Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-05-22 | login: T2492: do not set encrypted user password when it is not changed | Christian Poessinger | |
2020-05-22 | pppoe: T2488: bugfix, missing not in if condition prevented startup | Christian Poessinger | |
Commit 39c53aadbf9e ("pppoe: T2488: remove logfile generation") accidently missed a not in an if statement. | |||
2020-05-22 | pppoe: T2380: drop superfluous list_pppoe_peers.sh | Christian Poessinger | |
2020-05-22 | macsec: T2491: add replay window protection | Christian Poessinger | |
2020-05-22 | macsec: T2023: only render mka in template if encrypt enabled | Christian Poessinger | |
2020-05-22 | macsec: T2023: flake8/autopep8 corrections | Christian Poessinger | |
2020-05-22 | macsec: T2023: fix wrong use or f-format string | Christian Poessinger | |
2020-05-22 | macsec: T2023: remove unused import | Christian Poessinger | |
2020-05-21 | nat: T2460: add src/op_mode/show_nat_translations.py | Thomas Mangin | |
2020-05-21 | macsec: T2023: add valueHelp for MKA keys | Christian Poessinger | |
2020-05-21 | pppoe: T2380: fix NameError: name 'intf' is not defined | Christian Poessinger | |
2020-05-21 | pppoe: T2380: dis-/connect should use proper systemd calls | Christian Poessinger | |
2020-05-21 | pppoe: T2488: remove logfile generation | Christian Poessinger | |
2020-05-21 | pppoe: wwan: T2488: drop individual ppp logs | Christian Poessinger | |
2020-05-21 | wireless: T1627: remove get_conf_file() | Christian Poessinger | |
2020-05-21 | macsec: T2023: delete wpa_supplicant config when interface is removed | Christian Poessinger | |
2020-05-21 | macsec: T2023: stop wpa_supplicant on interface deletion | Christian Poessinger | |
2020-05-21 | Merge branch 'macsec-t2023' of github.com:c-po/vyos-1x into current | Christian Poessinger | |
* 'macsec-t2023' of github.com:c-po/vyos-1x: macsec: T2023: cleanup wpa_supplicant config file name macsec: T2023: improve verify() when encryption is enabled macsec: T2023: support MACsec Key Agreement protocol actor priority macsec: T2023: rename "security key" node to "security mka" macsec: T2023: use wpa_supplicant for key management macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node macsec: T2023: extend key generator for CAK and CKN in operation mode macsec: T2023: remove gcm-aes-256 cipher type macsec: T2023: cipher suite is mandatory macsec: T2023: use list when working with Config() macsec: T2023: add 'show interfaces macsec' op-mode tree macsec: T2023: add optional encryption command macsec: T2023: generate secure channel keys in operation mode macsec: T2023: add initial XML and Python interfaces ifconfig: T2023: add initial MACsec abstraction interface: T2023: adopt _delete() to common style interface: T2023: remove superfluous at end of list macvlan: T2023: prepare common source interface include file | |||
2020-05-21 | macsec: T2023: cleanup wpa_supplicant config file name | Christian Poessinger | |
2020-05-21 | macsec: T2023: improve verify() when encryption is enabled | Christian Poessinger | |
With enabled encryption keys must be configured. | |||
2020-05-21 | macsec: T2023: support MACsec Key Agreement protocol actor priority | Christian Poessinger | |
2020-05-21 | macsec: T2023: rename "security key" node to "security mka" | Christian Poessinger | |
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that. | |||
2020-05-21 | macsec: T2023: use wpa_supplicant for key management | Christian Poessinger | |
2020-05-21 | macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node | Christian Poessinger | |
This is best suited as a key is required, too. | |||
2020-05-21 | macsec: T2023: extend key generator for CAK and CKN in operation mode | Christian Poessinger | |
CAK - Connectivity Association Key CKN - Connectivity Association Name | |||
2020-05-21 | macsec: T2023: remove gcm-aes-256 cipher type | Christian Poessinger | |
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2. | |||
2020-05-21 | macsec: T2023: cipher suite is mandatory | Christian Poessinger | |
2020-05-21 | macsec: T2023: use list when working with Config() | Christian Poessinger | |
2020-05-21 | macsec: T2023: add 'show interfaces macsec' op-mode tree | Christian Poessinger | |
vyos@vyos# run show interfaces macsec 13: macsec1: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bf19260001 on SA 0 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0 vyos@vyos# run show interfaces macsec macsec2 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0 | |||
2020-05-21 | macsec: T2023: add optional encryption command | Christian Poessinger | |
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt | |||
2020-05-21 | macsec: T2023: generate secure channel keys in operation mode | Christian Poessinger | |
2020-05-21 | macsec: T2023: add initial XML and Python interfaces | Christian Poessinger | |
2020-05-21 | ifconfig: T2023: add initial MACsec abstraction | Christian Poessinger | |
2020-05-20 | interface: T2023: adopt _delete() to common style | Christian Poessinger | |
2020-05-20 | interface: T2023: remove superfluous at end of list | Christian Poessinger | |
2020-05-20 | macvlan: T2023: prepare common source interface include file | Christian Poessinger | |
2020-05-20 | Merge pull request #417 from thomas-mangin/T2467 | Christian Poessinger | |
util: T2467: fix missing import | |||
2020-05-20 | util: T2467: fix missing import | Thomas Mangin | |
2020-05-20 | Merge pull request #416 from kroy-the-rabbit/patch-5 | Daniil Baturin | |
T2465: Permissions on vyos-hostsd socket incorrect | |||
2020-05-20 | Merge pull request #415 from kroy-the-rabbit/revert-413-patch-4 | Daniil Baturin | |
Revert "T2465: vyos-hostsd-client needs sudo" | |||
2020-05-19 | T2465: Permissions on vyos-hostsd socket incorrect | kroy-the-rabbit | |
The DHCP server is unable to apply entries to the hosts file because the permissions on the socket are getting created wrong. ``` $ ls -al /run/vyos-hostsd.sock srwxrwxrwx 1 root vyattacfg 0 May 20 01:38 /run/vyos-hostsd.sock ``` This gives it the correct permissions so that the nobody/nobody user/group can change it. | |||
2020-05-19 | Revert "T2465: vyos-hostsd-client needs sudo" | kroy-the-rabbit | |
2020-05-19 | bgp: T2387: rename new implementation else system will not boot | Christian Poessinger | |
It is not possible to simply remove the node.def file in a tag node. Rather rename the tag node to take it out of order by default. Upcoming BGP developers simply need to remove this line in the Makefile added by the commit. | |||
2020-05-19 | Merge pull request #414 from thomas-mangin/T2467 | Christian Poessinger | |
util: T2467: automatically add sudo to known commands | |||
2020-05-19 | Merge pull request #378 from sever-sever/bgp-xml-conf | Christian Poessinger | |
bgp-xml: T2387:Commands in XML for [conf_mode] bgp | |||
2020-05-19 | wireguard: T2481: support IPv6 based underlay | Christian Poessinger | |
2020-05-19 | util: T2467: add systemctl to autosudo | Thomas Mangin | |
2020-05-19 | util: T2467: add autosudo as an option to command | Thomas Mangin | |
2020-05-19 | nat: do not report unassigned IP address for DNAT | Christian Poessinger | |
That warning made no sense as the destination address where we forward a port to is by design not locally connected. | |||
2020-05-19 | Merge pull request #413 from kroy-the-rabbit/patch-4 | Christian Poessinger | |
T2465: vyos-hostsd-client needs sudo |