vyos-1x.git/data/templates/ipsec/swanctl, branch vyos/1.4dev1 VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=vyos%2F1.4dev1 2023-01-12T17:47:53+00:00 T4118: Add default value any for connection remote-id 2023-01-12T17:47:53+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-01-12T13:00:05+00:00 urn:sha1:01386606982352de7eb51f55acc11c6a58ed4cef If IPsec "peer <tag> authentication remote-id" is not set it should be "%any" by default https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html#_connections_conn_remote Set XML default value in use it in the python vpn_ipsec.py script T4823: Fix IPsec transport mode remote TS 2022-11-21T18:42:41+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-11-21T18:42:41+00:00 urn:sha1:2ac4a8a5fed9db471b7ffac0f54e6741c6f87834 Remote TS for transport mode GRE must be remote-address and not peer name ipsec: T4118: bugfix migration of IKEv2 road-warrior "id" CLI option 2022-09-20T18:32:57+00:00 Christian Poessinger christian@poessinger.com 2022-09-20T18:32:55+00:00 urn:sha1:2eb0ddc54ea8bf50f62cc381eb3356363194c6fd The "authentication id" option for road-warriors did not get migrated to the new local-id CLI node. This has been fixed. Merge pull request #1463 from sever-sever/T4118 2022-09-16T17:16:42+00:00 Daniil Baturin daniil@vyos.io 2022-09-16T17:16:42+00:00 urn:sha1:748dab43b87c3993bdd5c697e7b778ed7a8e48a1 ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer 2022-09-16T11:53:41+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-08-10T19:51:48+00:00 urn:sha1:bd4588827b563022ce5fb98b1345b787b9194176 Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script dmvpn: T4595: Fix dpd profile options 2022-08-10T21:52:48+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-08-10T21:52:48+00:00 urn:sha1:fed4cbf9b2f02628745229305cfec4f8a342c554 Fix template for configuration DMVPN IKE profile dead-peer-detection delay and dead-peer-detecion timeout options ipsec: T4353: use "" quotes on road-warrior id 2022-05-06T16:32:08+00:00 Christian Poessinger christian@poessinger.com 2022-05-06T16:31:00+00:00 urn:sha1:a8a4b61c22a373366f9aaf84165ccae2106a4a46 ipsec: T4353: fix Jinja2 linting errors 2022-05-01T17:44:52+00:00 Christian Poessinger christian@poessinger.com 2022-05-01T17:44:52+00:00 urn:sha1:49b1afc25b73d9c5daae1c76edb88aab42afa83e vpn-ipsec: T4398: Fix unexpected passthrough policy for peer 2022-04-25T20:59:45+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-04-25T20:59:45+00:00 urn:sha1:408917a0e619286c1cc1e74bde6cd8f257d5aeb9 Set default passtrough list to None to prevent unexpected policy for peers with not overplapped local and remote prefixes ipsec: T4333: migrate to new vyos_defined Jinja2 test 2022-04-13T20:51:42+00:00 Christian Poessinger christian@poessinger.com 2022-04-13T20:51:42+00:00 urn:sha1:e8a637eec0cc398f78a877ece6b9c7cdca418970