vyatta-cfg-vpn (0.12.105+vyos2+current6) unstable; urgency=low

  * T833: accel-ppp: pptp implementation

 -- hagbard <vyosdev@derith.de>  Wed, 06 Mar 2019 10:57:35 -0800

vyatta-cfg-vpn (0.12.105+vyos2+current5) unstable; urgency=low

  * T1168 - logging mode changed from all to any when configured.

 -- hagbard <vyosdev@derith.de>  Mon, 07 Jan 2019 11:24:15 -0800

vyatta-cfg-vpn (0.12.105+vyos2+current4) unstable; urgency=medium

  * T1048 - [IPSec] Protocol all does not work in IPSec Tunnel
    - syntax has changed (https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection)

 -- hagbard <vyosdev@derith.de>  Thu, 06 Dec 2018 11:02:21 -0800

vyatta-cfg-vpn (0.12.105+vyos2+current3) unstable; urgency=medium

  * Merge StrongSWAN 5.x compatibility changes from Jeff Leung

 --  <daniil@baturin.org>  Thu, 11 Feb 2016 12:31:57 -0500

vyatta-cfg-vpn (0.12.105+vyos2+current2) unstable; urgency=low

  * Remove dependency on vyatta-ipsec for migration to upstream
    strongswan.

 -- Daniil Baturin <daniil@baturin.org>  Mon, 25 Jan 2016 14:15:24 +0100

vyatta-cfg-vpn (0.12.105+vyos2+current1) unstable; urgency=medium

  [ Thomas Jepp ]
  * Fix build depends.

  [ Kim Hagen ]

 -- Kim Hagen <kim.sidney@gmail.com>  Sun, 24 Jan 2016 15:04:53 -0500

vyatta-cfg-vpn (0.12.105+vyos2+lithium17) unstable; urgency=low

  [ Alex Harpin ]
  * vyatta-cfg-vpn: validate local address for vti based vpn connections 

 -- Alex Harpin <development@landsofshadow.co.uk>  Sun, 28 Jun 2015 13:44:16 +0100
 
vyatta-cfg-vpn (0.12.105+vyos2+lithium16) unstable; urgency=low

  [ Alex Harpin ]
  * vyatta-cfg-vpn: validate peer address for vti based vpn connections

 -- Alex Harpin <development@landsofshadow.co.uk>  Fri, 26 Jun 2015 07:51:33 +0100
 
vyatta-cfg-vpn (0.12.105+vyos2+lithium15) unstable; urgency=low

  [ Alex Harpin ]
  * vyatta-cfg-vpn: formatting changes for style consistency
  * vyatta-cfg-vpn: further tidy up of vyatta-vti-config.pl
  * vyatta-cfg-vpn: vti interfaces remain link down after ipsec sa renewal

 -- Alex Harpin <development@landsofshadow.co.uk>  Thu, 18 Jun 2015 07:44:43 +0100
 
vyatta-cfg-vpn (0.12.105+vyos2+lithium14) unstable; urgency=low

  * vyatta-cfg-vpn: update dh_gencontrol with new development build flag

 -- Alex Harpin <development@landsofshadow.co.uk>  Tue, 16 Jun 2015 19:35:00 +0100
 
vyatta-cfg-vpn (0.12.105+vyos2+lithium13) unstable; urgency=low

  * Bug #504: add an option for pulling IPsec local id from the cert.

 -- Daniil Baturin <daniil@baturin.org>  Sun, 14 Jun 2015 01:53:07 +0200

vyatta-cfg-vpn (0.12.105+vyos2+lithium12) unstable; urgency=low

  * Bug #469: add options for AES-128/256-GCM mode.

 -- Daniil Baturin <daniil@baturin.org>  Mon, 04 May 2015 00:37:05 +0200

vyatta-cfg-vpn (0.12.105+vyos2+lithium11) unstable; urgency=low

  [ Kim Hagen ]
  * Move execution of nhrp script to "end" of ipsec config
  
  [ Alex Harpin ]

 -- Alex Harpin <development@landsofshadow.co.uk>  Thu, 02 Apr 2015 21:53:48 +0100
 
vyatta-cfg-vpn (0.12.105+vyos2+lithium10) unstable; urgency=low

  [ Kim Hagen ]
  * Bug #367 - DMVPN Testing, but I do not see ESP traffic.
  
  [ Alex Harpin ]

 -- Alex Harpin <development@landsofshadow.co.uk>  Mon, 09 Feb 2015 22:23:51 +0000
 
vyatta-cfg-vpn (0.12.105+vyos2+lithium9) unstable; urgency=low

  * Remove @ from the id/remote-id help string. It was never required.

 -- Daniil Baturin <daniil@baturin.org>  Mon, 19 Jan 2015 13:01:38 +0100

vyatta-cfg-vpn (0.12.105+vyos2+lithium8) unstable; urgency=low

  * Bug #348: remove unnecessary restrictions on the PSK format.

