vyatta-security-vpn (2.12) unstable; urgency=medium

  * Revert "ike-sa-daemon: spawn separate mainloop for file-watcher thread"
  * Revert "ike-sa-daemon: resolve mainloop conflict between D-Bus and pyinotify"
  * ike-sa-daemon: discontinue pyinotify usage

 -- Daniel Gollub <dgollub@att.com>  Thu, 21 Jan 2021 15:42:44 +0100

vyatta-security-vpn (2.11) unstable; urgency=medium

  * ike-sa-daemon: resolve mainloop conflict between D-Bus and pyinotify
  * ike-sa-daemon: spawn separate mainloop for file-watcher thread

 -- Daniel Gollub <dgollub@att.com>  Thu, 21 Jan 2021 08:22:13 +0100

vyatta-security-vpn (2.10) unstable; urgency=medium

  * debian: use strongswan-starter for DANOS
  * debian: no need for charon-systemd on DANOS

 -- Daniel Gollub <dgollub@att.com>  Wed, 13 Jan 2021 11:40:06 +0100

vyatta-security-vpn (2.9) unstable; urgency=medium

  * debian: ike-sa-daemonn provides now the SNMP traps

 -- Daniel Gollub <dgollub@att.com>  Wed, 16 Dec 2020 14:49:58 +0100

vyatta-security-vpn (2.8) unstable; urgency=medium

  * snmp: migrate BROCADE-IPSEC-MIB to vyatta-ike-sa-daemon package
  * snmp: BROCADE-IPSEC-MIB pysnmp mib generation
  * ike-sa-daemon: integrate IPsec SA SNMP trap generation

 -- Daniel Gollub <dgollub@att.com>  Wed, 16 Dec 2020 13:52:15 +0100

vyatta-security-vpn (2.7) unstable; urgency=medium

  * Handle path-monitor config generated by IPsec VCI
  * vyatta-ike-sa-daemon: prevent exception if current_ike_cfg is undefined

 -- Daniel Gollub <dgollub@att.com>  Wed, 11 Nov 2020 10:58:31 +0100

vyatta-security-vpn (2.6) unstable; urgency=medium

  * Revert part of previous fix which broke RAVPN

 -- Thomas Kiely <tkiely@mail.eng.vyatta.net>  Thu, 24 Sep 2020 10:23:34 +0100

vyatta-security-vpn (2.5) unstable; urgency=medium

  * Fix subscript exception.

 -- Thomas Kiely <tkiely@mail.eng.vyatta.net>  Fri, 18 Sep 2020 11:12:01 +0100

vyatta-security-vpn (2.4) unstable; urgency=medium

  [ Thomas Kiely ]
  * Handle "proto" not set ('0')

  [ Srinivas Narayan ]
  * Only set rightid to %any under specific conditions

 -- Daniel Gollub <dgollub@att.com>  Mon, 14 Sep 2020 18:27:24 +0200

vyatta-security-vpn (2.3) unstable; urgency=medium

  * yang: migrate VTI clear operational commands from node.def to Yang
  * yang: migrate VTI monitor operational commands from node.def to Yang

 -- Daniel Gollub <dgollub@att.com>  Thu, 06 Aug 2020 10:34:23 +0200

vyatta-security-vpn (2.2) unstable; urgency=medium

  * generate vpn x509 key-pair: do not overwrite files
  * generate vpn rsa-key: improve file path checks
  * vpn rsa-keys local-key: do not enforce that RSA private key file exists

 -- Mike Manning <mmanning@vyatta.att-mail.com>  Wed, 05 Aug 2020 10:50:38 +0100

vyatta-security-vpn (2.1) unstable; urgency=medium

  [ Daniel Gollub ]
  * debian: split vyatta-ike-sa-daemon into a seperate package
  * debian: clean-up dependency handling between glue-code and data-model
  * updown: codespell fix
  * vyatta-ike-sa-daemon: don't depend on charon.pid file
  * vyatta-ike-sa-daemon: conditional read of generated configuration
  * vyatta-ike-sa-daemon: codepsell fixes

  [ Srinivas Narayan ]
  * Add support for signaling ike-sa-daemon state to systemd

