Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-04-22 | Merge branch 'pptp-rewrite' of github.com:c-po/vyos-1x into current | Christian Poessinger | |
* 'pptp-rewrite' of github.com:c-po/vyos-1x: accel-ppp: fix wrong reference in verify() on missing attributes accel-ppp: T2314: bugfix wrong placement of endif in Jinja2 template vpn: pptp: T2351: add support for common radius-additions XML vpn: pptp: T2351: migrate to common radius CLI vpn: pptp: T2351: migrate to common name-server, wins-server nodes accel-ppp: provide common wins-server include definition vpn: pptp: T2351: use first IP from client pool as gateway address vpn: pptp: T2351: align configuration to other accel implementations vpn: pptp: T2351: migrate from SysVinit to systemd vyos.util: migrate all cpu_count() occurances to common get_half_cpus() | |||
2020-04-22 | vpn: pptp: T2351: add support for common radius-additions XML | Christian Poessinger | |
2020-04-22 | vpn: pptp: T2351: migrate to common radius CLI | Christian Poessinger | |
2020-04-22 | vpn: pptp: T2351: migrate to common name-server, wins-server nodes | Christian Poessinger | |
2020-04-22 | accel-ppp: provide common wins-server include definition | Christian Poessinger | |
2020-04-22 | Merge pull request #368 from DmitriyEshenko/mroute-pim | Christian Poessinger | |
mroute: T2364: Implement CLI commands for mroute | |||
2020-04-21 | mroute: T2364: Implement CLI commands for mroute | DmitriyEshenko | |
2020-04-21 | accel-ppp: unify "authentication mode" XML definition to common include file | Christian Poessinger | |
2020-04-21 | tunnel: T2204: add source-interface | Thomas Mangin | |
2020-04-21 | macvlan: T1635: fix source-interface description | Christian Poessinger | |
2020-04-21 | dhcpv6: T2341: remove obsolete priority causing priority inversion | Christian Poessinger | |
2020-04-20 | macvlan: pseudo-ethernet: T2341: adjust priority to support bond ↵ | Christian Poessinger | |
source-interfaces | |||
2020-04-19 | xml: T2337: bugfix on missing hw-id node | Christian Poessinger | |
Commit 021a2470bd67 ("XML: T2282: clarify on ethernet and wireless hw-id nodes") created a common XML include file out of the MAC address include file which totally blew everything as we now have two "mac" nodes as it was not renamed to "hw-id". | |||
2020-04-19 | {pppoe,ipoe}-server: T2324: T2314: migrate to common accel-name-server XML | Christian Poessinger | |
2020-04-19 | ipoe-server: T2324: use common accel-radius-additions XML file | Christian Poessinger | |
2020-04-19 | pppoe-server: T2314: add common accel-radius-additions XML file | Christian Poessinger | |
2020-04-18 | ipoe-server: T2324: migrate IPv6 client IP pool to common CLI nodes | Christian Poessinger | |
2020-04-18 | ipoe-server: T2324: migrate RADIUS configuration to common CLI syntax | Christian Poessinger | |
2020-04-18 | ipoe-server: T2324: migrate IPv4/IPv6 name-servers to common node | Christian Poessinger | |
2020-04-18 | ipoe-server: T2324: remove boilerplate code and adjust to other accel ↵ | Christian Poessinger | |
implementations | |||
2020-04-18 | router-advert: rename XML/Python files for a common pattern | Christian Poessinger | |
2020-04-18 | ipoe-server: rename XML/Python files for a common pattern | Christian Poessinger | |
2020-04-18 | pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validation | Christian Poessinger | |
2020-04-18 | pppoe-server: T2314: migrate RADIUS configuration to common CLI syntax | Christian Poessinger | |
2020-04-18 | vpn: l2tp: pptp: sstp: rename files to common pattern | Christian Poessinger | |
2020-04-18 | pppoe-server: T2314: migrate IPv4/IPv6 name-servers to common node | Christian Poessinger | |
Instead of having "dns-server server-1|server-2" nodes and the same for IPv6 all DNS nameservers are migrated to a common name-servers node. | |||
2020-04-18 | pppoe-server: T2314: remove boilerplate code and adjust | Christian Poessinger | |
2020-04-17 | wireless: T2306: bugfix: insert missing </leafNode> | Alain Lamar | |
2020-04-17 | wireless: T2306: Add new cipher suites to the WiFi configuration | Alain Lamar | |