 -- Daniil Baturin <daniil@baturin.org>  Mon, 19 Jan 2015 12:40:01 +0100

vyatta-cfg-vpn (0.12.105+vyos2+lithium7) unstable; urgency=low

  [ Alex Harpin ]
  * vyatta-cfg-vpn: update pre-shared secret key help for single quotes
  
 -- Alex Harpin <development@landsofshadow.co.uk>  Sat, 17 Jan 2015 19:00:11 +0000
 
vyatta-cfg-vpn (0.12.105+vyos2+lithium6) unstable; urgency=low

  * Update maintainer address
  
 -- Alex Harpin <development@landsofshadow.co.uk>  Fri, 26 Dec 2014 09:23:42 +0000
 
vyatta-cfg-vpn (0.12.105+vyos2+lithium5) unstable; urgency=low

  [ Jason Hendry ]
  * Exposing ikev2 reauth option in CLI, defaulting to 'no'
  * Fixing syntax error in vpn-config.pl, fixing allowed parameters in
    the per-tunnel ikev2-reauth node

  [ Daniil Baturin ]
  * Bug #414: quote the leftid value to avoid problems with non-
    alphanumeric characters.
  * Bug #415: use remote-id for peer ID unconditionally if it's set.

 -- Daniil Baturin <daniil@baturin.org>  Fri, 19 Dec 2014 21:40:28 +0100

vyatta-cfg-vpn (0.12.105+vyos2+lithium4) unstable; urgency=low

  [ Alex Harpin ]
  * vyatta-cfg-vpn: remove the cfgvti helper program

 -- Alex Harpin <development@landsofshadow.co.uk>  Fri, 05 Dec 2014 07:53:03 +0000

vyatta-cfg-vpn (0.12.105+vyos2+lithium3) unstable; urgency=low

  [ Alex Harpin ]
  * vyatta-cfg-vpn: move scripts/vtiIntf.pm to lib/Vyatta/VPN/vtiIntf.pm
  * vyatta-cfg-vpn: update parseVtiTun to account for vti changes
  * vyatta-cfg-vpn: update vti creation in line with changes to strongswan
  * vyatta-cfg-vpn: reduce the vti mark base to prevent integer overflow
  * vyatta-cfg-vpn: formatting changes for style consistency

 -- Alex Harpin <development@landsofshadow.co.uk>  Fri, 05 Dec 2014 00:24:52 +0000
 
vyatta-cfg-vpn (0.12.105+vyos2+lithium2) unstable; urgency=low

  * Update changelog for the new branch.

 -- Daniil Baturin <daniil@baturin.org>  Wed, 29 Oct 2014 22:22:22 +0100

vyatta-cfg-vpn (0.12.105+vyos2+lithium1) unstable; urgency=low

  * new branch

 -- Daniil Baturin <daniil@baturin.org>  Wed, 29 Oct 2014 22:21:03 +0100

vyatta-cfg-vpn (0.12.105+vyos1+helium4) unstable; urgency=low

  * Remove the VTI script after use.

 -- Daniil Baturin <daniil@baturin.org>  Sun, 19 Oct 2014 18:01:23 +0200

vyatta-cfg-vpn (0.12.105+vyos1+helium3) unstable; urgency=low

  [ Kim Hagen ]
  * Rename vyatta-update-nhrp.pl to vyos-update-nhrp.pl and change
    options
  * Remove gre-multipoint reference

  [ Alex Harpin ]
  * vyatta-cfg-vpn: add libnfnetlink-dev to build dependencies
  * vyatta-cfg-vpn: updated the debian package maintainer address
  * vyatta-cfg-vpn: fix for vti interface going down remains routed
  * vyatta-cfg-vpn: rename vti-up-down.sh to vti-up-down
  * vyatta-cfg-vpn: formatting changes for style consistency
  * vyatta-cfg-vpn: prevent duplicate local rsa key includes

  [ Daniil Baturin ]

 -- Daniil Baturin <daniil@baturin.org>  Wed, 08 Oct 2014 16:34:06 +0200

vyatta-cfg-vpn (0.12.105+vyos1+helium2) unstable; urgency=low

  [ Daniil Baturin ]
  * Bug #183: Add up-client action to the interface up/down script.

  [ Jeff Leung ]
  * Adding initial support for IKEv2/IKEv1 Site-to-Site VPN's by adding
    the optional "vpn ipsec ike-group <IKEGROUP> key-exchange"
    parameter.

  [ Ryan Riske ]
  * Add support for DH groups 14-26
  * Bug 220: Add support for SHA2 hashes

  [ Jeff Leung ]
  * Remove automatic IKE version negoiation.

  [ Ryan Riske ]
  * Bug 197: Add back support for groups 22-24 for phase2 pfs

  [ Jeff Leung ]
  * Initial MOBIKE Configuration Support

  [ Ryan Riske ]
  * Bug 241: Use auto=route for connection-type respond.

  [ Daniil Baturin ]
  * Bug #224: rename "enabled|disabled" to "enable|disable" for
    consistency.

 -- Daniil Baturin <daniil@baturin.org>  Sun, 03 Aug 2014 12:52:48 +0200

vyatta-cfg-vpn (0.12.105+vyos1+helium1) unstable; urgency=low

  * New branch

 -- Daniil Baturin <daniil@baturin.org>  Sat, 15 Feb 2014 16:55:34 +0100

vyatta-cfg-vpn (0.12.105+hydrogen2) unstable; urgency=low

  [ Stig Thormodsrud ]
  * Move %any peers to the end in ipsec.secrets
  * Fix vpn ppp up script

  [ Daniil Baturin ]

 -- Daniil Baturin <daniil@baturin.org>  Wed, 29 Jan 2014 04:30:23 +0100

vyatta-cfg-vpn (0.12.105+hydrogen1) unstable; urgency=low

  * New branch

 -- Daniil Baturin <daniil@baturin.org>  Sun, 17 Nov 2013 00:17:23 +0100

vyatta-cfg-vpn (0.12.105+daisy6) unstable; urgency=low

  * perltidy run for vyatta-cfg-vpn

 -- Saurabh Mohan <saurabh@vyatta.com>  Tue, 19 Feb 2013 16:27:11 -0800

vyatta-cfg-vpn (0.12.105+daisy5) unstable; urgency=low

  * mGRE support for change of local-ip addr change.

