vyos-1x.git/data/templates/ocserv, branch 1.4.0

vyos-1x.git/data/templates/ocserv, branch 1.4.0 VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) https://git.amelek.net/marekm72/vyos-1x.git/atom?h=1.4.0 2024-04-30T06:30:40+00:00 openconnect: T4982: Support defining minimum TLS version in openconnect VPN 2024-04-30T06:30:40+00:00 Alex W embezzle.dev@proton.me 2024-04-29T19:53:51+00:00 urn:sha1:ef665adb7e44ef03e7f3e6f2cd1db88315ffcbe1 (cherry picked from commit 9ff74d4370f0a5f66c303074796dab8b1ca5c4a5) ocserv: T5796: add smoketest for new "http-security-headers" feature 2023-12-16T14:48:23+00:00 Christian Breunig christian@breunig.cc 2023-12-16T07:35:23+00:00 urn:sha1:1d6ba2cd7ceccb85803bbb575c4f344d63a0fa4f (cherry picked from commit 1c82e661e04e0979e09e487a58a801ffa9f438e8) ocserv: T5796: add CLI knob "http-security-headers" 2023-12-16T14:48:23+00:00 fett0 fernando.gmaidana@gmail.com 2023-12-15T18:39:29+00:00 urn:sha1:5a2952709380263d19995a8e5db1177f59a86095 OCserv manual recommended HTTP headers tobe included in the configuration. (cherry picked from commit ad65d37ddf92ec8416c84707d7d41e63346b550c) (cherry picked from commit 24f449cc099703df95646c719e9d3f308ed1a3f0) T5796:add/fixed OCSERV HTTP security headers 2023-12-02T17:33:26+00:00 fett0 fernando.gmaidana@gmail.com 2023-12-02T12:11:56+00:00 urn:sha1:8fbe7b60592e7a35be9016d54038a5ca89c2e92b (cherry picked from commit db51546edd653d3637cb26d6957ce5222d44d395) ocserv: T3896: improve XML definition and add warning about 3rd party configs 2023-05-12T19:06:56+00:00 Christian Breunig christian@breunig.cc 2023-05-12T19:03:03+00:00 urn:sha1:d1abba03229128c3f2a6f718e9f14f4d7285e74d When enabling identity-based-config, users can add arbitrary config keys that are processed by ocserv. The user "must know" what he is been doing, as invalid config option will make the ocserv daemon go ... whoop! Thus add a warning and inform the user about this setting. Merge pull request #1783 from PeppyH/T3896-ocserv-config-per-x 2023-05-12T18:14:56+00:00 Christian Breunig christian@breunig.cc 2023-05-12T18:14:56+00:00 urn:sha1:c60e9c932cab24bcc324f45752f0528332cc69a4 ocserv: T3896: add CLI options to configure ocserv config-per-user/group ocserv: T3896: refactor: change ocserv config-per-x node name 2023-04-20T07:10:27+00:00 Jamie Austin jamiea@opusv.com.au 2023-04-20T07:07:53+00:00 urn:sha1:93de3abe1368cab5ab8cd292689466d7af8e86bc Changes the node name from config-per-x to identity-based-config, as a result the j2 templates and vpn_openeconnect.py has been refactored to update the node name when accessing it's child nodes. T4958: ocserv: openconnect: refactor RADIUS accounting support 2023-01-28T04:11:07+00:00 Jamie Austin jamieaustinprogramming@gmail.com 2023-01-27T14:13:25+00:00 urn:sha1:9db8c197ab170d18a93d70fca4227e802a7154c1 T4958: ocserv: openconnect: adds support for configuring RADIUS accounting 2023-01-28T04:11:07+00:00 Jamie Austin jamiea@opusv.com.au 2023-01-27T06:32:29+00:00 urn:sha1:e61f7abdb2136d8dfbf73729dbc14c3b5ab2ecba Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode ocserv: T3896: add CLI options to configure ocserv config-per-user/group 2023-01-26T05:34:36+00:00 Jamie Austin jamiea@opusv.com.au 2023-01-26T05:34:36+00:00 urn:sha1:70794c8266ffefc6660daac3bc8a63b412d7b350 Adds CLI configurations under VPN - OpenConnect to facilitate per user/group vpn session configurations. Validation has been added to restrict config-per-group to be exclusive to OpenConnect RADIUS authentication as the config file is looked up based on a RADIUS response attribute - as well as sanity check that the necessary configs are configured when not disabled.