Yet, VyOS knows these two encryption schemes for WiFi: 1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128) 2. TKIP = Temporal Key Integrity Protocol These encryption schemes are new and especially the Galois counter mode cipher suites are very desirable! 1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key 2. GCMP = Galois/counter mode protocol (GCMP-128) 3. GCMP-256 = Galois/counter mode protocol with 256-bit key CCMP is supported by all WPA2 compatible NICs, so this remains the default cipher for bidirectional and group packets while using WPA2. Use 'iw list' to figure out which cipher suites your cards support prior to configuring other cipher suites than CCMP. AP NICs and STA NICs must both support at least one common cipher in a given list in order to associate successfully. | |||
2020-04-16 | openvpn: T149: IPv6 support | Jernej Jakob | |
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool) | |||
2020-04-15 | openvpn: T2335: allow disabling client-ip-pool | Jernej Jakob | |
2020-04-13 | Merge pull request #325 from jjakob/openvpn-pool | Christian Poessinger | |
openvpn: T2235: add custom server pool handling | |||
2020-04-13 | openvpn: T2235: add custom server pool handling | jjakob | |
- add config options and logic for server client-ip-pool - add function for determining default IPs for the server in different configurations - verify for pool IPs and maximum subnet prefix length - move remote netmask logic for client ifconfig-push to use new function - add topology 'net30' , set it as default (as it already was) - replace generic ip_* with IPv4* where necessary - print warning to console when server client IP is in server pool - fix server subnet help field | |||
2020-04-13 | XML: T2282: clarify on ethernet and wireless hw-id nodes | Christian Poessinger | |
2020-04-11 | vpn: l2tp: T2264: migrate IPv6 prefix node to common CLI style | Christian Poessinger | |
Combining multiple options into a single CLI node is considered bad practice. IPv6 prefixes consited of the prefix itself and a mask send to the client in one node only. The following CLI parts have been migrated from client-ipv6-pool { delegate-prefix fc00:0:1::/48,64 prefix 2001:db8::/64,64 } to client-ipv6-pool { delegate fc00:0:1::/48 { delegation-prefix 48 } prefix 2001:db8::/48 { mask 64 } } Thus regular validation steps from the VyOS CLI can be used when a prefix is configured. | |||
2020-04-11 | vpn: l2tp: T2110: re-use RADIUS XML include file | Christian Poessinger | |
2020-04-11 | vpn: l2tp: T2264: remove RADIUS req-limit node | Christian Poessinger | |
It makes less sense for the user to specify this behavior. | |||
2020-04-11 | vpn: l2tp: T2264: combine WINS CLI syntax | Christian Poessinger | |
There is no reason to distinguish between WINS servers in terms of priority. This is solely a task which can be done in the underlaying Python scripts. | |||
2020-04-11 | vpn: l2tp: T2264: combine IPv4/IPv6 name-server CLI syntax | Christian Poessinger | |
There is no reason to distinguish between an IPv4 and IPv6 name-server node on the CLI - this can be done in the underlaying Python scripts. | |||
2020-04-11 | vpn: l2tp: T2264: rename files to match CLI levels | Christian Poessinger | |
2020-04-10 | l2tp: xml: group interface definition into vpn section | Christian Poessinger | |
2020-04-10 | vif-c: T2240: add VRF support | Christian Poessinger | |
2020-04-10 | Revert "vif-s: T2240: add VRF support" | Christian Poessinger | |
This reverts commit 2d33cf656f5856fb06e8390fc2250bb99ea0206b. | |||
2020-04-09 | vxlan: T2172: add source-address option | Christian Poessinger | |
This is a base requirement for l2vpn evpn. When source-address is configured, the option "local <source-addr> nolearning" is appended when creating the interface as mentioned here: https://vincent.bernat.ch/en/blog/2017-vxlan-bgp-evpn | |||
2020-04-09 | xml: radius: update source-address valueHelp | Christian Poessinger | |
2020-04-09 | vxlan: pseudo-ethernet: T2260: convert link nodes to source-interface | Christian Poessinger | |
2020-04-08 | vif-s: T2240: add VRF support | Christian Poessinger | |
2020-04-08 | wireguard: T2244: split port configuration to XML include file | Christian Poessinger | |
2020-04-08 | wireguard: T2247: add VRF support | Christian Poessinger | |
2020-04-08 | wireguard: T2244: use xml include for mtu | Christian Poessinger | |