 -- Saurabh Mohan <saurabh@vyatta.com>  Tue, 12 Feb 2013 16:12:16 -0800

vyatta-cfg-vpn (0.12.105+daisy4) unstable; urgency=low

  * Bug 8666: merged.

 -- Saurabh Mohan <saurabh@vyatta.com>  Tue, 05 Feb 2013 14:57:44 -0800

vyatta-cfg-vpn (0.12.105+daisy3) unstable; urgency=low

  * Dmvpn merge with mirantis jan22-2013

 -- Saurabh Mohan <saurabh@vyatta.com>  Tue, 22 Jan 2013 12:31:45 -0800

vyatta-cfg-vpn (0.12.105+daisy2) unstable; urgency=low

  * DMVPN support with profiles.

 -- Saurabh Mohan <saurabh@vyatta.com>  Thu, 27 Dec 2012 16:49:19 -0800

vyatta-cfg-vpn (0.12.105+daisy1) unstable; urgency=low

  * create daisy branch

 -- John Southworth <john.southworth@vyatta.com>  Sat, 13 Oct 2012 13:30:46 -0700

vyatta-cfg-vpn (0.12.105) unstable; urgency=low

  * new branch

 -- John Southworth <john.southworth@vyatta.com>  Fri, 12 Oct 2012 19:47:01 -0700

vyatta-cfg-vpn (0.12.104) unstable; urgency=low

  [ Bharat ]
  * Bug 8200: Changed grep to not display shim6

  [ bharat ]

 -- bharat <bharat@git.vyatta.com>  Thu, 04 Oct 2012 11:57:22 -0700

vyatta-cfg-vpn (0.12.103) unstable; urgency=low

  * Bugfix 8358: Handle vti tunnel src, dst changing while the bind
    tunnel name stays the same.

 -- Saurabh Mohan <saurabh@vyatta.com>  Tue, 18 Sep 2012 12:51:32 -0700

vyatta-cfg-vpn (0.12.102) unstable; urgency=low

  * Bugfix 8289: Vti mark values should be implicit

 -- Saurabh Mohan <saurabh@vyatta.com>  Mon, 10 Sep 2012 14:21:31 -0700

vyatta-cfg-vpn (0.12.101) unstable; urgency=low

  * Bugfix 8277: For connection type respond do not attempt keying
    forever

 -- Saurabh Mohan <saurabh@vyatta.com>  Tue, 04 Sep 2012 10:35:12 -0700

vyatta-cfg-vpn (0.12.100) unstable; urgency=low

  * Update config version from 3 to 4.

 -- Daniil Baturin <daniil.baturin@vyatta.com>  Thu, 23 Aug 2012 21:56:18 +0700

vyatta-cfg-vpn (0.12.99) unstable; urgency=low

  * Bugfix: 8276: Change htonl after parsing the input.

 -- Saurabh Mohan <saurabh@vyatta.com>  Mon, 13 Aug 2012 18:59:25 -0700

vyatta-cfg-vpn (0.12.98) unstable; urgency=low

  * Bugfix 8276: Vti not working on a 32-bit machine due to sign bit
    overload.

 -- Saurabh Mohan <saurabh@vyatta.com>  Mon, 13 Aug 2012 14:43:29 -0700

vyatta-cfg-vpn (0.12.97) unstable; urgency=low

  * Bugfix 8264: Check if the intf name is defined before using it in
    the script.

 -- Saurabh Mohan <saurabh@vyatta.com>  Thu, 09 Aug 2012 14:08:40 -0700

vyatta-cfg-vpn (0.12.96) unstable; urgency=low

  * Bugfix 8222: deletion and adding bind parameter under vti deletes
    vti interface in show interfaces output though vti configuration
    exists

 -- Saurabh Mohan <saurabh@vyatta.com>  Wed, 25 Jul 2012 14:54:38 -0700

vyatta-cfg-vpn (0.12.95) unstable; urgency=low

  * Workaround to setup vti ko and cleaner error message.

 -- Saurabh Mohan <saurabh@vyatta.com>  Mon, 16 Jul 2012 14:27:23 -0700

vyatta-cfg-vpn (0.12.94) unstable; urgency=low

  * Bugfix: 8015: supress perl warnings.

 -- Saurabh Mohan <saurabh@vyatta.com>  Mon, 18 Jun 2012 10:45:52 -0700

vyatta-cfg-vpn (0.12.93) unstable; urgency=low

  * VTI: Add support call for checking for vti interface name.

 -- Saurabh Mohan <saurabh@vyatta.com>  Mon, 11 Jun 2012 17:50:57 -0700

vyatta-cfg-vpn (0.12.92) unstable; urgency=low

  * VTI bring tunnel based on ipsec-sa state.

 -- Saurabh Mohan <saurabh@vyatta.com>  Mon, 04 Jun 2012 16:41:12 -0700

vyatta-cfg-vpn (0.12.91) unstable; urgency=low

  * Bugfix 8100: Be flexible in char accepted in id field.

 -- Saurabh Mohan <saurabh@vyatta.com>  Thu, 31 May 2012 18:40:43 -0700

vyatta-cfg-vpn (0.12.90) unstable; urgency=low

  * Default keyexchange ikev1.
  * VTI: cfg mark/bind change handlers.

