Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-02-27 | openvpn: T2075: add support for OpenVPN tls-crypt file option | Christian Poessinger | |
Encrypt and authenticate all control channel packets with the key from keyfile. Encrypting (and authenticating) control channel packets: * provides more privacy by hiding the certificate used for the TLS connection * makes it harder to identify OpenVPN traffic as such * provides "poor-man's" post-quantum security, against attackers who will never know the pre-shared key (i.e. no forward secrecy) | |||
2020-02-27 | login: T2050: retrieve home directory for SSH keys from OS and not guess it | Christian Poessinger | |
We should not rely on the home dir value stored in user['home_dir'] as if a crazy user will choose username root or any other system user this will fail. Should be deny using root at all? | |||
2020-02-25 | login: T1948: sync banner and login node.def file | Christian Poessinger | |
2020-02-25 | Revert "login: T1948: also set properties for banner" | Christian Poessinger | |
This reverts commit 998361ed0ac972a6856f373f1fc86e8a73cf141b. | |||
2020-02-25 | login: T1948: also set properties for banner | Christian Poessinger | |
2020-02-25 | [service https] T1443: set default HTTPS listen port | John Estabrook | |
2020-02-25 | login: T1948: migrade local and radius configurations | Christian Poessinger | |
Splitting was not a good idea. By combining both we can create a RADIUS server XML include file which can be reused by multiple implementations to get a uniformed CLI for the users. | |||
2020-02-25 | login: radius: T2071: support disabling individual server | Christian Poessinger | |
2020-02-25 | login: user: radius: T1948: only allow IPv4 server address | Christian Poessinger | |
2020-02-25 | pppoe: T2055: verify logfile really exists | Christian Poessinger | |
2020-02-25 | Merge branch 'pppoe-t2070' of github.com:c-po/vyos-1x into current | Christian Poessinger | |
* 'pppoe-t2070' of github.com:c-po/vyos-1x: pppoe: T2070: rewrite (dis-)connect op-mode commands in XML and Python gitignore: fix ignore pattern of all debhelper files pppoe: T2055: make logfile owned by root/vyattacfg pppoe: T1318: validate existing source-interface | |||
2020-02-25 | pppoe: T2070: rewrite (dis-)connect op-mode commands in XML and Python | Christian Poessinger | |
2020-02-25 | gitignore: fix ignore pattern of all debhelper files | Christian Poessinger | |
2020-02-25 | pppoe: T2055: make logfile owned by root/vyattacfg | Christian Poessinger | |
2020-02-25 | pppoe: T1318: validate existing source-interface | Christian Poessinger | |
It is not only sufficient to check if there is a source-interface configured, but rather it must also be checked if the source-interface exists at all in the system. If the interface does not exist pppd will complain with: pppd[2778]: /usr/sbin/pppd: In file /etc/ppp/peers/pppoe1: unrecognized option 'eth0.202' | |||
2020-02-24 | Merge pull request #228 from DmitriyEshenko/pppoe-cl-sn | Christian Poessinger | |
pppoe-client: T2069: Use rp_pppoe_service for send correct service-name | |||
2020-02-24 | pppoe-client: T2069: Use rp_pppoe_service for send correct service-name | DmitriyEshenko | |
2020-02-23 | service-pppoe: T2067: Allow setting multiple service-names | hagbard | |
2020-02-23 | openvpn: T2065: move daemon parameter to start-stop-daemon command-line | Christian Poessinger | |
2020-02-23 | pppoe: T1318: set interface description | Christian Poessinger | |
2020-02-23 | Merge branch 'pppoe-rewrite' of https://github.com/c-po/vyos-1x into current | Christian Poessinger | |
* 'pppoe-rewrite' of https://github.com/c-po/vyos-1x: (23 commits) pppoe: T2055: do not try to start a deleted dialer interface pppoe: T1318: declutter name-server CLI nodes pppoe: T2055: remove router-advert node in client interface pppoe: T1318: migrate user-id and password nodes under an authentication node pppoe: T1318: rename link to source-interface pppoe: T1318: use include files for disable and descriptionx pppoe: T1318: rephrase help text on default-route interface-definitions: include: disable: rephrase help text pppoe: T1318: extend migrator for firewall, qos and ip routing nodes pppoe: T1318: proper delete old interfaces in migrator pppoe: T1318: increase priority so PPPoE is run after bond interfaces pppoe: T1318: fix migrator and add missing link statement pppoe: T1318: use lists rather then strings on Config() pppoe: T1318: support interface description pppoe: T1318: remove obsolete ipv6-up.d script pppoe: T1318: add op-mode commands for link information pppoe: T1318: use systemd to manage connection pppoe: T1318: remove process startup debug output pppoe: T1318: move process startup to apply() pppoe: T1318: "link" option is mandatory ... | |||
