summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-04-18pppoe-server: T2314: remove debug code from migration scriptChristian Poessinger
2020-04-18Merge branch 'pppoe-server-update' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'pppoe-server-update' of github.com:c-po/vyos-1x: accel-ppp: T2314: use common tempplate for chap-secrets pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validation pppoe-server: T2313: bugfix Floating Point Exception pppoe-server: T2314: migrate RADIUS configuration to common CLI syntax vpn: l2tp: pptp: sstp: rename files to common pattern pppoe-server: T2314: migrate IPv4/IPv6 name-servers to common node vpn: l2tp: sstp: ease unlinking of configuration files pppoe-server: T2314: remove boilerplate code and adjust pppoe-server: T2185: migrate from SysVinit to systemd
2020-04-18accel-ppp: T2314: use common tempplate for chap-secretsChristian Poessinger
2020-04-18pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validationChristian Poessinger
2020-04-18Merge pull request #355 from DmitriyEshenko/fix-ipsec-sts-l2tpChristian Poessinger
ipsec: T2317: Fix typo with delimiter
2020-04-18ipsec: T2317: Fix typo with delimiterDmitriyEshenko
2020-04-18Merge pull request #354 from DmitriyEshenko/fix-ipsec-sts-l2tpChristian Poessinger
ipsec: T2317: Fix adding params to ipsec configuration files
2020-04-18pppoe-server: T2313: bugfix Floating Point ExceptionChristian Poessinger
When only defining a timeout limit the generated config will look like: [connlimit] limit= burst= timeout=5 This will trigger a "Floating point exception" on startup of Accel-PPP and it can be re-surrected anymore until service is completely deleted and re-added.
2020-04-18pppoe-server: T2314: migrate RADIUS configuration to common CLI syntaxChristian Poessinger
2020-04-18vpn: l2tp: pptp: sstp: rename files to common patternChristian Poessinger
2020-04-18pppoe-server: T2314: migrate IPv4/IPv6 name-servers to common nodeChristian Poessinger
Instead of having "dns-server server-1|server-2" nodes and the same for IPv6 all DNS nameservers are migrated to a common name-servers node.
2020-04-18vpn: l2tp: sstp: ease unlinking of configuration filesChristian Poessinger
2020-04-18pppoe-server: T2314: remove boilerplate code and adjustChristian Poessinger
2020-04-18pppoe-server: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-18dns-forwarding: T2318: bugfix migration scriptChristian Poessinger
Commit bbea850ea5f ("ifconfig: T2057: remove need for interface-types.json") called the Interface() class with a wrong input variable, this caused the following error: Traceback (most recent call last): File "/opt/vyatta/etc/config-migrate/migrate/dns-forwarding/1-to-2", line 64, in <module> raise ValueError(f'Invalid interface name {intf}') ValueError: Invalid interface name eth0 vif 202
2020-04-18ipsec: T2317: Fix adding params to ipsec configuration filesDmitriyEshenko
2020-04-18Merge pull request #353 from alainlamar/T2306Christian Poessinger
feature: T2306: Add new cipher suites to the WiFi configuration
2020-04-17wireless: T2306: bugfix: insert missing </leafNode>Alain Lamar
2020-04-17wireless: T2306: Add new cipher suites to the WiFi configurationAlain Lamar
Yet, VyOS knows these two encryption schemes for WiFi: 1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128) 2. TKIP = Temporal Key Integrity Protocol These encryption schemes are new and especially the Galois counter mode cipher suites are very desirable! 1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key 2. GCMP = Galois/counter mode protocol (GCMP-128) 3. GCMP-256 = Galois/counter mode protocol with 256-bit key CCMP is supported by all WPA2 compatible NICs, so this remains the default cipher for bidirectional and group packets while using WPA2. Use 'iw list' to figure out which cipher suites your cards support prior to configuring other cipher suites than CCMP. AP NICs and STA NICs must both support at least one common cipher in a given list in order to associate successfully.