 -- Saurabh Mohan <saurabh@vyatta.com>  Fri, 18 May 2012 14:51:58 -0700

vyatta-cfg-vpn (0.12.89) unstable; urgency=low

  * Vti config support.

 -- Saurabh Mohan <saurabh@vyatta.com>  Wed, 16 May 2012 17:46:40 -0700

vyatta-cfg-vpn (0.12.88) unstable; urgency=low

  * Add a script for validating single IPv4 or IPv6 address with no
    prefix
  * Rename local-ip option to local-address.
  * Add IPv6 address completion for peer.
  * Fix protocol help string capitalization.
  * Rename "local/remote subnet" to "local/remote prefix".
  * Add any special case for local-address instead of 0.0.0.0.
  * Add commit-time config validation.

 -- Daniil Baturin <daniil.baturin@vyatta.com>  Thu, 29 Mar 2012 03:19:37 +0700

vyatta-cfg-vpn (0.12.87) unstable; urgency=low

  * new branch

 -- Deepti Kulkarni <deepti@vyatta.com>  Sat, 03 Mar 2012 02:25:40 -0800

vyatta-cfg-vpn (0.12.86) unstable; urgency=low

  * Fix uninitilized  bug

 -- John Southworth <john.southworth@vyatta.com>  Wed, 29 Feb 2012 19:19:00 +0000

vyatta-cfg-vpn (0.12.85) unstable; urgency=low

  * Bugfix 6839: Warn that pre-shared key changes aren't loaded until a
    rekey interval

 -- John Southworth <john.southworth@vyatta.com>  Tue, 28 Feb 2012 13:32:32 -0800

vyatta-cfg-vpn (0.12.84) unstable; urgency=low

  * Switched POSIX character classes to standard character classes
    representing the same data; removed unneeded '.' from regex; add
    similar regex to match remote-id

 -- John Southworth <john.southworth@vyatta.com>  Mon, 19 Sep 2011 16:59:20 -0500

vyatta-cfg-vpn (0.12.83) unstable; urgency=low

  * Remove no longer mandatory nodes so that VPN will work smoothly with
    webgui2

 -- John Southworth <john.southworth@vyatta.com>  Mon, 11 Jul 2011 18:42:52 -0500

vyatta-cfg-vpn (0.12.82) unstable; urgency=low

  * new branch

 -- Deepti Kulkarni <deepti@vyatta.com>  Thu, 07 Jul 2011 20:56:08 -0700

vyatta-cfg-vpn (0.12.81) unstable; urgency=low

  * Bugfix 6767: Move /tmp/ipsec.log to /var/log/vyatta and rotate it.

 -- Bob Gilligan <gilligan@vyatta.com>  Wed, 15 Jun 2011 18:29:05 -0700

vyatta-cfg-vpn (0.12.80) unstable; urgency=low

  * Bugfix 7145: same changes were needed for site-to-site as well

 -- John Southworth <john.southworth@vyatta.com>  Wed, 08 Jun 2011 17:44:40 -0500

vyatta-cfg-vpn (0.12.79) unstable; urgency=low

  * add help and check for missed auth node so users put it in /config

 -- Mohit Mehta <mohit@vyatta.com>  Fri, 15 Apr 2011 14:08:55 -0700

vyatta-cfg-vpn (0.12.78) unstable; urgency=low

  * * Add help and checks for IPsec x509 nodes to push

 -- Mohit Mehta <mohit@vyatta.com>  Wed, 13 Apr 2011 18:09:27 -0700

vyatta-cfg-vpn (0.12.77) unstable; urgency=low

  * Bugfix 6972: Suppress messages from the ipsec dhcp script

 -- John Southworth <john.southworth@vyatta.com>  Fri, 01 Apr 2011 17:14:16 -0500

vyatta-cfg-vpn (0.12.76) unstable; urgency=low

  * Fix perlcritic errors

 -- John Southworth <john.southworth@vyatta.com>  Tue, 08 Mar 2011 16:53:29 -0600

vyatta-cfg-vpn (0.12.75) unstable; urgency=low

  * Much cleaner way to do the check to see if something has changed in
    the ipsec or rsa-key config tree.

 -- John Southworth <john.southworth@vyatta.com>  Wed, 23 Feb 2011 18:36:02 -0600

vyatta-cfg-vpn (0.12.74) unstable; urgency=low

  * Don't make vpn-config.pl run if there were no relevant changes,
    before it ran everytime there was a change in pptp or l2tp configs
    as well.

 -- John Southworth <john.southworth@vyatta.com>  Wed, 23 Feb 2011 18:05:47 -0600

vyatta-cfg-vpn (0.12.73) unstable; urgency=low

  * Add bond interfaces to available dhcp interfaces in tab completion
  * Make sure only interfaces with dhcp enabled are allowed as a dhcp-
    interface
  * Fix some dhcp config problems

 -- John Southworth <john.southworth@vyatta.com>  Tue, 22 Feb 2011 19:58:49 -0600

vyatta-cfg-vpn (0.12.72) unstable; urgency=low

  * Fix minor x509 configuration error message problem
  * fix some node.def errors

