Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-03-01 | syslog: T2086: move sudo session open/close log entries to auth.log | Christian Poessinger | |
2020-02-27 | Merge pull request #227 from thomas-mangin/T2057 | Christian Poessinger | |
ifconfig: T2057: generalised Interface configuration | |||
2020-02-27 | openvpn: T2075: add support for OpenVPN tls-crypt file option | Christian Poessinger | |
Encrypt and authenticate all control channel packets with the key from keyfile. Encrypting (and authenticating) control channel packets: * provides more privacy by hiding the certificate used for the TLS connection * makes it harder to identify OpenVPN traffic as such * provides "poor-man's" post-quantum security, against attackers who will never know the pre-shared key (i.e. no forward secrecy) | |||
2020-02-27 | login: T2050: retrieve home directory for SSH keys from OS and not guess it | Christian Poessinger | |
We should not rely on the home dir value stored in user['home_dir'] as if a crazy user will choose username root or any other system user this will fail. Should be deny using root at all? | |||
2020-02-25 | [service https] T1443: set default HTTPS listen port | John Estabrook | |
2020-02-25 | login: T1948: migrade local and radius configurations | Christian Poessinger | |
Splitting was not a good idea. By combining both we can create a RADIUS server XML include file which can be reused by multiple implementations to get a uniformed CLI for the users. | |||
2020-02-25 | login: radius: T2071: support disabling individual server | Christian Poessinger | |
2020-02-25 | pppoe: T2055: verify logfile really exists | Christian Poessinger | |
2020-02-25 | Merge branch 'pppoe-t2070' of github.com:c-po/vyos-1x into current | Christian Poessinger | |
* 'pppoe-t2070' of github.com:c-po/vyos-1x: pppoe: T2070: rewrite (dis-)connect op-mode commands in XML and Python gitignore: fix ignore pattern of all debhelper files pppoe: T2055: make logfile owned by root/vyattacfg pppoe: T1318: validate existing source-interface | |||
2020-02-25 | pppoe: T2070: rewrite (dis-)connect op-mode commands in XML and Python | Christian Poessinger | |
2020-02-25 | pppoe: T2055: make logfile owned by root/vyattacfg | Christian Poessinger | |
2020-02-25 | pppoe: T1318: validate existing source-interface | Christian Poessinger | |
It is not only sufficient to check if there is a source-interface configured, but rather it must also be checked if the source-interface exists at all in the system. If the interface does not exist pppd will complain with: pppd[2778]: /usr/sbin/pppd: In file /etc/ppp/peers/pppoe1: unrecognized option 'eth0.202' | |||
2020-02-24 | ifconfig: T2057: generalised Interface configuration | Thomas Mangin | |
Provides a way to pass options to interface consistent between subclasses of Interface | |||
2020-02-24 | pppoe-client: T2069: Use rp_pppoe_service for send correct service-name | DmitriyEshenko | |
2020-02-23 | service-pppoe: T2067: Allow setting multiple service-names | hagbard | |
2020-02-23 | openvpn: T2065: move daemon parameter to start-stop-daemon command-line | Christian Poessinger | |
2020-02-23 | pppoe: T1318: set interface description | Christian Poessinger | |
2020-02-23 | pppoe: T2055: do not try to start a deleted dialer interface | Christian Poessinger | |
2020-02-23 | pppoe: T1318: declutter name-server CLI nodes | Christian Poessinger | |
Instead of letting the user choose between auto and none where auto is default, it makes more sesne to just offer an option to disable the default behavior. | |||
2020-02-23 | pppoe: T2055: remove router-advert node in client interface | Christian Poessinger | |
2020-02-23 | pppoe: T1318: migrate user-id and password nodes under an authentication node | Christian Poessinger | |
2020-02-23 | pppoe: T1318: rename link to source-interface | Christian Poessinger | |
2020-02-23 | pppoe: T1318: extend migrator for firewall, qos and ip routing nodes | Christian Poessinger | |
2020-02-23 | pppoe: T1318: proper delete old interfaces in migrator | Christian Poessinger | |
2020-02-23 | pppoe: T1318: fix migrator and add missing link statement | Christian Poessinger | |