2020-04-17Merge pull request #351 from thomas-mangin/T2226-ifconfig-debugChristian Poessinger
util: T2226: restore/fix ifconfig debuging
2020-04-17util: T2226: restore/fix ifconfig debugingThomas Mangin
2020-04-17flow-accounting: T2275: fix NameError: name 'stdout' is not definedChristian Poessinger
2020-04-17flow-accounting: T2275: import render template from correct libraryChristian Poessinger
2020-04-17Merge pull request #341 from thomas-mangin/T2223Christian Poessinger
op_mode: T2223: convert vyatta-show-interfaces.pl to show_interfaces.py
2020-04-17Merge pull request #350 from DmitriyEshenko/impl-uf-op-pppChristian Poessinger
vpn: T2256: Improve op commands for l2tp, pptp, sstp and pppoe servers
2020-04-16l2tp: T2256: Add op control scriptDmitriyEshenko
2020-04-16sstp: T2256: Use ppp-server-ctrl.py for op-commandsDmitriyEshenko
2020-04-16pppoe: T2256: Use ppp-server-ctrl.py for op-commandsDmitriyEshenko
2020-04-16pptp: T2256: Use ppp-server-ctrl.py for op-commandsDmitriyEshenko
2020-04-16l2tp: T2256: Implement control script for operational commandsDmitriyEshenko
2020-04-16T2305: include release train in "show version" outputChristian Poessinger
2020-04-16Merge pull request #342 from jjakob/openvpn-ipv6Christian Poessinger
openvpn: T149: IPv6 support
2020-04-16Merge pull request #347 from DmitriyEshenko/fix-ipoeChristian Poessinger
ipoe: T2294: Fix templates and migrate to systemd
2020-04-16ipoe: T2294: Migrate to systemdDmitriyEshenko
2020-04-16ipoe: T2294: Fix templatesDmitriyEshenko
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-15Merge pull request #349 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2335: allow disabling client-ip-pool
2020-04-15login: T2295: move from calling an os binary to Python crypt() functionChristian Poessinger
2020-04-15dns-forwarding: T2298: remove wrongly added numberChristian Poessinger
Commit 16b2fc8 ("dns-forwarding: T2298: fix path to control file") added a wrong prefix to the line before executing 'systemctl restart snmpd.service'.
2020-04-15vyos.util: T1607: move imports locally to functions using themChristian Poessinger
2020-04-15dns-forwarding: T2298: fix path to control fileChristian Poessinger
After migrating PowerDNS to systemd and also its configuration files to a volatile directory in commit 77d725f ("dns-forwarding: T2185: move configuration files to volatile /run directory") the path for the control file has not been altered and pushed to the client rec_control binary"
2020-04-15openvpn: T2335: allow disabling client-ip-poolJernej Jakob
2020-04-15Merge pull request #346 from thomas-mangin/T31-vrf-existsChristian Poessinger
tunnel: T31: check that the assigned VRF exists
2020-04-15Merge pull request #348 from jjakob/openvpn-exception-fixChristian Poessinger
openvpn: T2293: fix UnboundLocalError if server subnet is unset
2020-04-15openvpn: T2293: fix UnboundLocalError if server subnet is unsetJernej Jakob
2nd part of this fix, first commit 9b6a369 didn't fix it.
2020-04-15tunnel: T31: check that the assigned VRF existsThomas Mangin
2020-04-15Merge pull request #345 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2293: fix UnboundLocalError if server subnet is unset
2020-04-14openvpn: T2293: fix UnboundLocalError if server subnet is unsetJernej Jakob
Commit bb36bde introduced a bug when server subnet is unset, this fixes it.
2020-04-14Merge pull request #344 from DmitriyEshenko/ipoe-opChristian Poessinger
ipoe: T2256: Rewrite op-mode commands
2020-04-14ipoe: T2256: Rewrite op-mode commandsDmitriyEshenko