 -- John Southworth <john.southworth@vyatta.com>  Tue, 22 Feb 2011 17:54:18 -0600

vyatta-cfg-vpn (0.12.71) unstable; urgency=low

  * Fix the no old ip given from dhclient problem

 -- John Southworth <john.southworth@vyatta.com>  Thu, 17 Feb 2011 18:28:49 -0600

vyatta-cfg-vpn (0.12.70) unstable; urgency=low

  * Log the change when this script is run

 -- John Southworth <john.southworth@vyatta.com>  Thu, 17 Feb 2011 16:14:36 -0600

vyatta-cfg-vpn (0.12.69) unstable; urgency=low

  * Reread secrets before an update

 -- John Southworth <john.southworth@vyatta.com>  Thu, 17 Feb 2011 15:41:28 -0600

vyatta-cfg-vpn (0.12.68) unstable; urgency=low

  * Fix initial boot problems for dhcp interfaces

 -- John Southworth <john.southworth@vyatta.com>  Thu, 17 Feb 2011 13:32:48 -0600

vyatta-cfg-vpn (0.12.67) unstable; urgency=low

  * Added Placeholder for ipsec dhclient hook

 -- John Southworth <john.southworth@vyatta.com>  Thu, 17 Feb 2011 11:57:42 -0600

vyatta-cfg-vpn (0.12.66) unstable; urgency=low

  * Initial support for configuring dhcp-interfaces for IPSEC, needs
    testing

 -- John Southworth <john.southworth@vyatta.com>  Wed, 16 Feb 2011 19:16:41 -0600

vyatta-cfg-vpn (0.12.65) unstable; urgency=low

  * Add template for auto-update cli

 -- John Southworth <john.southworth@vyatta.com>  Wed, 09 Feb 2011 13:45:44 -0600

vyatta-cfg-vpn (0.12.64) unstable; urgency=low

  * Initial x509 for site-to-site ipsec vpn

 -- John Southworth <john.southworth@vyatta.com>  Tue, 08 Feb 2011 19:07:06 -0600

vyatta-cfg-vpn (0.12.63) unstable; urgency=low

  * Bugfix 5802: add auto-update feature, for Dynamic DNS peers

 -- John Southworth <john.southworth@vyatta.com>  Mon, 07 Feb 2011 15:59:29 -0600

vyatta-cfg-vpn (0.12.62) unstable; urgency=low

  * change ipsec config version in Makefile as well

 -- Mohit Mehta <mohit@vyatta.com>  Fri, 04 Feb 2011 18:34:18 -0800

vyatta-cfg-vpn (0.12.61) unstable; urgency=low

  * change ipsec config version
  * change ipsec config version

 -- John Southworth <john.southworth@vyatta.com>  Fri, 04 Feb 2011 19:20:42 -0600

vyatta-cfg-vpn (0.12.60) unstable; urgency=low

  * Add the ability to define a default esp group for tunnels under a
    peer to use

 -- John Southworth <john.southworth@vyatta.com>  Fri, 04 Feb 2011 17:48:59 -0600

vyatta-cfg-vpn (0.12.59) unstable; urgency=low

  * Move protocol out of local and remote nodes as it has to be the same

 -- John Southworth <john.southworth@vyatta.com>  Fri, 04 Feb 2011 13:24:13 -0600

vyatta-cfg-vpn (0.12.58) unstable; urgency=low

  * Initial additions to support local and remote protoport in general
    instead of just for GRE

 -- John Southworth <john.southworth@vyatta.com>  Thu, 03 Feb 2011 19:21:54 -0600

vyatta-cfg-vpn (0.12.57) unstable; urgency=low

  * Make vpn errors and exiting consistent

 -- John Southworth <john.southworth@vyatta.com>  Mon, 31 Jan 2011 17:09:33 -0600

vyatta-cfg-vpn (0.12.56) unstable; urgency=low

  * Fix problem with multiple psk being generated per peer

 -- John Southworth <john.southworth@vyatta.com>  Mon, 31 Jan 2011 13:28:52 -0600

vyatta-cfg-vpn (0.12.55) unstable; urgency=low

  * Bugfix: 5684, added quotes around rsa keys in ipsec.conf so that
    strongswan doesn't fail on ==

 -- John Southworth <john.southworth@vyatta.com>  Fri, 28 Jan 2011 16:38:54 -0600

vyatta-cfg-vpn (0.12.54) unstable; urgency=low

  * Bugfix: 5677 add protoport option for simpler GRE tunnels, for now
    this is specifically for GRE more protocols can be added in the
    future if required.

 -- John Southworth <john.southworth@vyatta.com>  Wed, 26 Jan 2011 19:02:50 -0600

vyatta-cfg-vpn (0.12.53) unstable; urgency=low

  * Make VPN config die after the first error occurs instead of
    continuing to process the rest of the config

 -- John Southworth <john.southworth@vyatta.com>  Wed, 26 Jan 2011 12:33:01 -0600

vyatta-cfg-vpn (0.12.52) unstable; urgency=low

  * Fixed node.def to adhere to CLI conventions

 -- John Southworth <john.southworth@vyatta.com>  Wed, 26 Jan 2011 11:24:14 -0600

vyatta-cfg-vpn (0.12.51) unstable; urgency=low

  * Bug 2506: Moved the connection-type node to the peer level, as
    discussed with support.

