vyos-1x.git/src/migration-scripts/ipsec/9-to-10, branch currentVyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)
https://git.amelek.net/vyos/vyos-1x.git/atom?h=current2025-06-28T21:16:52+00:00T7591: remove copyright years from source files2025-06-28T21:16:52+00:00Christian Breunigchristian@breunig.cc2025-06-28T18:51:21+00:00urn:sha1:1478516ae437f19ebeb7d6ff9b83dd74f8e76758
The legal team says years are not necessary so we can go ahead with it, since
it will simplify backporting.
Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \
's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors <maintainers@vyos.io>/g'
In addition we will error-out during "make" if someone re-adds a legacy
copyright notice
migration: T6007: convert all migration scripts to load as module2024-06-26T20:38:41+00:00John Estabrookjestabro@vyos.io2024-06-20T01:16:05+00:00urn:sha1:26740a8d583f64dc0a27b59dd4ae303056972c0bT6199: remove unused Python imports from migration scripts2024-04-06T08:46:30+00:00Christian Breunigchristian@breunig.cc2024-04-06T08:46:30+00:00urn:sha1:489e6fababa60d9c0fbfdb421305cbe563432499T5427: Fix migration script arguments len expects 2 args2023-08-02T09:12:23+00:00Viacheslav Hletenkov.gletenko@vyos.io2023-08-02T09:12:23+00:00urn:sha1:d1923b7b58795f0d9635ae0e8df110f591881bdf
The script's name is always provided as the first argument sys.argv[0]
Expected length for argv is 2 (script itself + config file)
Change: 'if (len(argv) < 1)' to 'if len(argv) < 2'
T4879: IPsec migration script remote-id for peer name eq address2022-12-19T16:32:24+00:00Viacheslav Hletenkov.gletenko@vyos.io2022-12-19T16:32:24+00:00urn:sha1:34edb6c19fd77af3ec621905e45631e4901ef574
Migration for "remote-id" where peer is IPv4 or IPv6 address
was missed
It was only migration if peer starts with "@"
It cause that you must manualy set 'remote-id' to get it working
correctly
replace 'vpn ipsec site-to-site peer 192.0.2.2'
=> 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'
ipsec: T4118: bugfix migration of IKEv2 road-warrior "id" CLI option2022-09-20T18:32:57+00:00Christian Poessingerchristian@poessinger.com2022-09-20T18:32:55+00:00urn:sha1:2eb0ddc54ea8bf50f62cc381eb3356363194c6fd
The "authentication id" option for road-warriors did not get migrated to
the new local-id CLI node. This has been fixed.
ipsec: T4118: bugfix config migrator 9-to-102022-09-19T18:29:23+00:00Christian Poessingerchristian@poessinger.com2022-09-19T18:29:14+00:00urn:sha1:e9c233d65cfffccca131afb4cfb0bcaae0836c39
When a CLI node is set with a migrator and is not a valueLess node, we need to
specify the "value" using the value= operation in config.set().
This fixes the config load error: vyos.configsession.ConfigSessionError: Invalid
config file (syntax error): error at line 353
ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peer2022-09-16T11:53:41+00:00Viacheslav Hletenkov.gletenko@vyos.io2022-08-10T19:51:48+00:00urn:sha1:bd4588827b563022ce5fb98b1345b787b9194176
Migration and Change boolean nodes "enable/disable" to
disable-xxxx, enable-xxxx and just xxx for VPN IPsec
configurations
- IKE changes:
- replace 'ipsec ike-group <tag> mobike disable'
=> 'ipsec ike-group <tag> disable-mobike'
- replace 'ipsec ike-group <tag> ikev2-reauth yes|no'
=> 'ipsec ike-group <tag> ikev2-reauth'
- ESP changes:
- replace 'ipsec esp-group <tag> compression enable'
=> 'ipsec esp-group <tag> compression'
- PEER changes:
- replace: 'peer <tag> id xxx'
=> 'peer <tag> local-id xxx'
- replace: 'peer <tag> force-encapsulation enable'
=> 'peer <tag> force-udp-encapsulation'
- add option: 'peer <tag> remote-address x.x.x.x'
Add 'peer <name> remote-address <name>' via migration script