people/ms/network.git
2 years agoBump version to 009 009
Michael Tremer [Thu, 10 Aug 2017 21:53:13 +0000 (23:53 +0200)] 
Bump version to 009

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoport: Don't destroy if it could not be shut down
Michael Tremer [Thu, 10 Aug 2017 21:47:27 +0000 (23:47 +0200)] 
port: Don't destroy if it could not be shut down

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoports: Drop unused and complicated info function
Michael Tremer [Thu, 10 Aug 2017 21:44:58 +0000 (23:44 +0200)] 
ports: Drop unused and complicated info function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDrop port_get_parents function
Michael Tremer [Thu, 10 Aug 2017 21:42:37 +0000 (23:42 +0200)] 
Drop port_get_parents function

This does not do anything useful

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoports: Improve function that returns the children
Michael Tremer [Thu, 10 Aug 2017 21:39:47 +0000 (23:39 +0200)] 
ports: Improve function that returns the children

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoRemove some unnecessary assertions
Michael Tremer [Thu, 10 Aug 2017 21:25:20 +0000 (23:25 +0200)] 
Remove some unnecessary assertions

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoport: Allow destroying ports that are detached
Michael Tremer [Thu, 10 Aug 2017 21:23:03 +0000 (23:23 +0200)] 
port: Allow destroying ports that are detached

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoports: Cannot delete a port that does not exist
Michael Tremer [Thu, 10 Aug 2017 21:16:20 +0000 (23:16 +0200)] 
ports: Cannot delete a port that does not exist

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Allow using no encryption
Michael Tremer [Thu, 10 Aug 2017 12:04:16 +0000 (14:04 +0200)] 
ipsec: Allow using no encryption

Fixes #11461

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Remove stuff that does not belong to certain connection types
Michael Tremer [Mon, 7 Aug 2017 16:29:24 +0000 (16:29 +0000)] 
ipsec: Remove stuff that does not belong to certain connection types

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: fix check if a pool is valid
Jonatan Schlag [Mon, 7 Aug 2017 16:20:11 +0000 (16:20 +0000)] 
ipsec: fix check if a pool is valid

We want to append the pool if the pool exist and if the pool is valid.
Not when the pool is invalid and not exists.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
2 years agoipsec: add type
Jonatan Schlag [Mon, 7 Aug 2017 15:49:18 +0000 (15:49 +0000)] 
ipsec: add type

We now specific at creation time if a connection is net-to-net or host-to-net.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: remove whitespace
Jonatan Schlag [Mon, 7 Aug 2017 15:21:24 +0000 (15:21 +0000)] 
ipsec: remove whitespace

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
2 years agoipsec: log debug message when generating an ipsec config
Jonatan Schlag [Mon, 7 Aug 2017 15:18:39 +0000 (15:18 +0000)] 
ipsec: log debug message when generating an ipsec config

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
2 years agoipsec: make it possible to use ipsec pools for ipsec connections
Jonatan Schlag [Mon, 7 Aug 2017 14:42:38 +0000 (14:42 +0000)] 
ipsec: make it possible to use ipsec pools for ipsec connections

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
2 years agoipsec: refactor ipsec pool
Jonatan Schlag [Mon, 7 Aug 2017 13:43:09 +0000 (13:43 +0000)] 
ipsec: refactor ipsec pool

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
2 years agowireless: Show signal quality in percent
Michael Tremer [Mon, 7 Aug 2017 13:34:04 +0000 (13:34 +0000)] 
wireless: Show signal quality in percent

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agowireless: Show signal quality in percent
Michael Tremer [Mon, 7 Aug 2017 13:34:04 +0000 (13:34 +0000)] 
wireless: Show signal quality in percent

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agowireless: Show channel number as well as frequency
Michael Tremer [Mon, 7 Aug 2017 13:30:12 +0000 (13:30 +0000)] 
wireless: Show channel number as well as frequency

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: add pool feature
Jonatan Schlag [Sun, 6 Aug 2017 21:47:05 +0000 (21:47 +0000)] 
ipsec: add pool feature

These functions add the possibility to maintain ipsec pools.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
2 years agoImprove loading of kernel modules
Michael Tremer [Sun, 6 Aug 2017 12:33:08 +0000 (12:33 +0000)] 
Improve loading of kernel modules

