summaryrefslogtreecommitdiff
path: root/src/migration-scripts/ipsec
AgeCommit message (Collapse)Author
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-03-03ipsec: T4916: Fixed migrations scriptjbordongit
* removed unused `re` from imports * replaced `return_value()` to `return_values()` for `remote-address` because this is a multi-value configuration node
2023-02-15ipsec: T4593: Migrate and remove legacy `include-ipsec` nodessarthurdev
Not supported with swanctl
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2022-12-19T4879: IPsec migration script remote-id for peer name eq addressViacheslav Hletenko
Migration for "remote-id" where peer is IPv4 or IPv6 address was missed It was only migration if peer starts with "@" It cause that you must manualy set 'remote-id' to get it working correctly replace 'vpn ipsec site-to-site peer 192.0.2.2' => 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'
2022-09-20ipsec: T4118: bugfix migration of IKEv2 road-warrior "id" CLI optionChristian Poessinger
The "authentication id" option for road-warriors did not get migrated to the new local-id CLI node. This has been fixed.
2022-09-19ipsec: T4118: bugfix config migrator 9-to-10Christian Poessinger
When a CLI node is set with a migrator and is not a valueLess node, we need to specify the "value" using the value= operation in config.set(). This fixes the config load error: vyos.configsession.ConfigSessionError: Invalid config file (syntax error): error at line 353
2022-09-16ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peerViacheslav Hletenko
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script
2022-05-25configtest: T4382: fix missing delete of 'ipsec-interfaces' nodeJohn Estabrook
Migration of bgp-azure-ipsec-gateway and bgp_dmvpn_hub reveals that migration script ipsec/5-to-6 leaves the empty node 'ipsec-interfaces' after moving the interface; fix the migration script, as it is not yet in 1.3.
2022-03-24ipsec: T4288: drop leading empty line to detect runtime environmentChristian Poessinger
2022-03-24ike-group: T4288 : close-action is missing in swanctl.confsrividya0208
close-action parameter is missing in the swanctl.conf file
2021-07-22ipsec: T2816: remove "auto-update" CLI optionChristian Poessinger
Update/refresh of DNS records is now handled internally by Strongswan.
2021-07-17ipsec: T2816: migrate "ipsec interfaces" to "interface"Christian Poessinger
2021-07-07pki: T3642: Migrate rsa-keys to PKI configurationsarthurdev
2021-07-03ipsec: T2816: rework log options for debuggingChristian Poessinger
Renamed CLI from "logging log-modes" to "log subsystem" and "logging log-level" to "log level". THat is more human firendly.
2021-07-01pki: ipsec: T3642: Update migration script to account for file permission issuessarthurdev
2021-06-29pki: ipsec: T3642: Migrate IPSec to use PKI configurationsarthurdev
2021-06-07ipsec: T3588: remove site-to-site tunnel CLI options only valid in OpenswanChristian Poessinger
2021-06-06ipsec: T3588: remove CLI options deprecated by strongSwanChristian Poessinger
- set vpn ipsec nat-traversal - set vpn ipsec nat-networks allowed-network
2021-06-06T1168: ipsec: add copyright header to migration scriptChristian Poessinger
2019-01-07Fix: T1168 - Upgrade: 1,1,7 -> 1.2.0-epa2 (command conversion)hagbard