summaryrefslogtreecommitdiff
path: root/data/templates/openvpn
AgeCommit message (Collapse)Author
2021-10-07openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-10-07pull request fixesKim Hagen
2021-09-17Revert "openvpn: T3736: openvpn-option keeps and adds double dashes (--)"Kim Hagen
This reverts commit 415e572dfba776a981e2ec1e4331c30cd5cb59f3.
2021-09-17update the location of the openvpn-otp.so pluginKim Hagen
2021-09-03do not use capitals in opmodeKim Hagen
rename t0 to drift add subnemu for 2fa to make it more readable
2021-09-03fix configure error if 2fa is defined but no option is definedKim Hagen
2021-09-03change secret file location in templateKim Hagen
2021-09-03fix file location and use correct variableKim Hagen
2021-09-02add 2fa op files and update templateKim Hagen
2021-08-17add part 2faKim Hagen
2021-08-11openvpn: T3736: openvpn-option keeps and adds double dashes (--)Kim Hagen
2021-07-21pki: openvpn: T3642: Migrate OpenVPN to PKI and refactorsarthurdev
2021-06-25openvpn: T1704: drop deprecated disable-ncp optionChristian Poessinger
2021-06-24openvpn: T1512: T3641: drop deprecated "compat-names" optionChristian Poessinger
2021-06-24openvpn: T3641: remove deprecated iproute optionChristian Poessinger
Executing iproute2 commands as unprivileged member of the openvpn group is now handled via a sudoers file.
2021-01-17openvpn: T2381: bugfix rendering multiple openvpn-options from CLIChristian Poessinger
The CLI statement "set interfaces openvpn vtun10 openvpn-option '--tun-mtu 1500 --fragment 1300 --mssfix'" will render in vtun10.conf to: --tun-mtu 1500 --fragment 1300 --mssfix On startup OpenVPN complains about: openvpn-vtun10: Options error: Unrecognized option or missing or extra parameter(s) in vtun10.conf:76: tun-mtu (2.4.7) The options must be split on -- to a new configuration line.
2021-01-14openvpn: T3219: fix for server client subnet IPv6 irouteJernej Jakob
2020-12-31openvpn: T2994: fix ipv6 server modeChristian Poessinger
2020-12-21openvpn: T3143: Push routes in correct format <IP> <NETMASK>DmitriyEshenko
2020-12-08openvpn: T3117: fix generated ncp-ciphers in server configChristian Poessinger
2020-11-23openvpn: T3074: fix site-2-site operation modeChristian Poessinger
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected.
2020-11-22openvpn: T3080: add missing multiplication on keepalive config optionChristian Poessinger
2020-11-21openvpn: T3060: fix client authentication username and password fileChristian Poessinger
2020-11-21openvpn: T3060: always listen op IPv4 and IPv6 socketsChristian Poessinger
2020-11-14openvpn: T2550: default connection protocol to udpChristian Poessinger
setting this to udp will allow both IPv4 and IPv6 connections. According to the MAN page: proto indicates the protocol to use when connecting with the remote, and may be "tcp" or "udp". For forcing IPv4 or IPv6 connection suffix tcp or udp with 4/6 like udp4/udp6/tcp4/tcp6.
2020-11-13openvpn: T3060: fix CLI to real config mapping for protocol nodeChristian Poessinger
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-11-13openvpn: T3051: fix creation of ifconfig-pool for client communicationChristian Poessinger
2020-11-06openvpn: T3051: fix multiple pushed routes to preconfigured clientsChristian Poessinger
2020-11-01openvpn: T2994: re-add ifconfig-pool statement in server configChristian Poessinger
Re-organize the template code and add addtitional Jinja2 filters for processing the ifconfig-pool statement. This reverts the changes from commit 7e546be9 ("openvpn: T2994: temporary revert to 1.2 crux behavior for client pools").
2020-11-01openvpn: T2994: remove workarounds for individual ipv4 and ipv6 keysChristian Poessinger
Remove workaround which split (local|remote)_address and also subnet keys into individual keys for the assigned IP address family (4/6). During template rendering check IP version by introducing new ipv4 and ipv6 Jinja2 filters {% if foo | ipv4 %} or {% if bar | ipv6 %} options.
2020-10-31openvpn: T2994: temporary revert to 1.2 crux behavior for client poolsChristian Poessinger
2020-10-31openvpn: T2994: bugfix evaluating replace-default-route in templateChristian Poessinger
2020-10-30openvpn: T2994: migrate to get_config_dict()Christian Poessinger
2020-09-22openvpn: T2906: tls-auth missing key directionMarcus Hoff
2020-09-22openvpn: T2907: add 'none' encryption option to not encrypt any dataMarcus Hoff
2020-05-04openvpn: T2241: remove redundant bridge_member variableJernej Jakob
2020-04-20openvpn: T2339: fix for IPv4 local-host addressesJernej Jakob
Commit bb9f998 introduced a bug where openvpn fails to start if 'local-host' is an IPv4 address due to 'proto' wanting a IPv6 socket. This adds a conditional check and uses normal proto if it's IPv4.
2020-04-19openvpn: T2308: fix path to UNIX control socketChristian Poessinger
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to systemd") as not all relevant configuration files have been re-rendered into /run/openvpn.
2020-04-19openvpn: T2336: fix auth-user-pass file generationChristian Poessinger
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to systemd") as not all relevant configuration files have been re-rendered into /run/openvpn
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-15openvpn: T2335: allow disabling client-ip-poolJernej Jakob
2020-04-13Merge pull request #325 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2235: add custom server pool handling
2020-04-13openvpn: T2235: add custom server pool handlingjjakob
- add config options and logic for server client-ip-pool - add function for determining default IPs for the server in different configurations - verify for pool IPs and maximum subnet prefix length - move remote netmask logic for client ifconfig-push to use new function - add topology 'net30' , set it as default (as it already was) - replace generic ip_* with IPv4* where necessary - print warning to console when server client IP is in server pool - fix server subnet help field
2020-04-13openvpn: T2283: move ccd to /run/openvpnjjakob
Commit a457c9d2 moved the config directory to /run/openvpn but didn't move the client-config-dir in the template.
2020-04-12openvpn: T2273: migrate volatile data to /run/openvpnChristian Poessinger
2020-04-11openvpn: T2273: migrate from SysVinit to systemdChristian Poessinger
2020-04-10openvpn: T2261: re-add ccd to template (was removed by mistake)jjakob
Commit ef27cef0 mistakenly removed client-config-dir from the server template.
2020-04-08openvpn: T2234: clean up and rework openvpn templatejjakob
- rearranged options to put them in logical groups separated by blank lines - removed unnecessary blank lines (whitespace) - fixed encryption if-else comparison logic that caused 3des to be ignored - set tls if tls-version-min is set
2020-04-05openvpn: improve value help on ipfixChristian Poessinger
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-19 00:45:57 +0000