vyos-1x.git/src/migration-scripts/ipsec, branch T6674-circ-trigger

T6199: remove unused Python imports from migration scripts

2024-04-06T08:46:30+00:00

ipsec: T5981: Strip '@' from migrated peer name

2024-02-12T19:53:44+00:00

T5953: Changed values of 'close-action' to Strongswan values

2024-01-17T15:46:38+00:00

Changed the value from 'hold' to 'trap' in the 'close-action' option in the IKE group. Changed the value from 'restart' to 'start' in the 'close-action' option in the IKE group.

T4658: Renamed DPD action value from 'hold' to 'trap'

2024-01-16T14:26:26+00:00

Renamed DPD action value from 'hold' to 'trap'

T5427: Fix migration script arguments len expects 2 args

2023-08-02T09:12:23+00:00

The script's name is always provided as the first argument sys.argv[0] Expected length for argv is 2 (script itself + config file) Change: 'if (len(argv) < 1)' to 'if len(argv) < 2'

T5195: vyos.util -> vyos.utils package refactoring (#2093)

2023-07-14T20:18:36+00:00

* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io

ipsec: T4916: Fixed migrations script

2023-03-02T16:46:50+00:00

* removed unused `re` from imports * replaced `return_value()` to `return_values()` for `remote-address` because this is a multi-value configuration node

ipsec: T4593: Migrate and remove legacy `include-ipsec` nodes

2023-02-15T11:57:25+00:00

Not supported with swanctl

T4916: Rewrite IPsec peer authentication and psk migration

2023-01-26T11:28:03+00:00

Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer authentication pre-shared-secret xxx' => 'ipsec authentication psk secret xxx' set vpn ipsec authentication psk id '192.0.2.1' set vpn ipsec authentication psk id '192.0.2.2' set vpn ipsec authentication psk secret 'xxx' set vpn ipsec site-to-site peer authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'

T4879: IPsec migration script remote-id for peer name eq address

2022-12-19T16:32:24+00:00

Migration for "remote-id" where peer is IPv4 or IPv6 address was missed It was only migration if peer starts with "@" It cause that you must manualy set 'remote-id' to get it working correctly replace 'vpn ipsec site-to-site peer 192.0.2.2' => 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'