  [ Daniel Gollub ]
  * ike-sa-daemon: fix order of import
  * ipsec-debug: migrate over to swanctl
  * yang: align contact details
  * debian: switch to charon-systemd
  * debian: use dh_install for yang files
  * yang: split "clear vpn x509 status" into seperate module

 -- Daniel Gollub <dgollub@att.com>  Tue, 28 Jul 2020 10:12:39 +0200

vyatta-security-vpn (2.0) unstable; urgency=medium

  * ike-sa-daemon: handle strongswan 5.8.2 child-updown behavior change

 -- Daniel Gollub <dgollub@att.com>  Thu, 25 Jun 2020 18:43:49 +0200

vyatta-security-vpn (1.57) unstable; urgency=medium

  [ Daniel Gollub ]
  * IPsec RA client/server: use "%any" for local-address any configurations

  [ Mike Manning ]
  * Mark sha1_160 hash as obsolete

  [ Daniel Gollub ]
  * yang: move VTI yang modules into vyatta-security-vpn
  * updown: silence use of uninitialized value $vfp_ifname warning
  * Use non-offensive terminology

 -- Daniel Gollub <dgollub@att.com>  Thu, 25 Jun 2020 18:39:17 +0200

vyatta-security-vpn (1.56) unstable; urgency=medium

  * Avoid setup-race between VCI and non-VCI code

 -- Daniel Gollub <dgollub@att.com>  Wed, 29 Apr 2020 10:28:19 +0200

vyatta-security-vpn (1.55) unstable; urgency=medium

  * Deprecate "show vpn ike secrets"

 -- Simon Barber <sbarber@mail.eng.vyatta.net>  Mon, 20 Apr 2020 17:22:38 +0100

vyatta-security-vpn (1.54) unstable; urgency=medium

  * yang: call s2s stale-tunnel tear down hook only once

 -- Daniel Gollub <dgollub@att.com>  Tue, 14 Apr 2020 13:46:32 +0200

vyatta-security-vpn (1.53) unstable; urgency=medium

  [ Daniel Gollub ]
  * op-vici: pylint3 consider-iterating-dictionary

  [ Thomas Kiely ]

 -- Thomas Kiely <tkiely@mail.eng.vyatta.net>  Wed, 01 Apr 2020 12:30:20 +0100

vyatta-security-vpn (1.52) unstable; urgency=medium

  [ Daniel Gollub ]
  * vici: rework IPsec RA VPN show SA commands
  * op-vici: pylint3 checkup for vyatta-op-vpn-ipsec-vici

  [ Thomas Kiely ]

 -- Thomas Kiely <tkiely@mail.eng.vyatta.net>  Tue, 31 Mar 2020 16:56:40 +0100

vyatta-security-vpn (1.51) unstable; urgency=medium

  * Fix 'uses' handling for RAVPN server.

 -- Thomas Kiely <tkiely@mail.eng.vyatta.net>  Fri, 27 Mar 2020 14:44:12 +0000

vyatta-security-vpn (1.50) unstable; urgency=medium

  [ Thomas Kiely ]
  * Traceback when VRF changed on vfp.

  [ Daniel Gollub ]
  * RA VPN server: remote-id and pool DNS attribute support
  * IPsec RA VPN server: EAP-TLS authentication
  * IPsec RA VPN client/server: handle option local ID type
  * IPsec RA VPN: fix connection-id parsing
  * IPsec RA VPN server: x509 cert-file/key/file is mandatory for X.509/EAP-TLS auth

 -- Daniel Gollub <dgollub@att.com>  Tue, 24 Mar 2020 18:22:58 +0100

vyatta-security-vpn (1.49) unstable; urgency=medium

  [ Mike Manning ]
  * RAVPN:L2TP-Server: Tunnel fail to come to up state

  [ Daniel Gollub ]
  * doc/x509: produce sample PKCS12 client certificates
  * doc/x509: produce third-party acceptable end-entity IPsec certs
  * doc/x509: emailAddress in cert subject DN is deprecated
  * Revert "Enable v3_OCSP extension"

  [ Thomas Kiely ]
  * RAVPN server VFP state files are not being maintained correctly.
  * Remove spurious ":" from previous commit.
  * Terminate IPsec RAVPN server conns affected by VFP config change.

