Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-08-18 | T3896: Drop cserv local user req, add groupconfig | RageLtMan | |
From ocserv documentation: ``` If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from radius. That also includes the Acct-Interim-Interval, and Session-Timeout values. ``` Implement yes/no configuration and parameter handling during jinja rendering. Fix bug wherein openconnect-server configuration requires creation of local user accounts even when RADIUS authentication is used. Testing: Set the groupconfig=yes param and observed change in generated /run/ocserv/ocserv.conf. Removed the local users via `delete vpn openconnect authentication local-users` and observed commit & service operation | |||
2022-08-17 | nat: T538: Add static NAT one-to-one | Viacheslav Hletenko | |
Ability to set static NAT (one-to-one) in one rule set nat static rule 10 destination address '203.0.113.0/24' set nat static rule 10 inbound-interface 'eth0' set nat static rule 10 translation address '192.0.2.0/24' It will be enough for PREROUTING and POSTROUTING rules Use a separate table 'vyos_static_nat' as SRC/DST rules and STATIC rules can have the same rule number | |||
2022-08-16 | Merge pull request #1475 from sever-sever/T4613 | Christian Poessinger | |
upnp: T4613: Verify listen key in dictionary | |||
2022-08-16 | Merge pull request #1474 from DaniilHarun/current | Christian Poessinger | |
T4619: Replacing instead of adding a static arp entry | |||
2022-08-16 | UPnP: T4620: Fix Jinja2 template rules | Viacheslav Hletenko | |
2022-08-16 | upnp: T4613: Verify listen key in dictionary | Viacheslav Hletenko | |
There is no check if 'listen' is exist in the dictionary, fix it Fix odd ValueHelp format | |||
2022-08-16 | T4619: Replacing instead of adding a static arp entry | DaniilHarun | |
2022-08-16 | Merge pull request #1462 from sever-sever/T4596 | Christian Poessinger | |
ocserv: T4596: Rewrite show openconnect sessions op-mode | |||
2022-08-16 | Debian: T4584: remove version number from hostap package requirement | Christian Poessinger | |
2022-08-16 | Merge pull request #1471 from mkorobeinikov/current | Christian Poessinger | |
dhcp-relay: T4601: restart dhcp relay-agent | |||
2022-08-16 | dhcp-relay: T4601: restart dhcp relay-agent | mkorobeinikov | |
The command "restart dhcp relay-agent" doesn't restart "isc-dhcp-relay" service. | |||
2022-08-15 | ocserv: openconnect: T4614: add support for split-dns | Christian Poessinger | |
set vpn openconnect network-settings split-dns <domain> | |||
2022-08-15 | smoketest: ocserv: implement config file validation | Christian Poessinger | |
2022-08-15 | ocserv: T4333: migrate to new vyos_defined Jinja2 test | Christian Poessinger | |
2022-08-15 | Merge pull request #1468 from sever-sever/T4609 | Christian Poessinger | |
container: T4609: Fix restart container | |||
2022-08-15 | container: T4609: Fix restart container | Viacheslav Hletenko | |
Add 2 dashes for arg "name" | |||
2022-08-15 | Merge pull request #1465 from sever-sever/T4595 | Christian Poessinger | |
dmvpn: T4595: Fix dpd profile options | |||
2022-08-11 | Merge pull request #1464 from sever-sever/T4603 | Christian Poessinger | |
l2tp: T4603: Add RADIUS nas-ip-address option | |||
2022-08-10 | dmvpn: T4595: Fix dpd profile options | Viacheslav Hletenko | |
Fix template for configuration DMVPN IKE profile dead-peer-detection delay and dead-peer-detecion timeout options | |||
2022-08-10 | l2tp: T4603: Add RADIUS nas-ip-address option | Viacheslav Hletenko | |
Add l2tp authentication radius nas-ip-address option which will be sent in NAS-IP-Address Radius attribute | |||
2022-08-08 | Merge pull request #1461 from nicolas-fort/nat66-exclude | Christian Poessinger | |
nat66: T4598: Add exclude options in nat66 | |||
2022-08-08 | nat66: T4598: add file nat-exclue.xml.i, which is invoked by nat66.xml.in ↵ | Nicolas Fort | |
and nat-rule.xml.i | |||
2022-08-06 | ocserv: T4596: Rewrite show openconnect sessions op-mode | Viacheslav Hletenko | |
