| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-12-17 | pre-shared-secret: T3131: Fix typo of word secret | srividya0208 | |
| There is typo in the spelling of "secret" mentioned in detailed information of the pre-shared-secret key in the vpn ipsec site-to-site peer authentication hierarchy. | |||
| 2020-05-08 | T2431: fix a reference to valida-value.py | Daniil Baturin | |
| 2020-04-08 | strongSwan: T2049: Added lost "disable" option to ESP PFS settings | zsdc | |
| 2020-03-11 | strongSwan: T2049: Extended list of cipher suites | zsdc | |
| The list of supported cipher suites actualized according to the: https://wiki.strongswan.org/projects/strongswan/wiki/IKEv1CipherSuites https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites | |||
| 2019-12-08 | T1864: lower IKEv1 DPD timeout value from 10s to 2sVyOS_1.2-2019Q4 | Christian Poessinger | |
| 2019-12-05 | dmvpn: T1784: Run ipsec-settings before DMVPN | DmitriyEshenko | |
| 2019-10-31 | T1780 Adding IPSec IKE close-action | DmitriyEshenko | |
| 2019-07-25 | [accel-l2tp] - T834: L2TP implementation | hagbard | |
| - disable legacy update-l2tp.pl - ipsec-settings.py last entry to run after all the legacy scripts | |||
| 2019-07-05 | T1499: Allow for usage of systemd interface mappings (#23) | runborg | |
| 2019-03-06 | removing script call for pptp which is now being handled by accel-ppp | hagbard | |
| 2019-01-07 | Fix: T1168 - Upgrade: 1,1,7 -> 1.2.0-epa2 Ipsec logging command failure. | hagbard | |
| 2018-12-31 | T777: improve "connection-type" option help strings. | Daniil Baturin | |
| 2018-11-13 | T1006: allow the "any" value for the local-address option. | Daniil Baturin | |
| 2018-11-13 | T1006: replace the is_valid_address.pl script with ipaddrcheck. | Daniil Baturin | |
| 2018-08-19 | T787: Make sure dmvpn config is generated after ipsec config. this one needs ↵ | Runar Borge | |
| more testing to test for breakages on ipsec | |||
| 2018-08-05 | T71: call the ipsec-settings.py script in VPN. | Daniil Baturin | |
| 2018-06-03 | T674: set DH group default in IKE groups to 2. | Daniil Baturin | |
| Using the default: tag in the template for now, this issue should be addressed properly when we get to rewriting IPsec scripts. | |||
| 2018-02-20 | Lowered minimum DPD interval and timeout as per T542 | unixninja92 | |
| 2017-10-13 | T423: use listNodes rather than listActiveNodes to enable completion for ↵ | Daniil Baturin | |
| uncommited IKE and ESP groups. | |||
| 2016-02-24 | remove reference to dmvpn.secrets and chang dmvpn.conf to swanctl.conf | Kim Hagen | |
| 2016-02-11 | Merge branch 'lithium-strongswan5' of ↵ | Daniil Baturin | |
| https://github.com/TriJetScud/vyatta-cfg-vpn into current | |||
| 2016-02-11 | Revert "Set default pfs and ike dh group. (required by strongswan charon)" | Kim Hagen | |
| This reverts commit 8353f0f8fc746c69d6006e5bba9baf45afe16385. | |||
| 2016-02-11 | Set default pfs and ike dh group. (required by strongswan charon) | Kim Hagen | |
| 2016-02-09 | Use dhcp instead of dhcp3. | Kim Hagen | |
| 2016-01-29 | vyatta-cfg-vpn: Properly implement force-encapsulation and fix descriptions | Jeff Leung | |
| 2015-12-06 | Merge branch 'lithium' into lithium-strongswan5 | Jeff Leung | |
| Conflicts: templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def templates/vpn/ipsec/ike-group/node.tag/proposal/node.tag/encryption/node.def Get the GCM and ChaCha20+Poly1305 ciphers to play nice with each other | |||
| 2015-12-05 | Bug #469: add options for AES-128/256-GCM mode. | Daniil Baturin | |
| 2015-12-05 | Move execution of nhrp script to "end" of ipsec config so it executes on all ↵ | Kim Hagen | |
| changes made to the ipsec config | |||
| 2015-12-05 | Add ChaCha20 Poly1305 cipher as an available cipher for IKE exchanges. | Jeff Leung | |
