Age | Commit message (Collapse) | Author |
|
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
Removes port key from accounting server merged config dictionary.
|
|
|
|
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
|
|
After merging config dictionary with default values, radius port
the default value was merged not in a proper way.
It is added as a server.
After creating radiusclient.conf added and the illegal authserver
equal 'port'.
|
|
Every change in openconnect restarts the ocserv.service
Replace "restart" to "reload-or-restart" to avoid disconnect
clients during change configs
|
|
T4860: Verify if mode in openconnect ocserv dict
|
|
openconnect authentication mode must be set
check dict that 'mode' exists in openconnect authentication
|
|
ocserv template expects list of routes but gets str "default"
it cause wrong routes like:
route = d
route = e
route = f
route = a
route = u
route = l
route = t
Fix it
|
|
|
|
This will set the listen-host ocserv configuration option.
|
|
T3896(adjacent): Fix ocserv local user requirement, add groupconfig
|
|
We check listen port before commit service if is port available and
not bounded, but when we start openconnect our own port starts be
bounded by "ocserv-main" process and next commit will be fail as
port is already bound
To fix it, extend check if port already bonded and it is not our
self process "ocserv-main"
|
|
From ocserv documentation:
```
If the groupconfig option is set, then config-per-user will be
overriden, and all configuration will be read from radius. That
also includes the Acct-Interim-Interval, and Session-Timeout
values.
```
Implement yes/no configuration and parameter handling during jinja
rendering.
Fix bug wherein openconnect-server configuration requires creation
of local user accounts even when RADIUS authentication is used.
Testing:
Set the groupconfig=yes param and observed change in generated
/run/ocserv/ocserv.conf.
Removed the local users via `delete vpn openconnect
authentication local-users` and observed commit & service operation
|
|
Check if openconnect listen port is available and not used by
another service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|