| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-09-13 | ipsec: T5578: Fixed the description to "ikev2-reauth" option. | aapostoliuk | |
| Removed 'Currently broken due to a strong swan bug' in the description to "ikev2-reauth" option. | |||
| 2023-03-14 | ipsec: T4925: Added PRF into IKE group | aapostoliuk | |
| Added the possibility to configure Pseudo-Random Functions (PRF) in IKE group set vpn ipsec ike-group <Ike-grp> proposal <number> prf <PRF> Backport from 1.4 | |||
| 2021-11-22 | IPsec: T4005: IKEv1 + IKEv2 in one ike-group | goodNETnick | |
| 2020-12-17 | pre-shared-secret: T3131: Fix typo of word secret | srividya0208 | |
| There is typo in the spelling of "secret" mentioned in detailed information of the pre-shared-secret key in the vpn ipsec site-to-site peer authentication hierarchy. | |||
| 2020-05-08 | T2431: fix a reference to valida-value.py | Daniil Baturin | |
| 2020-04-08 | strongSwan: T2049: Added lost "disable" option to ESP PFS settings | zsdc | |
| 2020-03-11 | strongSwan: T2049: Extended list of cipher suites | zsdc | |
| The list of supported cipher suites actualized according to the: https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites | |||
| 2019-12-08 | T1864: lower IKEv1 DPD timeout value from 10s to 2sVyOS_1.2-2019Q4 | Christian Poessinger | |
| 2019-12-05 | dmvpn: T1784: Run ipsec-settings before DMVPN | DmitriyEshenko | |
| 2019-10-31 | T1780 Adding IPSec IKE close-action | DmitriyEshenko | |
| 2019-07-25 | [accel-l2tp] - T834: L2TP implementation | hagbard | |
| - disable legacy update-l2tp.pl - ipsec-settings.py last entry to run after all the legacy scripts | |||
| 2019-07-05 | T1499: Allow for usage of systemd interface mappings (#23) | runborg | |
| 2019-03-06 | removing script call for pptp which is now being handled by accel-ppp | hagbard | |
| 2019-01-07 | Fix: T1168 - Upgrade: 1,1,7 -> 1.2.0-epa2 Ipsec logging command failure. | hagbard | |
| 2018-12-31 | T777: improve "connection-type" option help strings. | Daniil Baturin | |
| 2018-11-13 | T1006: allow the "any" value for the local-address option. | Daniil Baturin | |
| 2018-11-13 | T1006: replace the is_valid_address.pl script with ipaddrcheck. | Daniil Baturin | |
| 2018-08-19 | T787: Make sure dmvpn config is generated after ipsec config. this one needs ↵ | Runar Borge | |
| more testing to test for breakages on ipsec | |||
| 2018-08-05 | T71: call the ipsec-settings.py script in VPN. | Daniil Baturin | |
| 2018-06-03 | T674: set DH group default in IKE groups to 2. | Daniil Baturin | |
| Using the default: tag in the template for now, this issue should be addressed properly when we get to rewriting IPsec scripts. | |||
| 2018-02-20 | Lowered minimum DPD interval and timeout as per T542 | unixninja92 | |
| 2017-10-13 | T423: use listNodes rather than listActiveNodes to enable completion for ↵ | Daniil Baturin | |
| uncommited IKE and ESP groups. | |||
| 2016-02-24 | remove reference to dmvpn.secrets and chang dmvpn.conf to swanctl.conf | Kim Hagen | |
| 2016-02-11 | Merge branch 'lithium-strongswan5' of ↵ | Daniil Baturin | |
| https://github.com/TriJetScud/vyatta-cfg-vpn into current | |||
| 2016-02-11 | Revert "Set default pfs and ike dh group. (required by strongswan charon)" | Kim Hagen | |
| This reverts commit 8353f0f8fc746c69d6006e5bba9baf45afe16385. | |||
| 2016-02-11 | Set default pfs and ike dh group. (required by strongswan charon) | Kim Hagen | |
| 2016-02-09 | Use dhcp instead of dhcp3. | Kim Hagen | |
| 2016-01-29 | vyatta-cfg-vpn: Properly implement force-encapsulation and fix descriptions | Jeff Leung | |
| 2015-12-06 | Merge branch 'lithium' into lithium-strongswan5 | Jeff Leung | |