This does not need to call grep any more

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agobonding: Cleanup loading of kernel module
Michael Tremer [Sun, 6 Aug 2017 12:29:41 +0000 (12:29 +0000)] 
bonding: Cleanup loading of kernel module

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agobatman-adv: Use new function to remove device
Michael Tremer [Sun, 6 Aug 2017 12:28:53 +0000 (12:28 +0000)] 
batman-adv: Use new function to remove device

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agobatman-adv: Make sure kernel module is loaded
Michael Tremer [Sun, 6 Aug 2017 12:28:16 +0000 (12:28 +0000)] 
batman-adv: Make sure kernel module is loaded

The kernel module must be loaded when creating a new device

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoUse "ip link set X master" where ever we can
Michael Tremer [Sun, 6 Aug 2017 12:18:20 +0000 (12:18 +0000)] 
Use "ip link set X master" where ever we can

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agobridge: Show any errors when connecting a device to a bridge
Michael Tremer [Sun, 6 Aug 2017 12:08:52 +0000 (12:08 +0000)] 
bridge: Show any errors when connecting a device to a bridge

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agobonding: Use port_restart to restart a port
Michael Tremer [Sun, 6 Aug 2017 09:23:14 +0000 (09:23 +0000)] 
bonding: Use port_restart to restart a port

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agowireless-ap: Improve command line parsing
Michael Tremer [Sun, 6 Aug 2017 09:22:09 +0000 (09:22 +0000)] 
wireless-ap: Improve command line parsing

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoDHCP: Fix options parsing
Michael Tremer [Sun, 6 Aug 2017 09:21:53 +0000 (09:21 +0000)] 
DHCP: Fix options parsing

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agobonding: Major rewrite of the hook
Michael Tremer [Sun, 6 Aug 2017 08:33:23 +0000 (08:33 +0000)] 
bonding: Major rewrite of the hook

The bonding code now uses ip instead of writing to /sys
and the hook has been cleaned up, improved, tested and
received minor fixes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agodummy: Cleanup hook
Michael Tremer [Sat, 5 Aug 2017 19:38:12 +0000 (19:38 +0000)] 
dummy: Cleanup hook

No functional changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agovlan: Create devices when they don't exist, yet
Michael Tremer [Sat, 5 Aug 2017 19:22:21 +0000 (19:22 +0000)] 
vlan: Create devices when they don't exist, yet

The hotplug triggers will take care of attaching the
device to the zone it should belong to.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoRevert "Never overwrite PATH"
Michael Tremer [Sat, 5 Aug 2017 19:19:37 +0000 (19:19 +0000)] 
Revert "Never overwrite PATH"

This reverts commit 42249a1489fab6c1baae91e23fd8a91302570b48.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoutil: Drop cmd_clean_environment function
Michael Tremer [Sat, 5 Aug 2017 19:15:51 +0000 (19:15 +0000)] 
util: Drop cmd_clean_environment function

cmd is now doing this by default

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoutil: Fix cmd function and never leak anything into the environment
Michael Tremer [Sat, 5 Aug 2017 19:14:23 +0000 (19:14 +0000)] 
util: Fix cmd function and never leak anything into the environment

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Save START_ACTION parameter
Michael Tremer [Sat, 5 Aug 2017 18:40:41 +0000 (18:40 +0000)] 
ipsec: Save START_ACTION parameter

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: log a debug message when deleting a strongswan config
Jonatan Schlag [Sat, 5 Aug 2017 10:30:31 +0000 (12:30 +0200)] 
ipsec: log a debug message when deleting a strongswan config

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: fix enable and disable
Jonatan Schlag [Sat, 5 Aug 2017 10:30:30 +0000 (12:30 +0200)] 
ipsec: fix enable and disable

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Only set traffic selector marks in VTI mode
Michael Tremer [Sat, 5 Aug 2017 10:11:44 +0000 (10:11 +0000)] 
ipsec: Only set traffic selector marks in VTI mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoFix typo
Michael Tremer [Fri, 4 Aug 2017 21:52:58 +0000 (21:52 +0000)] 
Fix typo

