VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=c-po-patch-1 2022-10-31T14:10:39+00:00 2022-10-31T14:10:39+00:00 Christian Poessinger christian@poessinger.com 2022-10-31T14:09:58+00:00 urn:sha1:22c3dcbb01d731f0dab0ffefa2e5a0be7009baf1 This enabled users to also use 2FA/MFA authentication with a radius backend as there is enough time to enter the second factor. 2022-05-01T17:44:52+00:00 Christian Poessinger christian@poessinger.com 2022-05-01T17:44:52+00:00 urn:sha1:49b1afc25b73d9c5daae1c76edb88aab42afa83e 2022-04-13T20:51:42+00:00 Christian Poessinger christian@poessinger.com 2022-04-13T20:51:42+00:00 urn:sha1:e8a637eec0cc398f78a877ece6b9c7cdca418970 2021-07-24T22:15:08+00:00 Christian Poessinger christian@poessinger.com 2021-07-24T22:13:32+00:00 urn:sha1:794fa2206659457ba45c6f476ba8b162460cdaad set vpn ipsec remote-access connection rw authentication client-mode 'eap-radius' set vpn ipsec remote-access connection rw authentication id '192.0.2.1' set vpn ipsec remote-access connection rw authentication server-mode 'x509' set vpn ipsec remote-access connection rw authentication x509 ca-certificate 'CAcert_Class_3_Root' set vpn ipsec remote-access connection rw authentication x509 certificate 'vyos' set vpn ipsec remote-access connection rw esp-group 'ESP-RW' set vpn ipsec remote-access connection rw ike-group 'IKE-RW' set vpn ipsec remote-access connection rw local-address '192.0.2.1' set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4' set vpn ipsec remote-access connection rw unique 'never' set vpn ipsec remote-access pool ra-rw-ipv4 name-server '192.0.2.2' set vpn ipsec remote-access pool ra-rw-ipv4 prefix '192.168.22.0/24' set vpn ipsec remote-access radius nas-identifier 'fooo' set vpn ipsec remote-access radius server 172.16.100.10 key 'secret' 2021-07-24T22:15:08+00:00 Christian Poessinger christian@poessinger.com 2021-07-24T21:04:25+00:00 urn:sha1:861945045ca04b21e27ad31513b2ff929349ee2e As this is only related to remote-access, keeping it under "options" simply feels wrong. 2021-07-19T17:01:43+00:00 Christian Poessinger christian@poessinger.com 2021-07-19T17:01:43+00:00 urn:sha1:9556d78b1d54c7320a0154990c61d23c6197c38f Remote access IP pools can now be defined at a global level and referenced in IPSec remote-access connections. To defined a pool use: set vpn ipsec remote-access pool global-ipv4 name-server '172.16.1.1' set vpn ipsec remote-access pool global-ipv4 prefix '192.168.0.0/24' set vpn ipsec remote-access pool global-ipv6 name-server '2001:db8::1' set vpn ipsec remote-access pool global-ipv6 prefix '2001:db8:1000::/64' A connection can then reference the pool: set vpn ipsec remote-access connection foo pool 'global-ipv4' set vpn ipsec remote-access connection foo pool 'global-ipv6' 2021-07-05T20:01:10+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2021-07-05T14:22:54+00:00 urn:sha1:0b93fce06526a2826c19adcbb25874e51cccf68e - Adds client/server authentication methods. - Adds basic verification to remote-access. - Adds DHCP pool and options to remote-access. - Cleanup unused PKI files.