 -- John Southworth <john.southworth@vyatta.com>  Wed, 26 Jan 2011 11:02:54 -0600

vyatta-cfg-vpn (0.12.50) unstable; urgency=low

  * Bugfix 6068. This fixes the given perl problem, however there may be
    more that appear. We should die when an error is found and stop
    processing the file

 -- John Southworth <john.southworth@vyatta.com>  Tue, 25 Jan 2011 18:42:07 -0600

vyatta-cfg-vpn (0.12.49) unstable; urgency=low

  * Bugfix 6229: don't allow local and remote subnets to be the same

 -- John Southworth <john.southworth@vyatta.com>  Tue, 25 Jan 2011 18:21:22 -0600

vyatta-cfg-vpn (0.12.48) unstable; urgency=low

  * bugfix: 2506 added option to define initiatior or responder mode
  * bugfix: 2506 added option to define initiatior or responder mode

 -- John Southworth <john.southworth@vyatta.com>  Tue, 25 Jan 2011 18:12:54 -0600

vyatta-cfg-vpn (0.12.47) unstable; urgency=low

  * fix conflict while merging
  * make adjustment so that op mode can deal with new secrets file
    format

 -- John Southworth <john.southworth@vyatta.com>  Thu, 20 Jan 2011 19:41:18 -0600

vyatta-cfg-vpn (0.12.46) unstable; urgency=low

  * error location support changes to vpn (local-ip and auth missing
    only at this time).
  * more location based error support.

 -- Michael Larson <mike@vyatta.com>  Mon, 17 Jan 2011 12:11:55 -0800

vyatta-cfg-vpn (0.12.45) unstable; urgency=low

  * new branch

 -- An-Cheng Huang <ancheng@vyatta.com>  Tue, 28 Dec 2010 13:48:03 -0800

vyatta-cfg-vpn (0.12.44) unstable; urgency=low

  * remove deprecated linda override
  * Fix email address
  * Update list of created files in .gitignore

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Fri, 26 Nov 2010 11:10:24 -0800

vyatta-cfg-vpn (0.12.43) unstable; urgency=low

  * UNRELEASED

 -- An-Cheng Huang <ancheng@vyatta.com>  Thu, 02 Sep 2010 18:28:36 -0700

vyatta-cfg-vpn (0.12.42) unstable; urgency=low

  * remove low-level config dir usage

 -- An-Cheng Huang <ancheng@vyatta.com>  Tue, 17 Aug 2010 18:24:29 -0700

vyatta-cfg-vpn (0.12.41) unstable; urgency=low

  * update help text to use val_help

 -- An-Cheng Huang <ancheng@vyatta.com>  Tue, 17 Aug 2010 15:31:14 -0700

vyatta-cfg-vpn (0.12.40) unstable; urgency=low

  * UNRELEASED

 -- An-Cheng Huang <ancheng@vyatta.com>  Thu, 22 Jul 2010 17:23:43 -0700

vyatta-cfg-vpn (0.12.39) unstable; urgency=low

  * remove unused options

 -- An-Cheng Huang <ancheng@vyatta.com>  Thu, 22 Jul 2010 11:32:45 -0700

vyatta-cfg-vpn (0.12.38) unstable; urgency=low

  * remove verb usage from begining of help strings

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 21 Jul 2010 18:37:19 -0700

vyatta-cfg-vpn (0.12.37) unstable; urgency=low

  * Fix Bug 5652 set ike/ipsec keying tries to forever

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 03 Jun 2010 16:36:11 -0700

vyatta-cfg-vpn (0.12.36) unstable; urgency=low

  * add passthrough connection if remote-subnet contains local-subnet

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 26 May 2010 20:15:16 -0700

vyatta-cfg-vpn (0.12.35) unstable; urgency=low

  * Fix Bug 5542

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Mon, 19 Apr 2010 18:48:05 -0700

vyatta-cfg-vpn (0.12.34) unstable; urgency=low

  * Fix Bug 5500  Unable to establish a VPN connection from a remote
    peer with a

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 31 Mar 2010 15:36:41 -0700

vyatta-cfg-vpn (0.12.33) unstable; urgency=low

  * Replace old form (expression) in end: tag
  * Fix perl critic warnings

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Tue, 30 Mar 2010 08:33:14 -0700

vyatta-cfg-vpn (0.12.32) unstable; urgency=low

  * Fix Bug 5087 add support to specify PFS group when PFS is enabled

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 18 Mar 2010 14:56:04 -0700

vyatta-cfg-vpn (0.12.31) unstable; urgency=low

  * UNRELEASED

 -- An-Cheng Huang <ancheng@vyatta.com>  Wed, 17 Feb 2010 16:13:41 -0800

vyatta-cfg-vpn (0.12.30) unstable; urgency=low

  * 1. use correct notation to represent private,public networks

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Fri, 05 Feb 2010 19:06:12 -0800

vyatta-cfg-vpn (0.12.29) unstable; urgency=low

  * Fix Bug 1832 VPN copy-tos Disabling copy-tos field doesn't work

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Sat, 30 Jan 2010 13:45:09 -0800

vyatta-cfg-vpn (0.12.28) unstable; urgency=low

  * remove dead code. we use 'ipsec update' to update changes to
    connections now
  * perltidy vpn-config.pl

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 28 Jan 2010 15:46:23 -0800

vyatta-cfg-vpn (0.12.27) unstable; urgency=low

  * add back CLI node for disabling uniqreqid

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Mon, 25 Jan 2010 14:35:18 -0800

vyatta-cfg-vpn (0.12.26) unstable; urgency=low

  * bump up ipsec version

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 14 Jan 2010 12:06:23 -0800

vyatta-cfg-vpn (0.12.25) unstable; urgency=low

  * vyatta-cfg-vpn depends on vyatta-ipsec provided by vyatta-strongswan
  * First pass code changes to vyatta-cfg-vpn for migration to
    strongswan :
  * no need to maintain state of connections and take state-specific
    actions for
  * add comment to identify end of connection description
  * * remove extraneous unused code
  * Do not start IKEv2 daemon for now
  * use leftsourceip to add route to remote subnet

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Tue, 12 Jan 2010 17:20:05 -0800

vyatta-cfg-vpn (0.12.24) unstable; urgency=low

  * skipping used tags
  
 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 02 Dec 2009 10:57:39 -0800

vyatta-cfg-vpn (0.12.22) unstable; urgency=low

  * added required keyword to help text.

