summaryrefslogtreecommitdiff
path: root/op-mode-definitions/vpn-ipsec.xml.in
AgeCommit message (Collapse)Author
2024-07-17op-mode: T6577: create generic service restart helper to work with the APImergify/bp/circinus/pr-3817Christian Breunig
Right now we have multiple restart helpers (e.g. dhcp server, ssh, ntp) that all do the same (more or less): * Check if service is configured on CLI * Restart if configured * Error out if unconfigured This is not available via the op-mode API. Create a new restart.py op-mode helper that takes the service name and possible VRF as argument so it's also exposed via API. (cherry picked from commit c74ae852152b0c3c3f00a1847d081d28f500e178)
2023-09-05T5423: Fix for op-mode show vpn ike secretsViacheslav Hletenko
We don't use ipsec.secrets anymore Fix op-mode for "show vpn ike secrets". Ability to get "RAW" format
2023-05-04opmode: T5191: replace underscores with hyphens in generated optionsDaniil Baturin
2023-04-14ipsec: T5042: Rewritten 'show vpn ipsec remote-access' commandaapostoliuk
Now 'show vpn ipsec remote-access' shows only IKEv2 Remote access VPN IPSec connections. Added option 'summary' that shows a summary table for these connections. Added option 'detail' that shows only RA SAs output of 'swanctl -l' Added options 'username' and 'connection-id' that filters output. Fixed output 'show vpn ipsec sa detail', the previous was 'show vpn ipsec sa verbose'.
2023-03-30ipsec: T5093: Fixed 'reset vpn ipsec profile' commandaapostoliuk
Fixed 'reset vpn ipsec profile' command using vici library and new op-mode style. Added ability to use 'reset vpn ipsec profile' command with 'remote-host' option.
2023-03-16ipsec: T5043: Rewritten and fixed 'reset vpn' commandsaapostoliuk
1. Rewritten CLI of 'reset vpn' commands. 2. Created 'reset vpn ipsec remote-access' commands to reset RA IKEv2 session. 3. Created 'reset vpn ipsec site-to-site all' command to reset all configured IPSec site-to-site peers sessions. 4. Rewritten 'reset vpn l2t|pptp|sstp' commands to new opmode style.
2023-02-24ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici libraryaapostoliuk
1. Changed reset IPSEC, IKE SAs to use vici library. 2. Created package vyos.ipsec to communicate with vici library.
2023-02-14strongSwan: T4593: move to charon-systemdChristian Breunig
2023-02-14ipsec: T4985: Fixed 'reset vpn ipsec-peer {peer}' commandaapostoliuk
Fixed 'reset vpn ipsec-peer {peer}' command. The op-mode script uses value 'None' in the 'tunnel' parameter to clear all CHILD SAs.
2022-11-15T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states. Ability to get --raw data
2022-10-01T4722: consistently use the "IPsec" spelling for IPsecDaniil Baturin
2022-08-04ipsec: T4594: Rewrite op-mode show vpn ipsec saViacheslav Hletenko
Rewrite op-mode "show vpn ipsec sa" to new format Use vyos.opmode format Ability to get raw and formatted output
2022-07-25Merge pull request #1433 from sever-sever/T4568Christian Poessinger
ipsec: T4568: Fix debug IPsec peer op-mode
2022-07-25ipsec: T4568: Fix debug IPsec peerViacheslav Hletenko
Debug Connections for a peer wasn't checked because of typo in var `conns` Replace ':' to '-' for IPv6 peers
2022-07-25IPsec: T4552: Fix reset vpn ipsec peerViacheslav Hletenko
When we use IPv6 peer we need to make a replacement ":" => "-" for correct resetting as it doesn't match get_peer_connections() regex Use new format "vyos.opmode"
2021-08-14op-mode: vpn: use over absolute pathChristian Poessinger
2021-08-14op-mode: combine two "show vpn" definitionsChristian Poessinger
2021-07-07pki: T3642: Migrate rsa-keys to PKI configurationsarthurdev
2021-07-02ipsec: T3656: T3659: Fix pass-through with ipv6. Fix op-mode ipsec commands. ↵sarthurdev
Remove python3-crypto dependency.
2021-06-01ipsec: T2816: XML in op-mode should not contain ' in the help stringChristian Poessinger
2021-05-28ipsec: T2816: IPSec python rework, includes DMVPN and VTI supportSimon