]>
git.ipfire.org Git - people/jschlag/network.git/log
Jonatan Schlag [Fri, 18 Aug 2017 11:45:18 +0000 (13:45 +0200)]
util: add normalize function
This function remove all non alpha numerical characters from a string
and substitute this characters with one -
So HELLO%%/$&/)%$%(&&HH becomes hello-hh
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 18 Aug 2017 12:20:38 +0000 (12:20 +0000)]
Drop wireless-adhoc port
This was only useful for B.A.T.M.A.N. and could not be
attached to a bridge zone which leaves it useless for us.
The backend functionality is kept to potentially implement
this as a zone again.
Fixes #11460
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 18 Aug 2017 12:15:38 +0000 (12:15 +0000)]
Remove B.A.T.M.A.N.
We do not seem to have an obvious application for this
and since 802.11s is wider supported we will support
that for wireless mesh networks instead.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 18 Aug 2017 12:09:24 +0000 (12:09 +0000)]
bridge: Correctly apply STP priority
Fixes #10609
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 18 Aug 2017 11:12:41 +0000 (11:12 +0000)]
Rename make_parent_dir to make_parent_directory
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 18 Aug 2017 10:01:22 +0000 (10:01 +0000)]
dhclient-script: IP addresses could change on REBIND
When the client binds to a new DHCP server, the IP address
could change and therefore we need to check if that has
happened and update everything accordingly.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 18 Aug 2017 09:56:30 +0000 (09:56 +0000)]
dhclient-script: No need to set up the device again
To get the lease, the device must have been up
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 18 Aug 2017 09:12:32 +0000 (09:12 +0000)]
wpa_supplicant: Use nl80211 instead of wext to communicate with the kernel
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 18 Aug 2017 09:10:36 +0000 (09:10 +0000)]
wpa_supplicant: Fix typo in variable name
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 18 Aug 2017 09:09:49 +0000 (09:09 +0000)]
wpa_supplicant: Move configuration to /etc/wpa_supplicant
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 22:05:32 +0000 (22:05 +0000)]
wpa_supplicant: Drop config helper
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 21:53:50 +0000 (21:53 +0000)]
802.11s: Write WPA supplicant configuration
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 21:52:20 +0000 (21:52 +0000)]
wpa_supplicant: Support 802.11s
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 21:50:41 +0000 (21:50 +0000)]
Remove obsolete comment
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 21:50:12 +0000 (21:50 +0000)]
802.11s: Allow setting a PSK for SAE authentication
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 21:42:50 +0000 (21:42 +0000)]
wpa_supplicant: Rename zone variable to device
Since we are using this for ports now, too, the variable
should have a generic name and the zone check must be removed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 20:02:42 +0000 (20:02 +0000)]
Remove zone_dir and zone_file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 19:49:16 +0000 (19:49 +0000)]
Dropping port_dir()
This function is always returning constant values but
needs to fork a subshell for that which has some performance
impact.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 19:43:13 +0000 (19:43 +0000)]
device_get_all: Drop function
This is basically device_list which is used everywhere else
in the code.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 19:39:55 +0000 (19:39 +0000)]
Introduce list_directory
This function lists all files in a directory which
is a functionality that we use very very often.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 17 Aug 2017 19:25:24 +0000 (19:25 +0000)]
hooks_list: Remove duplicate function
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 16 Aug 2017 15:36:56 +0000 (17:36 +0200)]
ipsec-pools: reload pools after destroying pools
Fixes: #11433
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 16 Aug 2017 15:36:55 +0000 (17:36 +0200)]
ipsec-pool: delete on destroy also the swanctl configuration file
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 16 Aug 2017 15:18:46 +0000 (17:18 +0200)]
network reset: destroy all IPsec pools
Fixes: #11432
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Wed, 16 Aug 2017 14:43:42 +0000 (14:43 +0000)]
Drop bridge-stp script
This is not doing anything useful for us any more and the kernel
is always logging "failed to start userspace STP" which is true,
but it is not meant to start.
So to avoid any confusion, we will just drop this script.
Fixes: #11464
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 16 Aug 2017 09:46:58 +0000 (11:46 +0200)]
ipsec-connection: add description feature
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 16 Aug 2017 09:46:57 +0000 (11:46 +0200)]
ipsec-connection: add color support
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 16 Aug 2017 07:02:47 +0000 (09:02 +0200)]
ipsec: accept also psk and use pre-shared-key instead of psk
Fixes: #11454
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 16 Aug 2017 06:37:40 +0000 (08:37 +0200)]
ipsec: move pool function in a seperated file
Fixes: #11447
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 16 Aug 2017 06:25:13 +0000 (08:25 +0200)]
network fix parameter passing when using ""
When we use "" on the command line to pass a value with spaces
the argument was broken when passing it to the next function.