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Make sure not to reload strongswan if it is not running
Michael Tremer [Fri, 4 Aug 2017 21:51:22 +0000 (21:51 +0000)] 
ipsec: Make sure not to reload strongswan if it is not running

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agosettings: Use file_delete to delete a file
Michael Tremer [Fri, 4 Aug 2017 21:40:53 +0000 (21:40 +0000)] 
settings: Use file_delete to delete a file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Properly shut down connections when destroyed
Michael Tremer [Fri, 4 Aug 2017 21:39:43 +0000 (21:39 +0000)] 
ipsec: Properly shut down connections when destroyed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Make sure strongswan is started when it should be
Michael Tremer [Fri, 4 Aug 2017 21:28:17 +0000 (21:28 +0000)] 
ipsec: Make sure strongswan is started when it should be

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoreset: Destroy all user-defined security policies
Michael Tremer [Fri, 4 Aug 2017 21:26:20 +0000 (21:26 +0000)] 
reset: Destroy all user-defined security policies

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoreset: Destroy all IPsec VPN connections
Michael Tremer [Fri, 4 Aug 2017 21:23:50 +0000 (21:23 +0000)] 
reset: Destroy all IPsec VPN connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agosettings: Don't log skipped configuration lines
Michael Tremer [Fri, 4 Aug 2017 21:14:55 +0000 (21:14 +0000)] 
settings: Don't log skipped configuration lines

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Add our configuration header to each configuration file
Michael Tremer [Fri, 4 Aug 2017 21:11:20 +0000 (21:11 +0000)] 
ipsec: Add our configuration header to each configuration file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Fix typo in variable check
Michael Tremer [Fri, 4 Aug 2017 21:03:03 +0000 (21:03 +0000)] 
ipsec: Fix typo in variable check

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Enable strongswan to start at boot when needed
Michael Tremer [Fri, 4 Aug 2017 20:59:06 +0000 (20:59 +0000)] 
ipsec: Enable strongswan to start at boot when needed

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Always make sure that n2n connections are unique
Michael Tremer [Fri, 4 Aug 2017 20:45:39 +0000 (20:45 +0000)] 
ipsec: Always make sure that n2n connections are unique

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: add status feature
Jonatan Schlag [Fri, 4 Aug 2017 20:20:42 +0000 (22:20 +0200)] 
ipsec: add status feature

We can now disable and enable IPsec connections.

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: reload connection when the security policy changes
Jonatan Schlag [Fri, 4 Aug 2017 19:26:37 +0000 (21:26 +0200)] 
ipsec: reload connection when the security policy changes

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: reload connection when the config changes
Jonatan Schlag [Fri, 4 Aug 2017 19:26:36 +0000 (21:26 +0200)] 
ipsec: reload connection when the config changes

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Set routes to peered networks
Michael Tremer [Fri, 4 Aug 2017 19:31:20 +0000 (19:31 +0000)] 
ipsec: Set routes to peered networks

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: GRE: Use outer IP addresses for peering
Michael Tremer [Fri, 4 Aug 2017 19:10:23 +0000 (19:10 +0000)] 
ipsec: GRE: Use outer IP addresses for peering

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoip-tunnel: Use "ip link" instead of "ip tunnel"
Michael Tremer [Fri, 4 Aug 2017 14:49:10 +0000 (14:49 +0000)] 
ip-tunnel: Use "ip link" instead of "ip tunnel"

ip tunnel seems to be in an awful condition and ip
link works just fine.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Let the updown script handle all events
Michael Tremer [Fri, 4 Aug 2017 14:48:52 +0000 (14:48 +0000)] 
ipsec: Let the updown script handle all events

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoRename fwrite to fappend
Michael Tremer [Fri, 4 Aug 2017 14:21:32 +0000 (14:21 +0000)] 
Rename fwrite to fappend

Because that is what the function is actually doing.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agosecurity-policies: Delete cached content when policy is deleted
Michael Tremer [Fri, 4 Aug 2017 14:04:57 +0000 (14:04 +0000)] 
security-policies: Delete cached content when policy is deleted

