vyos-1x.git/data/templates/ipsec, branch 1.4.0 VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=1.4.0 2024-05-30T14:36:40+00:00 op-mode: ipsec: T6407: fix profile generation 2024-05-30T14:36:40+00:00 Christian Breunig christian@breunig.cc 2024-05-30T09:20:56+00:00 urn:sha1:55ae2ca0b17fa1d4cd19563289466c5e8dbbcf84 Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. (cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671) T6237: IPSec remote access VPN: ability to set EAP ID of clients 2024-04-22T05:00:34+00:00 Alex W embezzle.dev@proton.me 2024-04-21T20:59:56+00:00 urn:sha1:162a0f0d746f7789a676332ec04dba65fefd6d4e (cherry picked from commit 78ea623df20b44309cc6ac9848ed18e97fc4ed03) T5871: ipsec remote access VPN: specify "cacerts" for client auth. 2024-04-12T09:13:38+00:00 Lucas Christian lucas@lucasec.com 2023-12-29T06:08:36+00:00 urn:sha1:7100a5797bce50678be6bb001d4d847b26ff9eca (cherry picked from commit ecc83562b4d756cc50910561a3f52ec260aeb478) T5872: re-write exit hook to always regenerate config 2024-03-28T16:09:40+00:00 Lucas Christian lucas@lucasec.com 2024-03-10T18:39:19+00:00 urn:sha1:71fe258f6a4dfc0ead8f8ee46821f9dd965d141a (cherry picked from commit 679b78356cbda4de15f96a7f22d4a98037dbeea4) T5872: fix ipsec dhclient exit hook 2024-03-28T16:09:39+00:00 Lucas Christian lucas@lucasec.com 2024-02-09T06:04:16+00:00 urn:sha1:781807e732da80b967019649cd79d4721e19f26d (cherry picked from commit cd8ef21f280f726955f537132e3fab2bcb3c286f) T5872: ipsec remote access VPN: support dhcp-interface. 2024-03-28T16:09:39+00:00 Lucas Christian lucas@lucasec.com 2023-12-29T06:11:26+00:00 urn:sha1:5a722cf8491436b0091c8fd5522e8c1074569ef1 (cherry picked from commit f7834324d3d9edd7e161e7f2f3868452997c9c81) ipsec: T5998: add replay-windows setting 2024-02-03T20:05:04+00:00 Christian Breunig christian@breunig.cc 2024-02-02T19:44:29+00:00 urn:sha1:4edc0611ec0ab39147c136d769a9e8a0f50847e6 The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040> (cherry picked from commit 4d943d8fbf1253154897179b0e3ea2d93b898197) T5953: Changed values of 'close-action' to Strongswan values 2024-01-17T17:38:11+00:00 aapostoliuk a.apostoliuk@vyos.io 2024-01-17T15:46:38+00:00 urn:sha1:e6713a7e861dbe3ec8af1761f1c0a3d1ad725cac Changed the value from 'hold' to 'trap' in the 'close-action' option in the IKE group. Changed the value from 'restart' to 'start' in the 'close-action' option in the IKE group. (cherry picked from commit 8870fabf1b4358618fca7db459515106653214b5) T4658: Renamed DPD action value from 'hold' to 'trap' 2024-01-16T15:46:28+00:00 aapostoliuk a.apostoliuk@vyos.io 2024-01-16T14:26:26+00:00 urn:sha1:3e35719a272956a16171e889e5dc0c8a3b47977e Renamed DPD action value from 'hold' to 'trap' (cherry picked from commit 9f4aee5778eefa0a17d4795430d50e4a046e88b0) T5870: ipsec remote access VPN: add x509 ("pubkey") authentication. 2023-12-30T21:58:26+00:00 Lucas Christian lucas@lucasec.com 2023-12-29T06:07:07+00:00 urn:sha1:6cfcef98b8a8fbfa107ecfbb741cfb268ea8340f (cherry picked from commit 656934e85cee799dba5b495d143f6be445ac22d5)