Now the argument is kept as one string with spaces
Fixes: #11438
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Wed, 16 Aug 2017 06:19:39 +0000 (08:19 +0200)]
vpn-security-policies: fix +/- syntax handling for group type and integrity
Fixes: #11445
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 15 Aug 2017 21:41:17 +0000 (21:41 +0000)]
wireless: Validate channels
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 15 Aug 2017 21:25:53 +0000 (21:25 +0000)]
Always destroy zones immediately
The delayed destroyal does not make much sense when this is not
implemented for ports, etc.
Fixes #11434
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 15 Aug 2017 21:16:47 +0000 (21:16 +0000)]
Print a useful message when bringing up a port that has not been created, yet
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 15 Aug 2017 21:04:37 +0000 (21:04 +0000)]
Add port hook for wireless mesh devices after 802.11s
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 15 Aug 2017 21:03:49 +0000 (21:03 +0000)]
wireless: Allow creating mesh points
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 15 Aug 2017 21:03:27 +0000 (21:03 +0000)]
wireless: Allow setting the channel when creating a device
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Tue, 15 Aug 2017 21:02:44 +0000 (21:02 +0000)]
ports: Make a generic hook_new function
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Aug 2017 21:53:13 +0000 (23:53 +0200)]
Bump version to 009
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Aug 2017 21:47:27 +0000 (23:47 +0200)]
port: Don't destroy if it could not be shut down
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Aug 2017 21:44:58 +0000 (23:44 +0200)]
ports: Drop unused and complicated info function
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Aug 2017 21:42:37 +0000 (23:42 +0200)]
Drop port_get_parents function
This does not do anything useful
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Aug 2017 21:39:47 +0000 (23:39 +0200)]
ports: Improve function that returns the children
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Aug 2017 21:25:20 +0000 (23:25 +0200)]
Remove some unnecessary assertions
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Aug 2017 21:23:03 +0000 (23:23 +0200)]
port: Allow destroying ports that are detached
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Aug 2017 21:16:20 +0000 (23:16 +0200)]
ports: Cannot delete a port that does not exist
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Thu, 10 Aug 2017 12:04:16 +0000 (14:04 +0200)]
ipsec: Allow using no encryption
Fixes #11461
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 7 Aug 2017 16:29:24 +0000 (16:29 +0000)]
ipsec: Remove stuff that does not belong to certain connection types
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 7 Aug 2017 16:20:11 +0000 (16:20 +0000)]
ipsec: fix check if a pool is valid
We want to append the pool if the pool exist and if the pool is valid.
Not when the pool is invalid and not exists.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Mon, 7 Aug 2017 15:49:18 +0000 (15:49 +0000)]
ipsec: add type
We now specific at creation time if a connection is net-to-net or host-to-net.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Mon, 7 Aug 2017 15:21:24 +0000 (15:21 +0000)]
ipsec: remove whitespace
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Mon, 7 Aug 2017 15:18:39 +0000 (15:18 +0000)]
ipsec: log debug message when generating an ipsec config
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Mon, 7 Aug 2017 14:42:38 +0000 (14:42 +0000)]
ipsec: make it possible to use ipsec pools for ipsec connections
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Jonatan Schlag [Mon, 7 Aug 2017 13:43:09 +0000 (13:43 +0000)]
ipsec: refactor ipsec pool
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Michael Tremer [Mon, 7 Aug 2017 13:34:04 +0000 (13:34 +0000)]
wireless: Show signal quality in percent
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 7 Aug 2017 13:34:04 +0000 (13:34 +0000)]
wireless: Show signal quality in percent
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Mon, 7 Aug 2017 13:30:12 +0000 (13:30 +0000)]
wireless: Show channel number as well as frequency
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sun, 6 Aug 2017 21:47:05 +0000 (21:47 +0000)]
ipsec: add pool feature
These functions add the possibility to maintain ipsec pools.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Michael Tremer [Sun, 6 Aug 2017 12:33:08 +0000 (12:33 +0000)]
Improve loading of kernel modules
This does not need to call grep any more
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 6 Aug 2017 12:29:41 +0000 (12:29 +0000)]
bonding: Cleanup loading of kernel module
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 6 Aug 2017 12:28:53 +0000 (12:28 +0000)]
batman-adv: Use new function to remove device
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 6 Aug 2017 12:28:16 +0000 (12:28 +0000)]
batman-adv: Make sure kernel module is loaded
The kernel module must be loaded when creating a new device
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 6 Aug 2017 12:18:20 +0000 (12:18 +0000)]
Use "ip link set X master" where ever we can
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 6 Aug 2017 12:08:52 +0000 (12:08 +0000)]
bridge: Show any errors when connecting a device to a bridge
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 6 Aug 2017 09:23:14 +0000 (09:23 +0000)]
bonding: Use port_restart to restart a port
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 6 Aug 2017 09:22:09 +0000 (09:22 +0000)]
wireless-ap: Improve command line parsing
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 6 Aug 2017 09:21:53 +0000 (09:21 +0000)]
DHCP: Fix options parsing
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sun, 6 Aug 2017 08:33:23 +0000 (08:33 +0000)]
bonding: Major rewrite of the hook
The bonding code now uses ip instead of writing to /sys
and the hook has been cleaned up, improved, tested and
received minor fixes.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 5 Aug 2017 19:38:12 +0000 (19:38 +0000)]
dummy: Cleanup hook
No functional changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 5 Aug 2017 19:22:21 +0000 (19:22 +0000)]
vlan: Create devices when they don't exist, yet
The hotplug triggers will take care of attaching the
device to the zone it should belong to.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 5 Aug 2017 19:19:37 +0000 (19:19 +0000)]
Revert "Never overwrite PATH"
This reverts commit
42249a1489fab6c1baae91e23fd8a91302570b48 .