| Conflicts: templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def Get the GCM and ChaCha20+Poly1305 ciphers to play nice with each other | |||
| 2015-12-05 | Bug #469: add options for AES-128/256-GCM mode. | Daniil Baturin | |
| 2015-12-05 | Move execution of nhrp script to "end" of ipsec config so it executes on all ↵ | Kim Hagen | |
| changes made to the ipsec config | |||
| 2015-12-05 | Add ChaCha20 Poly1305 cipher as an available cipher for IKE exchanges. | Jeff Leung | |
| Starting with strongSwan 5.3.3, chacha20poly1305 is a supported cipher for IKE and ESP configurations with an IKEv2 configuration. | |||
| 2015-11-04 | Allow the user to include a custom ipsec.secrets file. | Jeff Leung | |
| This may be useful for scenarios where a user prefers to use an ECDSA key or implement an xauth IPSec RA server without having to code for the VyOS/EdgeOS platform. | |||
| 2015-06-14 | Bug #504: add an option for pulling IPsec local id from the cert. | Daniil Baturin | |
| 2015-05-04 | Bug #469: add options for AES-128/256-GCM mode. | Daniil Baturin | |
| 2015-02-16 | Move execution of nhrp script to "end" of ipsec config so it executes on all ↵ | Kim Hagen | |
| changes made to the ipsec config | |||
| 2015-02-10 | Allow the user to force UDP encapsulation for a named peer | Jeff Leung | |
| This might help with strongSwan traversing through firewalls that filter proto 51, but not UDP traffic. | |||
| 2015-02-08 | Correct typo'd aggressive option | Jeff Leung | |
| Originally we meant aggressive, not ikev2 | |||
| 2015-02-07 | Remove the default value in ipsec ike-group $name mode | Jeff Leung | |
| Setting this to a default value breaks ikev2 configurations since aggressive mode is only applicable for ikev1 tunnels | |||
| 2015-02-05 | Update ipsec logging log-modes to point towards charon's loggers | Jeff Leung | |
| log-modes now expose charon's keywords instead of pluto's keywords. Refer to the strongSwan's manual to see what each specific logger does. | |||
| 2015-02-05 | Allow users to specify a custom file to be included with ipsec.conf | Jeff Leung | |
| 2015-02-05 | Allow users to specify aggressive mode for IKEv1 key exchanges | Jeff Leung | |
| Although strongly not recommended by the developers of strongSwan, sometimes remote VPN gateways requires this because of interop reasons or a network admin who doesn't have an idea on why aggressive mode is bad. | |||
| 2015-01-19 | Remove @ from the id/remote-id help string. It was never required. | Daniil Baturin | |
| 2015-01-19 | Bug #348: remove unnecessary restrictions on the PSK format. | Daniil Baturin | |
| 2015-01-17 | vyatta-cfg-vpn: update pre-shared secret key help for single quotes | Alex Harpin | |
| Updated the help for pre-shared secret key usage when special characters are used. These need to be enclosed in single quotes to stop them being expanded by the bash shell. Bug #451 http://bugzilla.vyos.net/show_bug.cgi?id=451 | |||
| 2014-12-01 | Fixing syntax error in vpn-config.pl, fixing allowed parameters in the ↵ | Jason Hendry | |
| per-tunnel ikev2-reauth node | |||
| 2014-12-01 | Exposing ikev2 reauth option in CLI, defaulting to 'no' | Jason Hendry | |
| 2014-09-10 | Remove gre-multipoint reference | Kim Hagen | |
| 2014-08-23 | Rename vyatta-update-nhrp.pl to vyos-update-nhrp.pl and change options | Kim Hagen | |
| 2014-08-03 | Bug #224: rename "enabled|disabled" to "enable|disable" for consistency. | Daniil Baturin | |
 |
index : vyatta-cfg-vpn.git | |
| Vyatta VPN configuration (mirror of https://github.com/vyos/vyatta-cfg-vpn.git) |
| summaryrefslogtreecommitdiff |