Skip to content

[pull] master from hwdsl2:master#18

Open
pull[bot] wants to merge 634 commits into
shell-script:masterfrom
hwdsl2:master
Open

[pull] master from hwdsl2:master#18
pull[bot] wants to merge 634 commits into
shell-script:masterfrom
hwdsl2:master

Conversation

@pull

@pull pull Bot commented Jan 17, 2022

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

@pull pull Bot added ⤵️ pull merge-conflict Resolve conflicts manually labels Jan 17, 2022
@hwdsl2 hwdsl2 force-pushed the master branch 5 times, most recently from cf24874 to 5b1377d Compare January 23, 2022 03:35
@hwdsl2 hwdsl2 force-pushed the master branch 3 times, most recently from e4fe2c8 to d01cc0b Compare February 6, 2022 22:41
@hwdsl2 hwdsl2 force-pushed the master branch 5 times, most recently from d1a3947 to 354c512 Compare February 15, 2022 05:55
@hwdsl2 hwdsl2 force-pushed the master branch 8 times, most recently from 52baf70 to d1f1568 Compare February 26, 2022 06:48
@hwdsl2 hwdsl2 force-pushed the master branch 7 times, most recently from 4c45d91 to 1b2c251 Compare March 5, 2022 20:38
scottpedia and others added 30 commits May 17, 2026 12:31
- Add community link to IKEv2 setup output
- Update issue templates
- Add contribution and pull request guidance
- Fix CentOS NSS policy for legacy PKCS#12 export. Allow
  purpose-scoped SHA1 and 3DES PKCS#12 legacy decrypt on
  RHEL-compatible 9/10 systems so pk12util can read
  iOS-compatible PBE-SHA1-3DES client bundles after recent
  NSS/crypto-policy updates.
- Use new Libreswan version 5.3.1.
- Support upgrading to Libreswan 5.3.1.
[skip ci]
- Add Ubuntu 26.04 and Debian 13
- Remove Amazon Linux 2 (EOL 2026-06-30)
- Remove Amazon Linux 2 (EOL 2026-06-30)
[skip ci]
Fixes #1830.

Use an nft-friendly IPv6 MASQUERADE rule for the IPsec IKEv2
pool on CentOS/RHEL nftables systems. This avoids saving an
xtables policy match that nft cannot reload after reboot.
Closes #1829.

Check standard modprobe configuration directories
for explicit rules that disable esp4 or esp6
before continuing on CentOS/RHEL-family systems.
Stop early when esp4 is disabled, and continue
without IKEv2 IPv6 support when esp6 is disabled.
Broaden the nftables compatibility repair to
rewrite IPv6 source MASQUERADE rules saved as
xtables compat targets, including the default
IKEv2 IPv6 pool and custom IPv6 pools.

Suppress duplicate validation output while
keeping the final nft load error visible if
the saved rules are still invalid.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

⤵️ pull merge-conflict Resolve conflicts manually

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants