<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-1x.git/data/templates/ipsec/swanctl.conf.j2, branch feature/T9082-codeql-cpp</title>
<subtitle>VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-1x.git/atom?h=feature%2FT9082-codeql-cpp</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-1x.git/atom?h=feature%2FT9082-codeql-cpp'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/'/>
<updated>2026-03-04T04:48:18+00:00</updated>
<entry>
<title>T8136: IPSEC PPK Support</title>
<updated>2026-03-04T04:48:18+00:00</updated>
<author>
<name>Giga Murphy</name>
<email>giga1699@gmail.com</email>
</author>
<published>2026-01-02T01:04:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=673ec335b885ae1de8391dd8c48a5fe16b282db5'/>
<id>urn:sha1:673ec335b885ae1de8391dd8c48a5fe16b282db5</id>
<content type='text'>
</content>
</entry>
<entry>
<title>ipsec: T7562: Add support for `disable-uniqreqids` option in IPsec configs</title>
<updated>2025-08-12T09:11:05+00:00</updated>
<author>
<name>Oleksandr Kuchmystyi</name>
<email>o.kuchmystyi@vyos.io</email>
</author>
<published>2025-07-31T10:41:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=c84c7cf16bf4a0222690f4ac2d93dafc88a7a0f7'/>
<id>urn:sha1:c84c7cf16bf4a0222690f4ac2d93dafc88a7a0f7</id>
<content type='text'>
This commit makes `set vpn ipsec disable-uniqreqids` work with the modern
StrongSwan backend by setting `unique=never` in swanctl.conf for connections.
This restores legacy behavior about multiple connections with the same identity.
</content>
</entry>
<entry>
<title>T264: IPsec add base64 encoded secret-type feature</title>
<updated>2024-11-21T13:34:51+00:00</updated>
<author>
<name>Viacheslav Hletenko</name>
<email>v.gletenko@vyos.io</email>
</author>
<published>2024-11-19T17:44:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=5c7647bcc242d4b26cd9afdde1f084ef93916727'/>
<id>urn:sha1:5c7647bcc242d4b26cd9afdde1f084ef93916727</id>
<content type='text'>
Add the ability to configure base64 encoded passwords for
VPN IPSec site-to-site peers

authentication psk PSK secret 'xxxxx=='
authentication psk PSK secret-type &lt;base64|plaintext&gt;
</content>
</entry>
<entry>
<title>T5873: vpn ipsec remote-access: support VTI interfaces</title>
<updated>2024-07-22T17:57:45+00:00</updated>
<author>
<name>Lucas Christian</name>
<email>lucas@lucasec.com</email>
</author>
<published>2023-12-29T06:26:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=4d2c89dcd50d3c158dc76ac5ab843dd66105bc02'/>
<id>urn:sha1:4d2c89dcd50d3c158dc76ac5ab843dd66105bc02</id>
<content type='text'>
</content>
</entry>
<entry>
<title>T4916: Rewrite IPsec peer authentication and psk migration</title>
<updated>2023-01-26T11:28:03+00:00</updated>
<author>
<name>Viacheslav Hletenko</name>
<email>v.gletenko@vyos.io</email>
</author>
<published>2023-01-17T11:04:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=7ae0b404ad9fdefa856c7e450b224b47d854a4eb'/>
<id>urn:sha1:7ae0b404ad9fdefa856c7e450b224b47d854a4eb</id>
<content type='text'>
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed

replace: 'ipsec site-to-site peer &lt;tag&gt; authentication pre-shared-secret xxx'
      =&gt; 'ipsec authentication psk &lt;tag&gt; secret xxx'

set vpn ipsec authentication psk &lt;tag&gt; id '192.0.2.1'
set vpn ipsec authentication psk &lt;tag&gt; id '192.0.2.2'
set vpn ipsec authentication psk &lt;tag&gt; secret 'xxx'
set vpn ipsec site-to-site peer &lt;tag&gt; authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer &lt;tag&gt; authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer &lt;tag&gt; authentication remote-id '192.0.2.2'

Add template filter for Jinja2 'generate_uuid4'
</content>
</entry>
<entry>
<title>ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer</title>
<updated>2022-09-16T11:53:41+00:00</updated>
<author>
<name>Viacheslav Hletenko</name>
<email>v.gletenko@vyos.io</email>
</author>
<published>2022-08-10T19:51:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=bd4588827b563022ce5fb98b1345b787b9194176'/>
<id>urn:sha1:bd4588827b563022ce5fb98b1345b787b9194176</id>
<content type='text'>
Migration and Change boolean nodes "enable/disable" to
disable-xxxx, enable-xxxx and just xxx for VPN IPsec
configurations

  - IKE changes:
      - replace 'ipsec ike-group &lt;tag&gt; mobike disable'
             =&gt; 'ipsec ike-group &lt;tag&gt; disable-mobike'
      - replace 'ipsec ike-group &lt;tag&gt; ikev2-reauth yes|no'
             =&gt; 'ipsec ike-group &lt;tag&gt; ikev2-reauth'
  - ESP changes:
      - replace 'ipsec esp-group &lt;tag&gt; compression enable'
             =&gt; 'ipsec esp-group &lt;tag&gt; compression'
  - PEER changes:
      - replace: 'peer &lt;tag&gt; id xxx'
              =&gt; 'peer &lt;tag&gt; local-id xxx'
      - replace: 'peer &lt;tag&gt; force-encapsulation enable'
              =&gt; 'peer &lt;tag&gt; force-udp-encapsulation'
      - add option: 'peer &lt;tag&gt; remote-address x.x.x.x'

Add 'peer &lt;name&gt; remote-address &lt;name&gt;' via migration script
</content>
</entry>
<entry>
<title>ipsec: T4353: bugfix template extension</title>
<updated>2022-05-02T04:32:56+00:00</updated>
<author>
<name>Christian Poessinger</name>
<email>christian@poessinger.com</email>
</author>
<published>2022-05-02T04:32:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=318f81cba207dc5f180b074c2a7cdb4a4217e5fc'/>
<id>urn:sha1:318f81cba207dc5f180b074c2a7cdb4a4217e5fc</id>
<content type='text'>
</content>
</entry>
<entry>
<title>ipsec: T4353: fix Jinja2 linting errors</title>
<updated>2022-05-01T17:44:52+00:00</updated>
<author>
<name>Christian Poessinger</name>
<email>christian@poessinger.com</email>
</author>
<published>2022-05-01T17:44:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=49b1afc25b73d9c5daae1c76edb88aab42afa83e'/>
<id>urn:sha1:49b1afc25b73d9c5daae1c76edb88aab42afa83e</id>
<content type='text'>
</content>
</entry>
</feed>