2020-02-23 | pppoe: T2055: do not try to start a deleted dialer interface | Christian Poessinger | |
2020-02-23 | pppoe: T1318: declutter name-server CLI nodes | Christian Poessinger | |
Instead of letting the user choose between auto and none where auto is default, it makes more sesne to just offer an option to disable the default behavior. | |||
2020-02-23 | pppoe: T2055: remove router-advert node in client interface | Christian Poessinger | |
2020-02-23 | pppoe: T1318: migrate user-id and password nodes under an authentication node | Christian Poessinger | |
2020-02-23 | pppoe: T1318: rename link to source-interface | Christian Poessinger | |
2020-02-23 | pppoe: T1318: use include files for disable and descriptionx | Christian Poessinger | |
2020-02-23 | pppoe: T1318: rephrase help text on default-route | Christian Poessinger | |
2020-02-23 | interface-definitions: include: disable: rephrase help text | Christian Poessinger | |
2020-02-23 | pppoe: T1318: extend migrator for firewall, qos and ip routing nodes | Christian Poessinger | |
2020-02-23 | pppoe: T1318: proper delete old interfaces in migrator | Christian Poessinger | |
2020-02-23 | pppoe: T1318: increase priority so PPPoE is run after bond interfaces | Christian Poessinger | |
2020-02-23 | pppoe: T1318: fix migrator and add missing link statement | Christian Poessinger | |
2020-02-23 | pppoe: T1318: use lists rather then strings on Config() | Christian Poessinger | |
2020-02-23 | pppoe: T1318: support interface description | Christian Poessinger | |
2020-02-23 | pppoe: T1318: remove obsolete ipv6-up.d script | Christian Poessinger | |
The generated script was not called at all. Verified in vyOS 1.2.3 and rolling. Looks like a leftover from the past. If this functionality is required - it should be re-implemented the proper way! | |||
2020-02-23 | pppoe: T1318: add op-mode commands for link information | Christian Poessinger | |
2020-02-23 | pppoe: T1318: use systemd to manage connection | Christian Poessinger | |
This reduces the amount of self written code to start-stop-daemon and also kill the process if it has no connection yet (there won't be a PID file in this case) and getting the proper PID for multiple processes would require me to walk the /proc/<pid>/cmdline for every binary involved. | |||
2020-02-23 | pppoe: T1318: remove process startup debug output | Christian Poessinger | |
We no longer need to see the command which is used to spawn up PPPd and dial the connection. | |||
2020-02-23 | pppoe: T1318: move process startup to apply() | Christian Poessinger | |
2020-02-23 | pppoe: T1318: "link" option is mandatory | Christian Poessinger | |
2020-02-23 | pppoe: T1318: add first version of new XML/Python implementation | Christian Poessinger | |
vyos@vyos# show interfaces pppoe pppoe pppoe0 { default-route force link eth2.7 mtu 400 name-server auto password 12345678 user-id vyos@vyos.io } | |||
2020-02-21 | [service https] T1443: bug: set HTTPS listen port for listen-address '*' | John Estabrook | |
2020-02-19 | snmp: T1769: fix indentation error and add try clause | John Estabrook | |
2020-02-18 | snmp: T1769: cleanup leftove code path for certificate migration | Christian Poessinger | |
2020-02-18 | snmp: T2042: remove superfluous sudo calls | Christian Poessinger | |
2020-02-18 | snmp: T2042: import statement cleanup | Christian Poessinger | |
2020-02-17 | wireless: T2048: fix wrong verify() logic when type is monitor | Christian Poessinger | |
2020-02-16 | ddclient: proper use conf.set_level() to reduce boiler plate code | Christian Poessinger | |
2020-02-16 | ddclient: change file permission on generated config | Christian Poessinger | |
ddclient complains when the file permission is not user = rw. |