 -- Michael Larson <slioch@slioch.vyatta.com>  Mon, 30 Nov 2009 16:45:35 -0800

vyatta-cfg-vpn (0.12.21) unstable; urgency=low

  * pptp config check not needed when vpn ipsec is configured
  * 0.12.19

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 25 Nov 2009 16:05:50 -0800

vyatta-cfg-vpn (0.12.19) unstable; urgency=low

  * pptp config check not needed when vpn ipsec is configured

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 25 Nov 2009 15:59:16 -0800

vyatta-cfg-vpn (0.12.18) unstable; urgency=low

  * dependency update

 -- Michael Larson <slioch@slioch.vyatta.com>  Fri, 13 Nov 2009 14:13:54 -0800

vyatta-cfg-vpn (0.12.17) unstable; urgency=low

  * use vyatta openswan

 -- An-Cheng Huang <ancheng@vyatta.com>  Fri, 06 Nov 2009 15:05:37 -0800

vyatta-cfg-vpn (0.12.16) unstable; urgency=low

  [ Robert Bays ]
  * add support for same reqids to openswan cfg

  [ Mohit Mehta ]
  * indent and reformat script using perltidy in hope of making it
    easier to read
  * more formatting clean-up

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Mon, 02 Nov 2009 16:29:01 -0800

vyatta-cfg-vpn (0.12.15) unstable; urgency=low

  * add priority to project node.

 -- slioch <slioch@eng-140.vyatta.com>  Tue, 20 Oct 2009 16:21:00 -0700

vyatta-cfg-vpn (0.12.14) unstable; urgency=low

  * add allowed values for ike, esp groups

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Fri, 09 Oct 2009 18:36:18 -0700

vyatta-cfg-vpn (0.12.13) unstable; urgency=low

  * Fix Bug 3011 Remote VPN configuration issues site-to-site warning

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Tue, 06 Oct 2009 16:27:25 -0700

vyatta-cfg-vpn (0.12.12) unstable; urgency=low

  * Fix 4902: setting ipsec site-to-site tunnel with authentication id
    <> and local-ip 0.0.0.0 got "no connection named <>"

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 04 Sep 2009 17:16:42 -0700

vyatta-cfg-vpn (0.12.11) unstable; urgency=low

  * add enable node below tunnel with default flag = true
  * convert enable to disable node for vpn tunnel
  * added support in configuration script to support tunnel disable
    node.
  * manage state of add|delete|restart on connections for vpn given
    disable node.

 -- slioch <slioch@eng-140.vyatta.com>  Thu, 27 Aug 2009 14:36:04 -0700

vyatta-cfg-vpn (0.12.10) unstable; urgency=low

  * added description field to site-to-site peer.

 -- slioch <slioch@eng-140.vyatta.com>  Thu, 13 Aug 2009 09:24:10 -0700

vyatta-cfg-vpn (0.12.9) unstable; urgency=low

  * Fix 4623: Removing IPSEC VPN config without removing cluster ipsec
    config drops all interfaces.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 10 Jul 2009 14:13:06 -0700

vyatta-cfg-vpn (0.12.8) unstable; urgency=low

  * UNRELEASED

 -- An-Cheng Huang <ancheng@vyatta.com>  Fri, 29 May 2009 18:35:35 -0700

vyatta-cfg-vpn (0.12.7) unstable; urgency=low

  * Fix 3836: Allow VPN authentication ID to accept values of IP
    address, domain name and "" enclosed phrases

 -- Stig Thormodsrud <stig@vyatta.com>  Tue, 26 May 2009 18:51:05 -0700

vyatta-cfg-vpn (0.12.6) unstable; urgency=low

  * Bugfix 3284: Allow commit to succeed if local-ip is not configured.

 -- Bob Gilligan <gilligan@vyatta.com>  Wed, 08 Apr 2009 18:04:59 -0700

vyatta-cfg-vpn (0.12.5) unstable; urgency=low

  * Bugfix 2387: Don't list interfaces in ipsec config file.

 -- Bob Gilligan <gilligan@vyatta.com>  Mon, 06 Apr 2009 16:43:15 -0700

vyatta-cfg-vpn (0.12.4) unstable; urgency=low

  * Change "ipsec-interfaces" to use vyatta-interfaces.pl for allowed
    tag.

 -- Stig Thormodsrud <stig@vyatta.com>  Thu, 26 Mar 2009 12:29:06 -0700

vyatta-cfg-vpn (0.12.3) unstable; urgency=low

  * Fix 4219: IPsec VPN does not launch on boot, error "The local-ip
    address X.X.X.X of peer "X.X.X.X" has not been configured in any of
    the local.