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 5 Aug 2017 19:15:51 +0000 (19:15 +0000)]
util: Drop cmd_clean_environment function
cmd is now doing this by default
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 5 Aug 2017 19:14:23 +0000 (19:14 +0000)]
util: Fix cmd function and never leak anything into the environment
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 5 Aug 2017 18:40:41 +0000 (18:40 +0000)]
ipsec: Save START_ACTION parameter
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 5 Aug 2017 10:30:31 +0000 (12:30 +0200)]
ipsec: log a debug message when deleting a strongswan config
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Sat, 5 Aug 2017 10:30:30 +0000 (12:30 +0200)]
ipsec: fix enable and disable
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Sat, 5 Aug 2017 10:11:44 +0000 (10:11 +0000)]
ipsec: Only set traffic selector marks in VTI mode
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 21:52:58 +0000 (21:52 +0000)]
Fix typo
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 21:51:22 +0000 (21:51 +0000)]
ipsec: Make sure not to reload strongswan if it is not running
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 21:40:53 +0000 (21:40 +0000)]
settings: Use file_delete to delete a file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 21:39:43 +0000 (21:39 +0000)]
ipsec: Properly shut down connections when destroyed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 21:28:17 +0000 (21:28 +0000)]
ipsec: Make sure strongswan is started when it should be
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 21:26:20 +0000 (21:26 +0000)]
reset: Destroy all user-defined security policies
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 21:23:50 +0000 (21:23 +0000)]
reset: Destroy all IPsec VPN connections
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 21:14:55 +0000 (21:14 +0000)]
settings: Don't log skipped configuration lines
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 21:11:20 +0000 (21:11 +0000)]
ipsec: Add our configuration header to each configuration file
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 21:03:03 +0000 (21:03 +0000)]
ipsec: Fix typo in variable check
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 20:59:06 +0000 (20:59 +0000)]
ipsec: Enable strongswan to start at boot when needed
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 20:45:39 +0000 (20:45 +0000)]
ipsec: Always make sure that n2n connections are unique
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Fri, 4 Aug 2017 20:20:42 +0000 (22:20 +0200)]
ipsec: add status feature
We can now disable and enable IPsec connections.
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Fri, 4 Aug 2017 19:26:37 +0000 (21:26 +0200)]
ipsec: reload connection when the security policy changes
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Jonatan Schlag [Fri, 4 Aug 2017 19:26:36 +0000 (21:26 +0200)]
ipsec: reload connection when the config changes
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 19:31:20 +0000 (19:31 +0000)]
ipsec: Set routes to peered networks
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 19:10:23 +0000 (19:10 +0000)]
ipsec: GRE: Use outer IP addresses for peering
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 14:49:10 +0000 (14:49 +0000)]
ip-tunnel: Use "ip link" instead of "ip tunnel"
ip tunnel seems to be in an awful condition and ip
link works just fine.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 14:48:52 +0000 (14:48 +0000)]
ipsec: Let the updown script handle all events
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 14:21:32 +0000 (14:21 +0000)]
Rename fwrite to fappend
Because that is what the function is actually doing.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 14:04:57 +0000 (14:04 +0000)]
security-policies: Delete cached content when policy is deleted
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 14:03:22 +0000 (14:03 +0000)]
security-policies: Rename AH proposals to IKE proposals
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Michael Tremer [Fri, 4 Aug 2017 14:02:00 +0000 (14:02 +0000)]
Revert "ipsec: Only allow strict use of security policies"
This reverts commit
a48e4dd265d6256fdc3c5b2fc8e6b85ca4d40361 .
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>