Rewrite "show openconnect-server sessions" to vyos.opmode format Ability to get raw and formatted output Ability to get data via API | |||
2022-08-05 | Merge pull request #1460 from sever-sever/T4597 | Christian Poessinger | |
ocserv: T4597: Check bind port before openconnect commit | |||
2022-08-05 | nat66: T4598: Add exclude options in nat66 | Nicolas Fort | |
2022-08-05 | ocserv: T4597: Check bind port before openconnect commit | Viacheslav Hletenko | |
Check if openconnect listen port is available and not used by another service | |||
2022-08-05 | Merge pull request #1459 from dmbaturin/genop-exn | Viacheslav Hletenko | |
T2719: add an exception hierarchy for op mode errors | |||
2022-08-05 | bgp: T4257: bugfixes after renaming "local-as" to "system-as" | Christian Poessinger | |
2022-08-04 | Merge https://github.com/Cheeze-It/vyos-1x into current | Christian Poessinger | |
* https://github.com/Cheeze-It/vyos-1x: bgp: T4257: Changing BGP "local-as" to "system-as" | |||
2022-08-04 | macsec: T4537: macsec_csindex can be set even without encryption | Christian Poessinger | |
2022-08-04 | smoketest: macsec: T4537: validate macsec_csindex for both AES-GCM-128 and ↵ | Christian Poessinger | |
AES-GCM-256 | |||
2022-08-04 | T2719: add an exception hierarchy for op mode errors | Daniil Baturin | |
2022-08-04 | Merge pull request #1457 from sever-sever/T4586 | Christian Poessinger | |
nat66: T4586: Add SNAT destination prefix and DNAT address | |||
2022-08-04 | ipsec: T4594: Rewrite op-mode show vpn ipsec sa | Viacheslav Hletenko | |
Rewrite op-mode "show vpn ipsec sa" to new format Use vyos.opmode format Ability to get raw and formatted output | |||
2022-08-04 | graphql: T4544: Add ipsec.py to op-mode-standardized.json | Viacheslav Hletenko | |
Add overwritten script 'ipsec.py' to 'op-mode-standardized.json' | |||
2022-08-04 | utils: T4594: Add convert_data util | Viacheslav Hletenko | |
Convert multiple types of data to types usable in CLI For example 'vici' returns values in bytestring/bytes and we can decode them all at once | |||
2022-08-04 | macsec: T4592: can not create two interfaces using the same source-interface | Christian Poessinger | |
2022-08-04 | vyos.config.configdict: T4592: only print interface name, not interface dict ↵ | Christian Poessinger | |
on error | |||
2022-08-04 | smoketest: macsec: T4537: verify macsec_csindex | Christian Poessinger | |
2022-08-03 | Merge pull request #1369 from nicolas-fort/T4480 | Daniil Baturin | |
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config | |||
2022-08-03 | nat66: T4586: Add SNAT destination prefix and DNAT address | Viacheslav Hletenko | |
Ability to configure SNAT destination prefix and DNAT source address Add option "!" - not address/prefix for NAT66 | |||
2022-08-03 | validators: T4586: Add IPv6 exclude validators for address/prefix | Viacheslav Hletenko | |
Add IPV6 exclude validators: - ipv6-address-exclude - ipv6-prefix-exclude Will use in nat66 source/destination | |||
2022-08-02 | Merge pull request #1456 from sever-sever/T4585 | Christian Poessinger | |
containers: T4585: Add option restart to containers.py | |||
2022-08-02 | containers: T4585: Add option restart to containers.py | Viacheslav Hletenko | |
Add option restart to `containers.py` | |||
2022-08-02 | Merge pull request #1455 from sever-sever/T4544 | Christian Poessinger | |
graphql: T4544: Add overwritten scripts op-mode-standardized.json | |||
2022-08-02 | graphql: T4544: Add overwritten scripts op-mode-standardized.json | Viacheslav Hletenko | |
Add overwritten scripts to 'op-mode-standardized.json' | |||
2022-08-02 | Merge pull request #1454 from sever-sever/T4585 | Christian Poessinger | |
container: T4585: Rewrite show container | |||
2022-08-02 | container: T4585: Rewrite show container | Viacheslav Hletenko | |
Rewrite op-mode: - show container - show container network - show container image to the new vyos.opmode format | |||
2022-08-02 | macsec: T4537: add mussing macsec_csindex option to support GCM-AES-256 | Christian Poessinger | |
2022-08-02 | hostap: T4584: add Debian specific options to systemd unit files | Christian Poessinger | |