| Starting with strongSwan 5.3.3, chacha20poly1305 is a supported cipher for IKE and ESP configurations with an IKEv2 configuration. | |||
| 2015-11-04 | Allow the user to include a custom ipsec.secrets file. | Jeff Leung | |
| This may be useful for scenarios where a user prefers to use an ECDSA key or implement an xauth IPSec RA server without having to code for the VyOS/EdgeOS platform. | |||
| 2015-06-14 | Bug #504: add an option for pulling IPsec local id from the cert. | Daniil Baturin | |
| 2015-05-04 | Bug #469: add options for AES-128/256-GCM mode. | Daniil Baturin | |
| 2015-02-16 | Move execution of nhrp script to "end" of ipsec config so it executes on all ↵ | Kim Hagen | |
| changes made to the ipsec config | |||
| 2015-02-10 | Allow the user to force UDP encapsulation for a named peer | Jeff Leung | |
| This might help with strongSwan traversing through firewalls that filter proto 51, but not UDP traffic. | |||
| 2015-02-08 | Correct typo'd aggressive option | Jeff Leung | |
| Originally we meant aggressive, not ikev2 | |||
| 2015-02-07 | Remove the default value in ipsec ike-group $name mode | Jeff Leung | |
| Setting this to a default value breaks ikev2 configurations since aggressive mode is only applicable for ikev1 tunnels | |||
| 2015-02-05 | Update ipsec logging log-modes to point towards charon's loggers | Jeff Leung | |
| log-modes now expose charon's keywords instead of pluto's keywords. Refer to the strongSwan's manual to see what each specific logger does. | |||
| 2015-02-05 | Allow users to specify a custom file to be included with ipsec.conf | Jeff Leung | |
| 2015-02-05 | Allow users to specify aggressive mode for IKEv1 key exchanges | Jeff Leung | |
| Although strongly not recommended by the developers of strongSwan, sometimes remote VPN gateways requires this because of interop reasons or a network admin who doesn't have an idea on why aggressive mode is bad. | |||
| 2015-01-19 | Remove @ from the id/remote-id help string. It was never required. | Daniil Baturin | |
| 2015-01-19 | Bug #348: remove unnecessary restrictions on the PSK format. | Daniil Baturin | |
| 2015-01-17 | vyatta-cfg-vpn: update pre-shared secret key help for single quotes | Alex Harpin | |
| Updated the help for pre-shared secret key usage when special characters are used. These need to be enclosed in single quotes to stop them being expanded by the bash shell. Bug #451 http://bugzilla.vyos.net/show_bug.cgi?id=451 | |||
| 2014-12-01 | Fixing syntax error in vpn-config.pl, fixing allowed parameters in the ↵ | Jason Hendry | |
| per-tunnel ikev2-reauth node | |||
| 2014-12-01 | Exposing ikev2 reauth option in CLI, defaulting to 'no' | Jason Hendry | |
| 2014-09-10 | Remove gre-multipoint reference | Kim Hagen | |
| 2014-08-23 | Rename vyatta-update-nhrp.pl to vyos-update-nhrp.pl and change options | Kim Hagen | |
| 2014-08-03 | Bug #224: rename "enabled|disabled" to "enable|disable" for consistency. | Daniil Baturin | |
| 2014-05-26 | Merge pull request #4 from TriJetScud/helium | Daniil Baturin | |
| Remove automatic IKE version negoiation. | |||
| 2014-05-25 | Initial MOBIKE Configuration Support | Jeff Leung | |
| For IKEv2, there is support for MOBIKE which basically allows IPSec connections to roam from interface to interface. When MOBIKE is used, the IKE negoiation phase uses UDP port 4500 rather than using proto-51. In strongSwan 4.5.x MOBIKE is automatically enabled for IKEv2 connections. We expose the ability to enable/disable MOBIKE to the user. | |||
| 2014-05-25 | Bug 197: Add back support for groups 22-24 for phase2 pfs | Ryan Riske | |
 |
index : vyatta-cfg-vpn.git | |
| Vyatta VPN configuration (mirror of https://github.com/vyos/vyatta-cfg-vpn.git) |
| summaryrefslogtreecommitdiff |