-02-11	Merge branch 'lithium-strongswan5' of ↵	Daniil Baturin
	https://github.com/TriJetScud/vyatta-cfg-vpn into current
2016-02-11	Revert "Set default pfs and ike dh group. (required by strongswan charon)"	Kim Hagen
	This reverts commit 8353f0f8fc746c69d6006e5bba9baf45afe16385.
2016-02-11	Set default pfs and ike dh group. (required by strongswan charon)	Kim Hagen

2016-02-09	Use dhcp instead of dhcp3.	Kim Hagen

2016-01-29	vyatta-cfg-vpn: Properly implement force-encapsulation and fix descriptions	Jeff Leung

2015-12-06	Merge branch 'lithium' into lithium-strongswan5	Jeff Leung
	Conflicts: templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def Get the GCM and ChaCha20+Poly1305 ciphers to play nice with each other
2015-12-05	Bug #469: add options for AES-128/256-GCM mode.	Daniil Baturin

2015-12-05	Move execution of nhrp script to "end" of ipsec config so it executes on all ↵	Kim Hagen
	changes made to the ipsec config
2015-12-05	Add ChaCha20 Poly1305 cipher as an available cipher for IKE exchanges.	Jeff Leung
	Starting with strongSwan 5.3.3, chacha20poly1305 is a supported cipher for IKE and ESP configurations with an IKEv2 configuration.
2015-11-04	Allow the user to include a custom ipsec.secrets file.	Jeff Leung
	This may be useful for scenarios where a user prefers to use an ECDSA key or implement an xauth IPSec RA server without having to code for the VyOS/EdgeOS platform.
2015-06-14	Bug #504: add an option for pulling IPsec local id from the cert.	Daniil Baturin

2015-05-04	Bug #469: add options for AES-128/256-GCM mode.	Daniil Baturin

2015-02-16	Move execution of nhrp script to "end" of ipsec config so it executes on all ↵	Kim Hagen
	changes made to the ipsec config
2015-02-10	Allow the user to force UDP encapsulation for a named peer	Jeff Leung
	This might help with strongSwan traversing through firewalls that filter proto 51, but not UDP traffic.
2015-02-08	Correct typo'd aggressive option	Jeff Leung
	Originally we meant aggressive, not ikev2
2015-02-07	Remove the default value in ipsec ike-group $name mode	Jeff Leung
	Setting this to a default value breaks ikev2 configurations since aggressive mode is only applicable for ikev1 tunnels
2015-02-05	Update ipsec logging log-modes to point towards charon's loggers	Jeff Leung
	log-modes now expose charon's keywords instead of pluto's keywords. Refer to the strongSwan's manual to see what each specific logger does.
2015-02-05	Allow users to specify a custom file to be included with ipsec.conf	Jeff Leung

2015-02-05	Allow users to specify aggressive mode for IKEv1 key exchanges	Jeff Leung
	Although strongly not recommended by the developers of strongSwan, sometimes remote VPN gateways requires this because of interop reasons or a network admin who doesn't have an idea on why aggressive mode is bad.
2015-01-19	Remove @ from the id/remote-id help string. It was never required.	Daniil Baturin

2015-01-19	Bug #348: remove unnecessary restrictions on the PSK format.	Daniil Baturin

2015-01-17	vyatta-cfg-vpn: update pre-shared secret key help for single quotes	Alex Harpin
	Updated the help for pre-shared secret key usage when special characters are used. These need to be enclosed in single quotes to stop them being expanded by the bash shell. Bug #451 http://bugzilla.vyos.net/show_bug.cgi?id=451
2014-12-01	Fixing syntax error in vpn-config.pl, fixing allowed parameters in the ↵	Jason Hendry
	per-tunnel ikev2-reauth node
2014-12-01	Exposing ikev2 reauth option in CLI, defaulting to 'no'	Jason Hendry

2014-09-10	Remove gre-multipoint reference	Kim Hagen

2014-08-23	Rename vyatta-update-nhrp.pl to vyos-update-nhrp.pl and change options	Kim Hagen

2014-08-03	Bug #224: rename "enabled\|disabled" to "enable\|disable" for consistency.	Daniil Baturin

2014-05-26	Merge pull request #4 from TriJetScud/helium	Daniil Baturin
	Remove automatic IKE version negoiation.
2014-05-25	Initial MOBIKE Configuration Support	Jeff Leung
	For IKEv2, there is support for MOBIKE which basically allows IPSec connections to roam from interface to interface. When MOBIKE is used, the IKE negoiation phase uses UDP port 4500 rather than using proto-51. In strongSwan 4.5.x MOBIKE is automatically enabled for IKEv2 connections. We expose the ability to enable/disable MOBIKE to the user.
2014-05-25	Bug 197: Add back support for groups 22-24 for phase2 pfs	Ryan Riske

2014-05-25	Merge pull request #3 from ryanriske/helium-sha2	Daniil Baturin
	Bug 220: Add support for SHA2 hashes
2014-05-25	Remove automatic IKE version negoiation.	Jeff Leung
	According to the strongSwan 4.5.x documentation, the keyexchange configuration value "ike" is a synonym to "ikev2". In strongSwan 5.0.0 however, the configuration value "ike" will try to negoiate IKEv2 connections but will accept IKEv1 connections if the remote peer sends an IKEv1 request.
2014-05-25	Bug 220: Add support for SHA2 hashes	Ryan Riske

2014-05-24	Add support for DH groups 14-26	Ryan Riske

2014-05-21	Adding initial support for IKEv2/IKEv1 Site-to-Site VPN's by adding the ↵	Jeff Leung
	optional "vpn ipsec ike-group <IKEGROUP> key-exchange" parameter.
2012-12-27	DMVPN support with profiles.	Saurabh Mohan

2012-10-04	Bug 8200: Changed grep to not display shim6	Bharat

2012-09-10	Bugfix 8289: Vti mark values should be implicit	Saurabh Mohan
	Vti tunnel uses fwmark from the kernel skbuff. This value is now internally allocated instead of getting it from the configuration. Also fixed 8286 where configuration was allowing both a tunnel and VTI between the same vpn src/dst.
2012-08-09	Bugfix 8264: Check if the intf name is defined before using it in the script.	Saurabh Mohan
	Fix the error message for undefined intf name in error message. Also, add changes to incorporate mark's from range 0-2047. Print warning if a vti interface is defined but not used. Hopefully this will help users understand that they have a partial configuration.