summaryrefslogtreecommitdiff
path: root/src/conf_mode/vpn_openconnect.py
AgeCommit message (Collapse)Author
2023-01-26ocserv: T3896: add CLI options to configure ocserv config-per-user/groupJamie Austin
Adds CLI configurations under VPN - OpenConnect to facilitate per user/group vpn session configurations. Validation has been added to restrict config-per-group to be exclusive to OpenConnect RADIUS authentication as the config file is looked up based on a RADIUS response attribute - as well as sanity check that the necessary configs are configured when not disabled.
2022-12-07T4861: Openconnect replace restart to reload-or-restartViacheslav Hletenko
Every change in openconnect restarts the ocserv.service Replace "restart" to "reload-or-restart" to avoid disconnect clients during change configs
2022-12-05Merge pull request #1693 from sever-sever/T4860Christian Poessinger
T4860: Verify if mode in openconnect ocserv dict
2022-12-04T4860: Verify if mode in openconnect ocserv dictViacheslav Hletenko
openconnect authentication mode must be set check dict that 'mode' exists in openconnect authentication
2022-12-04T4848: Fix for default route vpn openconnectViacheslav Hletenko
ocserv template expects list of routes but gets str "default" it cause wrong routes like: route = d route = e route = f route = a route = u route = l route = t Fix it
2022-09-16ocserv: T4656: use "0.0.0.0" defaultValue via XML definition"Christian Poessinger
2022-09-16ocserv: openconnect: T4656: add listen-address CLI optionDemon_H
This will set the listen-host ocserv configuration option.
2022-09-15Merge pull request #1477 from sempervictus/feature/ocserv_groupsViacheslav Hletenko
T3896(adjacent): Fix ocserv local user requirement, add groupconfig
2022-08-20ocserv: T4597: Fix check bounded port by service itselfViacheslav Hletenko
We check listen port before commit service if is port available and not bounded, but when we start openconnect our own port starts be bounded by "ocserv-main" process and next commit will be fail as port is already bound To fix it, extend check if port already bonded and it is not our self process "ocserv-main"
2022-08-18T3896: Drop cserv local user req, add groupconfigRageLtMan
From ocserv documentation: ``` If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from radius. That also includes the Acct-Interim-Interval, and Session-Timeout values. ``` Implement yes/no configuration and parameter handling during jinja rendering. Fix bug wherein openconnect-server configuration requires creation of local user accounts even when RADIUS authentication is used. Testing: Set the groupconfig=yes param and observed change in generated /run/ocserv/ocserv.conf. Removed the local users via `delete vpn openconnect authentication local-users` and observed commit & service operation
2022-08-05ocserv: T4597: Check bind port before openconnect commitViacheslav Hletenko
Check if openconnect listen port is available and not used by another service
2022-05-01openconnect: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-04-09ocserv: T4231: Added OTP support for Openconnect 2FAgoodNETnick
2022-03-16ocserv: T4231: Added OTP support for Openconnect 2FAgoodNETnick
2021-12-01openconnect: T3695: Add systemd service checker on commitDmitriyEshenko
2021-07-20pki: openconnect: T3642: Migrate OpenConnect SSL to PKI configurationsarthurdev
2021-04-30openconnect: T3461: Delete CA crt file checkssever-sever
2020-11-27vyos.template: T2720: always enable Jinja2 trim_blocks featureChristian Poessinger
2020-09-09openconnect: T2036: Move CLI commands under vpn openconnectDmitriyEshenko