vyos-1x.git/interface-definitions/include/version/ipsec-version.xml.i, branch mergify/bp/circinus/pr-3989 VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=mergify%2Fbp%2Fcircinus%2Fpr-3989 2024-01-16T14:26:26+00:00 T4658: Renamed DPD action value from 'hold' to 'trap' 2024-01-16T14:26:26+00:00 aapostoliuk a.apostoliuk@vyos.io 2024-01-16T14:26:26+00:00 urn:sha1:9f4aee5778eefa0a17d4795430d50e4a046e88b0 Renamed DPD action value from 'hold' to 'trap' ipsec: T4593: Migrate and remove legacy `include-ipsec` nodes 2023-02-15T11:57:25+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2023-02-15T11:57:25+00:00 urn:sha1:45b16864b11ea49087ce4a279e2c0e741a97c0ee Not supported with swanctl T4916: Rewrite IPsec peer authentication and psk migration 2023-01-26T11:28:03+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-01-17T11:04:08+00:00 urn:sha1:7ae0b404ad9fdefa856c7e450b224b47d854a4eb Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4' ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer 2022-09-16T11:53:41+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2022-08-10T19:51:48+00:00 urn:sha1:bd4588827b563022ce5fb98b1345b787b9194176 Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script ipsec: T4288: bump config version 8 -> 9 2022-03-24T17:42:40+00:00 Christian Poessinger christian@poessinger.com 2022-03-24T17:42:40+00:00 urn:sha1:e700bd3e22e080525e70ce560c0e48d41a80a9d2 xml: T3474: add component version include files 2022-02-16T22:26:25+00:00 John Estabrook jestabro@vyos.io 2022-02-16T17:31:23+00:00 urn:sha1:3795fdba8edf8e81298370d6cd8d81a779ae2997 Add the include files containing the syntaxVersion element defining the version of the respective component; these files are included by the top level file 'xml-component-versions.xml.in'. Processing of these elements was previously added to the python xml lib in commit 40f5359d. This will replace the use of 'curver_DATA' in vyatta-cfg-system and other legacy packages.