Age | Commit message (Collapse) | Author |
|
container: T4014: Add `command`, `arg` and `entrypoint` configuration options for containers
|
|
T5033: Ability to generate muliple keys from a file or link
|
|
openvpn: T4770: fix tabulate output in _format_openvpn
|
|
|
|
op-mode: T4952: use list_interfaces from vyos-utils
|
|
|
|
openconnect: T4955: Renamed function and changed error messages
|
|
Renamed local function to be identical to 1.3 ver
Changed error messages after commit to be identical to 1.3 ver
|
|
T4790: Added check of the sum of radius timeouts
|
|
We generate only one public key (string) from a file xxx.pub
op-mode with 'generate public-key-command user vyos lik_to_key_file'
Add ability to generate configuration (from op-mode) for multiple keys
As github keys don't use identifiers, generate uuid4 id for them
|
|
|
|
This commit adds a script to run user-defined hook scripts upon renewing
a DHCP lease. This can be used to, for example, dynamically define a
firewall address-group based on the dynamic IP address of an interface.
For an example of its use (as well as the use case I had in mind while
coding this), see https://vyos.dev/T2196#142394
Co-authored-by: br <git@ibeep.com>
|
|
Commit 54c36e43 (tunnel: T5034: migrate "multicast enable" CLI node to
enable-multicast) changed the syntax on the CLI. This commits changes the
testcase to make use of the new syntax.
|
|
Tunnel interface multicast settings can be "enabled or disabled". As we prefer
valueless nodes, and the linux kernel default is "disabled" we should add a
set interfaces tunnel tunXX enable-multicast
command
|
|
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13
DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13
|
|
|
|
login: T4943: Fixed 2FA + RADIUS compatibility
|
|
MFA requires KbdInteractiveAuthentication to ask a second factor, and the RADIUS
module for PAM does not like it, which makes them incompatible.
This commit:
* disables KbdInteractiveAuthentication
* changes order for PAM modules - make it first, before `pam_unix` or
`pam_radius_auth`
* enables the `forward_pass` option for `pam_google_authenticator` to accept
both password and MFA in a single input
As a result, local, RADIUS, and MFA work together.
Important change: MFA should be entered together with a password.
Before:
```
vyos login: <USERNAME>
Password: <PASSWORD>
Verification code: <MFA>
```
Now:
```
vyos login: <USERNAME>
Password & verification code: <PASSWORD><MFA>
```
|
|
T5029: Change nginx default root directory
|
|
http-api: T5030: fix missing check on delete keys id tag or key value
|
|
T5029: Fix Regex for nginx to find a better match
|
|
|
|
|
|
|
|
ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici library
|
|
1. Changed reset IPSEC, IKE SAs to use vici library.
2. Created package vyos.ipsec to communicate with vici library.
|
|
T5027: Enable legacy provider to support current ciphers
|
|
T5013: Extend accelppp op-mode script to get statistic
|
|
T5017: Add interface ifbX to constraint interface-name
|
|
|
|
|
|
|
|
* We will need to remove insecure ciphers as a long-term solution (BF-CBC, DES...)
|
|
|
|
|
|
|
|
T5025: Fix timezones and validator use timedatectl
|
|
Fix timezones completion help and validotor
Use 'timedatectl' insted of find zoneinfo
|
|
openconnect: T5023: Conf script missing optional config parameter
|
|
|
|
ipsec: T4593: Remove references to deleted variables
|
|
|
|
T5020: Extend openvpn op-mode to get list of configured clients
|
|
T5007: Fix multicast implementation for the tunnel interfaces
|
|
T4978: Default values of port rewrite default container values
|
|
As we have the same variable name 'default_values' for container
name, port and volume, it rewrites default container parameters
with default port parameters
Fix it
|
|
Extend openvpn.py op-mode script to get list of configured clients
for the '--raw' output
|
|
Multicast has not been implemented for the tunnel interfaces.
We have only configuration CLI commands that do anything.
Fix it.
ip link set dev <tag> multicast on
ip link set dev <tag> multicast off
|
|
T4886: allow connection-mark 0 value, which is acceptable
|
|
|