 -- Thomas Kiely <tkiely@mail.eng.vyatta.net>  Wed, 26 Feb 2020 16:15:23 +0000

vyatta-security-vpn (1.48) unstable; urgency=medium

  * perltidy
  * Terminate IPsec connections affected by VFP VRF change.
  * All client connections are terminated when "uses vfp" configured.

 -- Thomas Kiely <tkiely@mail.eng.vyatta.net>  Tue, 25 Feb 2020 09:38:30 +0000

vyatta-security-vpn (1.47) unstable; urgency=medium

  * Commit failed in IPsec site-to-site configuration

 -- Mike Manning <mmanning@vyatta.att-mail.com>  Fri, 07 Feb 2020 16:26:41 +0000

vyatta-security-vpn (1.46) unstable; urgency=medium

  [ Thomas Kiely ]
  * Revert "Handle setup_vici retries"
  * Revert "Don't start Strongswan if VRRP notify ipsec and not ACTIVE"

  [ Daniel Gollub ]
  * Only assign interface to a SPD for non-default VRFs
  * updown: IPsec RA VPN server VFP server requires original conn string
  * vci: prevent VFP setup race with non-vci glue-code

 -- Daniel Gollub <dgollub@att.com>  Wed, 29 Jan 2020 17:19:01 +0100

vyatta-security-vpn (1.45) unstable; urgency=medium

  [ Simon Barber ]
  * Dont load unity plugin.

  [ Mike Manning ]
  * vyatta-security-vpn-secrets: code injection
  * vyatta-security-vpn: code injection due to call to check_file_in_config
  * vyatta-security-vpn: set security vpn ipsec site-to-site peer code injection
  * vyatta-security-vpn: s2s tunnel protocol code injection
  * vyatta-security-vpn: set security vpn rsa-keys local-key file code injection
  * vyatta-security-vpn: l2tp remote-access dhcp-interface code injection

  [ Daniel Gollub ]

 -- Daniel Gollub <dgollub@att.com>  Thu, 23 Jan 2020 16:37:12 +0100

vyatta-security-vpn (1.44) unstable; urgency=medium

  [ Mark Gillott ]
  * Use policy selector only when an overlay network is in use
    (Fixes: VRVDR-49344)

  [ Thomas Kiely ]
  * Don't start Strongswan if VRRP notify ipsec and not ACTIVE
  * Handle setup_vici retries

  [ Mark Gillott ]
  * For IPv6 only need to set disable_policy (Fixes: VRVDR-49630)

  [ Daniel Gollub ]

 -- Daniel Gollub <dgollub@att.com>  Tue, 14 Jan 2020 09:50:04 +0100

vyatta-security-vpn (1.43) unstable; urgency=medium

  [ Erik Ziegenbalg ]
  * Enable v3_OCSP extension
  * Fix SAN extension " " bug

  [ Mark Gillott ]
  * Set disable_xfrm as well as disable_policy (Fixes: VRVDR-48094)

  [ Daniel Gollub ]

 -- Daniel Gollub <dgollub@att.com>  Thu, 12 Dec 2019 09:39:05 +0100

vyatta-security-vpn (1.42) unstable; urgency=medium

  [ Daniel Gollub ]
  * ike-sa-daemon: RA VPN client loads cfg only for single source-interface
  * op-vici: in/out bytes in "show vpn ipsec sa" were swapped

  [ Mark Gillott ]
  * Select correct ifindex for use as MARK in iptables (Fixes: VRVDR-48094)

  [ Daniel Gollub ]
  * ike-sa-daemon: don't re-initiate old Child SAs, after failover

 -- Daniel Gollub <dgollub@att.com>  Fri, 29 Nov 2019 11:28:12 +0100

vyatta-security-vpn (1.41) unstable; urgency=medium

  [ Mike Manning ]
  * IPsec: ESP compression not supported by dataplane, but exposed as CLI option

  [ Daniel Gollub ]

 -- Daniel Gollub <dgollub@att.com>  Thu, 21 Nov 2019 16:05:44 +0100

vyatta-security-vpn (1.40) unstable; urgency=medium

  * DANOS Import
 
 -- Vyatta Package Maintainers <DL-vyatta-help@att.com>  Fri, 08 Nov 2019 15:43:08 +0000

