vyos-1x.git/data/templates/ipsec, branch syslog-typos-T6989 VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=syslog-typos-T6989 2025-01-09T16:24:15+00:00 nhrp: T2326: NHRP migration to FRR 2025-01-09T16:24:15+00:00 aapostoliuk a.apostoliuk@vyos.io 2024-08-09T15:08:56+00:00 urn:sha1:5e8307bf3a7f816193ca9da8cb290d57bbb375f2 NHRP migration to FRR T264: IPsec add base64 encoded secret-type feature 2024-11-21T13:34:51+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2024-11-19T17:44:58+00:00 urn:sha1:5c7647bcc242d4b26cd9afdde1f084ef93916727 Add the ability to configure base64 encoded passwords for VPN IPSec site-to-site peers authentication psk PSK secret 'xxxxx==' authentication psk PSK secret-type <base64|plaintext> Merge pull request #3221 from lucasec/t5873 2024-08-01T11:08:36+00:00 Christian Breunig christian@breunig.cc 2024-08-01T11:08:36+00:00 urn:sha1:962ead698e191ff413aaa1585270dfed48100547 T5873: ipsec remote access VPN: support VTI interfaces. T6617: T6618: vpn ipsec remote-access: fix profile generators 2024-07-30T07:16:59+00:00 Lucas Christian lucas@lucasec.com 2024-07-30T06:22:05+00:00 urn:sha1:e97d86e619e134f4dfda06efb7df4a3296d17b95 T5873: vpn ipsec remote-access: improve child ESP session naming 2024-07-27T01:26:30+00:00 Lucas Christian lucas@lucasec.com 2024-07-07T10:19:02+00:00 urn:sha1:50cf1746d3ab5e3666a3e502c67d7d853ae7f932 T5873: vpn ipsec remote-access: support VTI interfaces 2024-07-22T17:57:45+00:00 Lucas Christian lucas@lucasec.com 2023-12-29T06:26:56+00:00 urn:sha1:4d2c89dcd50d3c158dc76ac5ab843dd66105bc02 T6599: ipsec: support disabling rekey of CHILD_SA. 2024-07-22T09:15:36+00:00 Lucas Christian lucas@lucasec.com 2024-07-21T02:29:14+00:00 urn:sha1:fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections. op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation 2024-06-09T20:03:50+00:00 Christian Breunig christian@breunig.cc 2024-06-09T12:39:45+00:00 urn:sha1:d65f43589612c30dfaa5ce30aca5b8b48bf73211 In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile. op-mode: ipsec: T6407: fix profile generation 2024-05-30T09:20:56+00:00 Christian Breunig christian@breunig.cc 2024-05-30T09:20:56+00:00 urn:sha1:e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671 Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. T6237: IPSec remote access VPN: ability to set EAP ID of clients 2024-04-21T20:59:56+00:00 Alex W embezzle.dev@proton.me 2024-04-21T20:59:56+00:00 urn:sha1:78ea623df20b44309cc6ac9848ed18e97fc4ed03