summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2020-04-20openvpn: T2339: fix for IPv4 local-host addressesJernej Jakob
Commit bb9f998 introduced a bug where openvpn fails to start if 'local-host' is an IPv4 address due to 'proto' wanting a IPv6 socket. This adds a conditional check and uses normal proto if it's IPv4.
2020-04-20bridge: T2320: add to tunnelThomas Mangin
2020-04-19l2tpv3: fix missing "," within default_config_dataChristian Poessinger
Commit 0e19d622a0410 ("bridge: T2232: move helper to vyos.validate") added a new key to the dictionary but missed out the required "," at the end.
2020-04-19openvpn: T2336: delete auth-user-pass file when interface is unused #2Christian Poessinger
2020-04-19Revert "openvpn: T2336: delete auth-user-pass file when interface is unused"Christian Poessinger
This reverts commit 26adfd6d0d03af44a03f327478199f3009f2ad3c.
2020-04-19openvpn: T2336: delete auth-user-pass file when interface is unusedChristian Poessinger
Unused means disabled or even deleted - there should be no secrets left-over.
2020-04-19openvpn: T2336: fix auth-user-pass file generationChristian Poessinger
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to systemd") as not all relevant configuration files have been re-rendered into /run/openvpn
2020-04-19bridge: T2232: bugfix - remove double colon (:)Christian Poessinger
2020-04-19bridge: T2232: move helper to vyos.validateChristian Poessinger
2020-04-19{pppoe,ipoe}-server: T2324: T2314: migrate CoA serverChristian Poessinger
2020-04-19pppoe-server: T2314: add common accel-radius-additions XML fileChristian Poessinger
2020-04-18ipoe-server: T2324: move template files to common accel-ppp template directoryChristian Poessinger
2020-04-18ipoe-server: T2324: migrate IPv6 client IP pool to common CLI nodesChristian Poessinger
2020-04-18ipoe-server: T2324: migrate RADIUS configuration to common CLI syntaxChristian Poessinger
2020-04-18ipoe-server: T2324: migrate IPv4/IPv6 name-servers to common nodeChristian Poessinger
2020-04-18ipoe-server: T2324: remove boilerplate code and adjust to other accel ↵Christian Poessinger
implementations
2020-04-18router-advert: rename XML/Python files for a common patternChristian Poessinger
2020-04-18ipoe-server: rename XML/Python files for a common patternChristian Poessinger
2020-04-18Merge branch 'pppoe-server-update' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'pppoe-server-update' of github.com:c-po/vyos-1x: accel-ppp: T2314: use common tempplate for chap-secrets pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validation pppoe-server: T2313: bugfix Floating Point Exception pppoe-server: T2314: migrate RADIUS configuration to common CLI syntax vpn: l2tp: pptp: sstp: rename files to common pattern pppoe-server: T2314: migrate IPv4/IPv6 name-servers to common node vpn: l2tp: sstp: ease unlinking of configuration files pppoe-server: T2314: remove boilerplate code and adjust pppoe-server: T2185: migrate from SysVinit to systemd
2020-04-18accel-ppp: T2314: use common tempplate for chap-secretsChristian Poessinger
2020-04-18pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validationChristian Poessinger
2020-04-18ipsec: T2317: Fix typo with delimiterDmitriyEshenko
2020-04-18pppoe-server: T2314: migrate RADIUS configuration to common CLI syntaxChristian Poessinger
2020-04-18vpn: l2tp: pptp: sstp: rename files to common patternChristian Poessinger
2020-04-18pppoe-server: T2314: migrate IPv4/IPv6 name-servers to common nodeChristian Poessinger
Instead of having "dns-server server-1|server-2" nodes and the same for IPv6 all DNS nameservers are migrated to a common name-servers node.
2020-04-18vpn: l2tp: sstp: ease unlinking of configuration filesChristian Poessinger
2020-04-18pppoe-server: T2314: remove boilerplate code and adjustChristian Poessinger
2020-04-18pppoe-server: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-18ipsec: T2317: Fix adding params to ipsec configuration filesDmitriyEshenko
2020-04-17wireless: T2306: Add new cipher suites to the WiFi configurationAlain Lamar
Yet, VyOS knows these two encryption schemes for WiFi: 1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128) 2. TKIP = Temporal Key Integrity Protocol These encryption schemes are new and especially the Galois counter mode cipher suites are very desirable! 1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key 2. GCMP = Galois/counter mode protocol (GCMP-128) 3. GCMP-256 = Galois/counter mode protocol with 256-bit key CCMP is supported by all WPA2 compatible NICs, so this remains the default cipher for bidirectional and group packets while using WPA2. Use 'iw list' to figure out which cipher suites your cards support prior to configuring other cipher suites than CCMP. AP NICs and STA NICs must both support at least one common cipher in a given list in order to associate successfully.
2020-04-17flow-accounting: T2275: fix NameError: name 'stdout' is not definedChristian Poessinger
2020-04-17flow-accounting: T2275: import render template from correct libraryChristian Poessinger
2020-04-17Merge pull request #341 from thomas-mangin/T2223Christian Poessinger
op_mode: T2223: convert vyatta-show-interfaces.pl to show_interfaces.py
2020-04-16Merge pull request #342 from jjakob/openvpn-ipv6Christian Poessinger
openvpn: T149: IPv6 support
2020-04-16Merge pull request #347 from DmitriyEshenko/fix-ipoeChristian Poessinger
ipoe: T2294: Fix templates and migrate to systemd
2020-04-16ipoe: T2294: Migrate to systemdDmitriyEshenko
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-15Merge pull request #349 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2335: allow disabling client-ip-pool
2020-04-15login: T2295: move from calling an os binary to Python crypt() functionChristian Poessinger
2020-04-15dns-forwarding: T2298: remove wrongly added numberChristian Poessinger
Commit 16b2fc8 ("dns-forwarding: T2298: fix path to control file") added a wrong prefix to the line before executing 'systemctl restart snmpd.service'.
2020-04-15dns-forwarding: T2298: fix path to control fileChristian Poessinger
After migrating PowerDNS to systemd and also its configuration files to a volatile directory in commit 77d725f ("dns-forwarding: T2185: move configuration files to volatile /run directory") the path for the control file has not been altered and pushed to the client rec_control binary"
2020-04-15openvpn: T2335: allow disabling client-ip-poolJernej Jakob
2020-04-15Merge pull request #346 from thomas-mangin/T31-vrf-existsChristian Poessinger
tunnel: T31: check that the assigned VRF exists
2020-04-15openvpn: T2293: fix UnboundLocalError if server subnet is unsetJernej Jakob
2nd part of this fix, first commit 9b6a369 didn't fix it.
2020-04-15tunnel: T31: check that the assigned VRF existsThomas Mangin
2020-04-14openvpn: T2293: fix UnboundLocalError if server subnet is unsetJernej Jakob
Commit bb36bde introduced a bug when server subnet is unset, this fixes it.
2020-04-14vrrp: T2223: move VRRP within ifconfigThomas Mangin
Tidied up the code and moved it under VRRP in view to use with show-interface (which has VRRP filtering) No change in functionality
2020-04-13service https: T1585: call to sudo can be omittedChristian Poessinger
2020-04-13service https: T1585: bugfix typo in systemd nameChristian Poessinger
2020-04-13syslog: T2185: explicitly specify systemd serviceChristian Poessinger