Update standards version and description.

Conflicts:
templates/vpn/ipsec/esp-group/node.tag/proposal/node.tag/encryption/node.def
templa...

Perltidy run on scripts/vyatta-vti-config.pl to have consistent
identation levels and style thro...

Remove old comments and other minor tidying up / rearranging of
scripts/vyatta-vti-config.pl

Validate the local address used for VTI based VPN connections to ensure
only either an IPv4 or I...

VTI interfaces can remain link down after IPSec SA expiry and renewal,
leaving the actual IPSec ...

Validate the peer address used for VTI based VPN connections to ensure
only either an IPv4 or IP...

to the ipsec config

Starting with strongSwan 5.3.3, chacha20poly1305 is a supported cipher for
IKE and ESP configura...

This may be useful for scenarios where a user prefers to use an ECDSA key
or implement an xauth ...

Validate the local address used for VTI based VPN connections to ensure
only either an IPv4 or I...

Validate the peer address used for VTI based VPN connections to ensure
only either an IPv4 or IP...

VTI interfaces can remain link down after IPSec SA expiry and renewal,
leaving the actual IPSec ...

Remove old comments and other minor tidying up / rearranging of
scripts/vyatta-vti-config.pl

Perltidy run on scripts/vyatta-vti-config.pl to have consistent
identation levels and style thro...

Update support for RSA keys with strongSwan 5.2.x

strongSwan 5.2.x no longer recognizes keys in RFC 3110 format inlined in
ipsec.conf and ipsec.se...

to the ipsec config

Since charon's existence, generating them is redundant and as a matter of fact
causes issues wit...

This might help with strongSwan traversing through firewalls that
filter proto 51, but not UDP t...

As confirmed by Thermi in the strongSwan IRC channel inside freenode,
this parameter should not ...

If the user defines main mode, the config script will always enable
aggressive mode. Fix the log...

Originally we meant aggressive, not ikev2

Since we're invoking the logger at runtime, there's really no point
on keeping this codeblock

Instead of configuring the ipsec logger at config time, configure
it at runtime. The codeblock t...

strongSwan's charon by design maintains all established connections
regardless, even if the conn...

This needs to be updated or VPN configurations won't be properly
handled on subsequent updates.

Setting this to a default value breaks ikev2 configurations since
aggressive mode is only applic...

For some odd reason doing an ipsec update does not make charon
pick up any newly created tunnels...

log-modes now expose charon's keywords instead of pluto's keywords.

Refer to the strongSwan's m...

Although strongly not recommended by the developers of strongSwan,
sometimes remote VPN gateways...

In strongSwan 5.0.0 and later series, pfs= and pfsgroup= parameters have
now been removed.

Since strongSwan 5.0.0, defining the PFS group settings has moved in the
esp= parameter.

If PFS...

The IKE parameter parser now uses the new get_dh_cipher_result submodule
instead of the old if/e...

By adding this submodule we can reduce the amount of code we need to
maintain by having a single...

In preperation of moving towards the strongSwan 5.x series, we are
removing the legacy charonsta...

Updated the help for pre-shared secret key usage when special
characters are used. These need t...

Ikev2 reauth option

The cfgvti helper program was originally added for configuring VTIs.
The functionality it provid...

Update lib/Vyatta/VPN/vtiIntf.pm to have consistent identation levels
and style throughout.

Reduce the vtiMarkBase value to prevent integer overflow on the created
ip xfrm states and polic...

Update the VTI creation process to go along with the changes added to
the vyatta-strongswan pack...

Update the parseVtiTun function to account for the new way of
configuring VTIs.

Bug #358 http:/...

Move vtiIntf.pm to a more logical place, in line with all the other
packages.

Commits for Bug #291 and Bug #332

Prevent duplicate include statements, for the local rsa keys, being
added to the ipsec.secrets f...

Update scripts/vpn-config.pl to have consistent identation levels and
style throughout.

Rename vti-up-down.sh to vti-up-down to be consistent with others.

Revert the fix put in place for Bug #183 as this causes multiple routes
to be installed when mor...

vyatta-cfg-vpn: add libnfnetlink-dev to build dependencies

Add libnfnetlink-dev to the list of build dependencies, required for
compiling src/cfgcti.

Bug ...