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agosecurity-policies: Rename AH proposals to IKE proposals
Michael Tremer [Fri, 4 Aug 2017 14:03:22 +0000 (14:03 +0000)] 
security-policies: Rename AH proposals to IKE proposals

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoRevert "ipsec: Only allow strict use of security policies"
Michael Tremer [Fri, 4 Aug 2017 14:02:00 +0000 (14:02 +0000)] 
Revert "ipsec: Only allow strict use of security policies"

This reverts commit a48e4dd265d6256fdc3c5b2fc8e6b85ca4d40361.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agosecurity-policies: Cache output of proposal generators
Michael Tremer [Fri, 4 Aug 2017 14:01:09 +0000 (14:01 +0000)] 
security-policies: Cache output of proposal generators

These functions are really really slow and the output stays
constants as long as the configuration is not being changed.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Only allow strict use of security policies
Michael Tremer [Fri, 4 Aug 2017 13:30:31 +0000 (13:30 +0000)] 
ipsec: Only allow strict use of security policies

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Fix DPD configuration
Michael Tremer [Fri, 4 Aug 2017 13:29:41 +0000 (13:29 +0000)] 
ipsec: Fix DPD configuration

dpd_action has to go into the children section

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agobash-autocompletion: up and down for ipsec connections
Jonatan Schlag [Fri, 4 Aug 2017 12:07:12 +0000 (14:07 +0200)] 
bash-autocompletion: up and down for ipsec connections

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Add prototype-level support for GRE tunnels
Michael Tremer [Fri, 4 Aug 2017 12:51:35 +0000 (12:51 +0000)] 
ipsec: Add prototype-level support for GRE tunnels

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoip-tunnel: Add support for GRE tunnels
Michael Tremer [Fri, 4 Aug 2017 12:50:05 +0000 (12:50 +0000)] 
ip-tunnel: Add support for GRE tunnels

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Fix configuration variable list
Michael Tremer [Fri, 4 Aug 2017 12:49:42 +0000 (12:49 +0000)] 
ipsec: Fix configuration variable list

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Add prototype-level support for VTI
Michael Tremer [Fri, 4 Aug 2017 12:12:44 +0000 (12:12 +0000)] 
ipsec: Add prototype-level support for VTI

This will create a VTI interface for IPsec connections
configured as such and bring it up so that traffic can
be passed around.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Add commands to bring connections up and down
Michael Tremer [Fri, 4 Aug 2017 11:59:04 +0000 (11:59 +0000)] 
ipsec: Add commands to bring connections up and down

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoip-tunnel: Make local address optional
Michael Tremer [Fri, 4 Aug 2017 11:57:32 +0000 (11:57 +0000)] 
ip-tunnel: Make local address optional

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agobash-autocompletion: add basic security-policy support
Jonatan Schlag [Fri, 4 Aug 2017 08:32:13 +0000 (10:32 +0200)] 
bash-autocompletion: add basic security-policy support

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoraw: add command vpn-security-policy-exists
Jonatan Schlag [Fri, 4 Aug 2017 08:32:12 +0000 (10:32 +0200)] 
raw: add command vpn-security-policy-exists

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: add local address, dpd settings and start action settings
Jonatan Schlag [Thu, 3 Aug 2017 16:33:28 +0000 (18:33 +0200)] 
ipsec: add local address, dpd settings and start action settings

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Support Dead Peer Detection
Michael Tremer [Thu, 3 Aug 2017 15:47:51 +0000 (15:47 +0000)] 
ipsec: Support Dead Peer Detection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Allow defining START_ACTION
Michael Tremer [Thu, 3 Aug 2017 15:40:21 +0000 (15:40 +0000)] 
ipsec: Allow defining START_ACTION

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Support binding a connection to a certain address
Michael Tremer [Thu, 3 Aug 2017 15:20:19 +0000 (15:20 +0000)] 
ipsec: Support binding a connection to a certain address

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Write functions to generate strongSwan configuration
Michael Tremer [Thu, 3 Aug 2017 14:53:03 +0000 (14:53 +0000)] 
ipsec: Write functions to generate strongSwan configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Disable compression in system policy
Michael Tremer [Thu, 3 Aug 2017 12:08:04 +0000 (12:08 +0000)] 
ipsec: Disable compression in system policy

Compression in IPsec is slow (strongSwan only supports
DEFLATE) and there are security concerns about it
revealing information about the plaintext.