2020-02-23 | pppoe: T1318: use lists rather then strings on Config() | Christian Poessinger | |
2020-02-23 | pppoe: T1318: support interface description | Christian Poessinger | |
2020-02-23 | pppoe: T1318: remove obsolete ipv6-up.d script | Christian Poessinger | |
The generated script was not called at all. Verified in vyOS 1.2.3 and rolling. Looks like a leftover from the past. If this functionality is required - it should be re-implemented the proper way! | |||
2020-02-23 | pppoe: T1318: add op-mode commands for link information | Christian Poessinger | |
2020-02-23 | pppoe: T1318: use systemd to manage connection | Christian Poessinger | |
This reduces the amount of self written code to start-stop-daemon and also kill the process if it has no connection yet (there won't be a PID file in this case) and getting the proper PID for multiple processes would require me to walk the /proc/<pid>/cmdline for every binary involved. | |||
2020-02-23 | pppoe: T1318: remove process startup debug output | Christian Poessinger | |
We no longer need to see the command which is used to spawn up PPPd and dial the connection. | |||
2020-02-23 | pppoe: T1318: move process startup to apply() | Christian Poessinger | |
2020-02-23 | pppoe: T1318: "link" option is mandatory | Christian Poessinger | |
2020-02-23 | pppoe: T1318: add first version of new XML/Python implementation | Christian Poessinger | |
vyos@vyos# show interfaces pppoe pppoe pppoe0 { default-route force link eth2.7 mtu 400 name-server auto password 12345678 user-id vyos@vyos.io } | |||
2020-02-21 | [service https] T1443: bug: set HTTPS listen port for listen-address '*' | John Estabrook | |
2020-02-19 | snmp: T1769: fix indentation error and add try clause | John Estabrook | |
2020-02-18 | snmp: T1769: cleanup leftove code path for certificate migration | Christian Poessinger | |
2020-02-18 | snmp: T2042: remove superfluous sudo calls | Christian Poessinger | |
2020-02-18 | snmp: T2042: import statement cleanup | Christian Poessinger | |
2020-02-17 | wireless: T2048: fix wrong verify() logic when type is monitor | Christian Poessinger | |
2020-02-16 | ddclient: proper use conf.set_level() to reduce boiler plate code | Christian Poessinger | |
2020-02-16 | ddclient: change file permission on generated config | Christian Poessinger | |
ddclient complains when the file permission is not user = rw. | |||
2020-02-16 | bond: T2030: fix incorrect delta calculation on member interfaces | Christian Poessinger | |
THe delta check/calculation always returned False on system startup leading to a non functioning bond interface after a reboot as no physical interface actually enslaved. This was fixed by not calculating the current enslaved interfaces from the existing config but rather retrieving the interfaces from sysfs. | |||
2020-02-15 | bond: T2041: add missing consitency check on member interface existence | Christian Poessinger | |
2020-02-15 | snmp: T2042: stricter validation when deleting SNMP in combination with LLDP | Christian Poessinger | |
A consistency check was missing to prevent deleting the SNMP configuration but still setting "service lldp snmp enable". | |||
2020-02-14 | http api: T2040: reload Config in route definition | John Estabrook | |
2020-02-13 | systemd: T2033: add overrides for keepalived | Christian Poessinger | |
Without this override the keepalived stop transaction script won't work as systemd will just wipe the process. | |||
2020-02-13 | Merge pull request #218 from zdc/T1987 | Christian Poessinger | |
dhclient-script: T1987: Multiple fixes in dhclient-script | |||
2020-02-13 | macvlan: T1635: migrate pseudo-ethernet interface definition to XML/Python | Christian Poessinger | |
2020-02-13 | ddclient: T1908: CloudFlares zone option can now also be specified manually | Christian Poessinger | |
If there is no zone option given it will be "guessed" as in the past. This means (hostname -> resulting zone entry) domain.com -> com foo.domain.com -> domain.com bar.foo.domain.com -> foo.domain.com I have zero experience in the CloudFlare zone option what it is and what it does. SO maybe we still have a chance to auto render this setting. |