vyos-1x.git/interface-definitions/include/ipsec, branch T6732-reusable-build-image VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=T6732-reusable-build-image 2024-07-22T17:57:45+00:00 T5873: vpn ipsec remote-access: support VTI interfaces 2024-07-22T17:57:45+00:00 Lucas Christian lucas@lucasec.com 2023-12-29T06:26:56+00:00 urn:sha1:4d2c89dcd50d3c158dc76ac5ab843dd66105bc02 ipsec: T5606: T5871: Use multi node for CA certificates 2024-03-28T13:34:26+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2024-03-28T13:06:33+00:00 urn:sha1:952b1656f5164f6cfc601e040b48384859e7a222 This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates. Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended. ipsec: T5998: add replay-windows setting 2024-02-03T12:01:02+00:00 Christian Breunig christian@breunig.cc 2024-02-02T19:44:29+00:00 urn:sha1:4d943d8fbf1253154897179b0e3ea2d93b898197 The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040> T5226: Combine ipv4-address and ipv6-address validators 2023-05-17T04:10:36+00:00 Indrajit Raychaudhuri irc@indrajit.com 2023-05-17T01:49:59+00:00 urn:sha1:96d846d27ac818ee9a23bb7194bb58cfb7093387 Use a single ip-address validator to combine and replace ipv4-address and ipv6-address validators. ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer 2022-09-16T11:53:41+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-08-10T19:51:48+00:00 urn:sha1:bd4588827b563022ce5fb98b1345b787b9194176 Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script ipsec: T2816: add completion help for IP addresses to local-address node 2022-05-19T18:57:16+00:00 Christian Poessinger christian@poessinger.com 2022-05-19T18:57:16+00:00 urn:sha1:55b075df8260b46541972d6f62bcc0956a7af50d xml: T4047: use full string match in the regex validator 2022-04-29T17:51:50+00:00 Christian Poessinger christian@poessinger.com 2022-04-29T17:51:50+00:00 urn:sha1:80ecb1b7aaab47edeb355c3b74a763e940d88179 ipsec prefix: T4275: Fix for prefix val_help of remote-access and s2s vpn 2022-03-07T09:44:08+00:00 srividya0208 a.srividya@vyos.io 2022-03-07T09:44:08+00:00 urn:sha1:27404f71c85187403b3ae1b73b95e6347e07ea97 It accepts network as the input value but the completion help is showing ip address, continuation of previous commit xml: provide common "pre-shared-secret" include block 2021-07-17T05:29:48+00:00 Christian Poessinger christian@poessinger.com 2021-07-14T19:40:54+00:00 urn:sha1:6a8080e1c0a7254ffb7046d543b9bff5618ff136 pki: T3642: Migrate rsa-keys to PKI configuration 2021-07-06T22:53:27+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2021-07-06T21:19:48+00:00 urn:sha1:5a7c46016a23387312b2c9e18528ad7bb20e8366