So for a little gain in bandwith, it does not seem to
be right to take that risk right now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Fix typos in CLI parsing
Michael Tremer [Thu, 3 Aug 2017 12:07:40 +0000 (12:07 +0000)] 
ipsec: Fix typos in CLI parsing

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agosecurity-policies: List "performance" as read-only
Michael Tremer [Thu, 3 Aug 2017 12:07:21 +0000 (12:07 +0000)] 
security-policies: List "performance" as read-only

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agobash-autocompletion: fix typos
Jonatan Schlag [Thu, 3 Aug 2017 11:44:40 +0000 (13:44 +0200)] 
bash-autocompletion: fix typos

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: add basic bash completion for ipsec
Jonatan Schlag [Thu, 3 Aug 2017 10:51:27 +0000 (12:51 +0200)] 
ipsec: add basic bash completion for ipsec

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoraw: add command new list-vpn-security-policies-all
Jonatan Schlag [Thu, 3 Aug 2017 10:51:26 +0000 (12:51 +0200)] 
raw: add command new list-vpn-security-policies-all

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoraw: add new command list-ipsec-connections
Jonatan Schlag [Thu, 3 Aug 2017 10:51:25 +0000 (12:51 +0200)] 
raw: add new command list-ipsec-connections

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoraw: add new command ipsec-connection-exists
Jonatan Schlag [Thu, 3 Aug 2017 10:51:24 +0000 (12:51 +0200)] 
raw: add new command ipsec-connection-exists

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agovpn-security-policies: add new function vpn_security_policies_list_all
Jonatan Schlag [Thu, 3 Aug 2017 10:51:23 +0000 (12:51 +0200)] 
vpn-security-policies: add new function vpn_security_policies_list_all

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: add new function ipsec_list_connections
Jonatan Schlag [Thu, 3 Aug 2017 10:51:22 +0000 (12:51 +0200)] 
ipsec: add new function ipsec_list_connections

Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoFix typo
Jonatan Schlag [Thu, 3 Aug 2017 09:26:53 +0000 (09:26 +0000)] 
Fix typo

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agowpa_supplication: Correctly escape SSIDs with spaces
Michael Tremer [Thu, 3 Aug 2017 09:26:14 +0000 (09:26 +0000)] 
wpa_supplication: Correctly escape SSIDs with spaces

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agovti: Disable policy lookups for VTI devices
Michael Tremer [Mon, 31 Jul 2017 09:28:33 +0000 (11:28 +0200)] 
vti: Disable policy lookups for VTI devices

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Check PSK for a good length
Michael Tremer [Mon, 31 Jul 2017 09:12:02 +0000 (11:12 +0200)] 
ipsec: Check PSK for a good length

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Fix typo in warning message
Michael Tremer [Sun, 30 Jul 2017 17:02:15 +0000 (19:02 +0200)] 
ipsec: Fix typo in warning message

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Fix another shell syntax error
Michael Tremer [Sun, 30 Jul 2017 17:01:11 +0000 (19:01 +0200)] 
ipsec: Fix another shell syntax error

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Always make value of AUTH_MODE uppercase
Michael Tremer [Sun, 30 Jul 2017 17:00:42 +0000 (19:00 +0200)] 
ipsec: Always make value of AUTH_MODE uppercase

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Add connection show command
Michael Tremer [Sun, 30 Jul 2017 16:30:34 +0000 (18:30 +0200)] 
ipsec: Add connection show command

This shows the current configuration of a connection

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Fix another bash syntax error
Michael Tremer [Sun, 30 Jul 2017 16:29:44 +0000 (18:29 +0200)] 
ipsec: Fix another bash syntax error

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Fix typo
Michael Tremer [Sun, 30 Jul 2017 13:37:15 +0000 (15:37 +0200)] 
ipsec: Fix typo

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2 years agoipsec: Move connections to /etc/network/vpn/ipsec/connections
Michael Tremer [Sun, 30 Jul 2017 13:29:13 +0000 (15:29 +0200)] 
ipsec: Move connections to /etc/network/vpn/ipsec/connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>