 -- Stig Thormodsrud <stig@vyatta.com>  Mon, 16 Mar 2009 20:57:23 -0700

vyatta-cfg-vpn (0.12.2) unstable; urgency=low

  * Remove perlcritic warnings
  * Fix use of unitialized value
  * Fix ambiguous use of $log

 -- Stephen Hemminger <shemminger@vyatta.com>  Thu, 12 Feb 2009 14:22:11 -0800

vyatta-cfg-vpn (0.12.1) unstable; urgency=low

  [ An-Cheng Huang ]
  * add support for development build

  [ Stephen Hemminger ]
  * Rename VyattaVPNUtil to Vyatta::VPNUtil
  * Convert to Vyatta:: hierarchy

  [ An-Cheng Huang ]
  * update maintainer information
  * "files" file should be removed before package build

 -- An-Cheng Huang <ancheng@vyatta.com>  Thu, 08 Jan 2009 09:26:01 -0800

vyatta-cfg-vpn (0.12) unstable; urgency=low

	  3.2.0
  [ Mark O'Brien ]


  [ Mohit Mehta ]
  * allow '+' as a valid character in pre-shared-secret

  [ Stig Thormodsrud ]
  * Remove unused rsa keys.

  [ Mohit Mehta ]
  * Part of fix for bug 3762 Update help and error strings for vpn pre-
    shared secret value

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@firebolt.vyatta.com>  Tue, 25 Nov 2008 19:09:27 -0800

vyatta-cfg-vpn (0.11) unstable; urgency=low

	  3.1.2
  [ Mark O'Brien ]


  [ Stig Thormodsrud ]
  * Fix 3300: VPN over PPPOE completely fails on reboot

  [ An-Cheng Huang ]
  * fix for bug 3044: hide perl error messages
  * add config version file
  * fix for bugs 3044, 3047, and 3048: support ipsec road warriors.

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@firebolt.vyatta.com>  Wed, 23 Jul 2008 21:35:55 -0700

vyatta-cfg-vpn (0.10) unstable; urgency=low

	  3.1.0
  [ Mark O'Brien ]


  [ Mohit Mehta ]
  * - disallowing use of special characters ';' and '?' in pre-shared-
    secret as they were not in glendale
  * Bug 3194 VPN: xml error in "show vpn ike" command output
  * Bug 3194 VPN: xml error in "show vpn ike" command output

  [ Stig Thormodsrud ]
  * Fix 2043: enhancement - add ability to use a hostname instead of IP
    address fo VPN peer.

  [ rbalocca ]
  * Ignore derived files

  [ Stig Thormodsrud ]
  * Fix 3182: VPN should not be started at boot unless configured.

  [ rbalocca ]
  * Don't include empty dir in the debian package
  * Convert to our method of changelog creation

  [ Mohit Mehta ]
  * Fix Bug 3069 Help strings should be standardized

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@firebolt.vyatta.com>  Tue, 17 Jun 2008 09:26:29 -0700

vyatta-cfg-vpn (0.9) unstable; urgency=low

  3.0.5


 -- Mark O'Brien <mobrien@vyatta.com>  Tue, 06 May 2008 12:43:17 -0700

vyatta-cfg-vpn (0.8) unstable; urgency=low

  3.0.4


 -- Mark O'Brien <mobrien@vyatta.com>  Mon, 05 May 2008 16:40:37 -0700

vyatta-cfg-vpn (0.7) unstable; urgency=low

  3.0.3
  [ Mark O'Brien ]


  [ rbalocca ]
  * Indicate the VC4.0.2 release candidate in the changelog

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Tue, 29 Apr 2008 16:42:18 -0700

vyatta-cfg-vpn (0.6) unstable; urgency=low

  VC4.0.2


 -- Mark O'Brien <mobrien@vyatta.com>  Sat, 19 Apr 2008 11:56:04 -0700

vyatta-cfg-vpn (0.5) unstable; urgency=low

  VC4.0.2 release candidate
  [ Mark O'Brien ]


  [ Stig Thormodsrud ]
  * Fix 3046: vpn: transport mode not working with current vyatta config

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Wed, 16 Apr 2008 09:50:06 -0700

vyatta-cfg-vpn (0.4) unstable; urgency=low

  3.0.2
  [ Mark O'Brien ]

  * 3.0.1

  [ rbalocca ]
  * Fix debian dependencies
  * Set dependencies on either bash or vyatta-bash

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Fri, 04 Apr 2008 18:00:37 -0700

vyatta-cfg-vpn (0.3) unstable; urgency=low

  VC4.0.1
  [ Mark O'Brien ]


  [ Stephen Hemminger ]
  * Replace VPL with GPLv2
  * Convert from VPL 1.0 to GPLv2

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Tue, 18 Mar 2008 19:04:00 -0700

vyatta-cfg-vpn (0.2) unstable; urgency=low

  vc4.0.0
  [ Mark O'Brien ]


  [ An-Cheng Huang ]
  * convert templates to new syntax

  [ Marat Nepomnyashy ]
  * Treat ipsec return code 26624 as normal when bringing up a
    connection, but treat all other error codes as errors.  Bug 2671
    fix.  Also added settings 'nhelpers=5' to mitigate Openswan Bug 412
    and 'plutowait=yes' to mitigate Openswan Bug 198.
  * Check for the case when authentication mode is not specified to
    prevent Perl uninitialized value error.  Bug 2772 fix.

  [ Stig Thormodsrud ]
  * Fix 2838 Clearing VPN process starts VPN, even if not configured

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Mon, 25 Feb 2008 17:38:42 -0800

vyatta-cfg-vpn (0.1) unstable; urgency=low

  * Initial Release.

 -- Stig Thormodsrud <stig@vyatta.com>  Wed, 19 Dec 2007 14:09:00 -0700

