VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=vyos%2F1.4dev1 2023-05-12T19:06:56+00:00 2023-05-12T19:06:56+00:00 Christian Breunig christian@breunig.cc 2023-05-12T19:03:03+00:00 urn:sha1:d1abba03229128c3f2a6f718e9f14f4d7285e74d When enabling identity-based-config, users can add arbitrary config keys that are processed by ocserv. The user "must know" what he is been doing, as invalid config option will make the ocserv daemon go ... whoop! Thus add a warning and inform the user about this setting. 2023-05-12T18:14:56+00:00 Christian Breunig christian@breunig.cc 2023-05-12T18:14:56+00:00 urn:sha1:c60e9c932cab24bcc324f45752f0528332cc69a4 ocserv: T3896: add CLI options to configure ocserv config-per-user/group 2023-04-20T07:10:27+00:00 Jamie Austin jamiea@opusv.com.au 2023-04-20T07:07:53+00:00 urn:sha1:93de3abe1368cab5ab8cd292689466d7af8e86bc Changes the node name from config-per-x to identity-based-config, as a result the j2 templates and vpn_openeconnect.py has been refactored to update the node name when accessing it's child nodes. 2023-01-28T04:11:07+00:00 Jamie Austin jamieaustinprogramming@gmail.com 2023-01-27T14:13:25+00:00 urn:sha1:9db8c197ab170d18a93d70fca4227e802a7154c1 2023-01-28T04:11:07+00:00 Jamie Austin jamiea@opusv.com.au 2023-01-27T06:32:29+00:00 urn:sha1:e61f7abdb2136d8dfbf73729dbc14c3b5ab2ecba Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode 2023-01-26T05:34:36+00:00 Jamie Austin jamiea@opusv.com.au 2023-01-26T05:34:36+00:00 urn:sha1:70794c8266ffefc6660daac3bc8a63b412d7b350 Adds CLI configurations under VPN - OpenConnect to facilitate per user/group vpn session configurations. Validation has been added to restrict config-per-group to be exclusive to OpenConnect RADIUS authentication as the config file is looked up based on a RADIUS response attribute - as well as sanity check that the necessary configs are configured when not disabled. 2022-09-16T07:23:52+00:00 Demon_H b@doubi.fun 2022-09-16T07:23:52+00:00 urn:sha1:ecb2a4077f90e6e4699c8250bcf8f7d6221d9fc6 This will set the listen-host ocserv configuration option. 2022-08-25T01:36:32+00:00 RageLtMan rageltman [at] sempervictus 2022-08-25T01:36:32+00:00 urn:sha1:e5785ff748f93b66879d8bd0393c208c6df574a9 2022-08-18T22:57:19+00:00 RageLtMan rageltman [at] sempervictus 2022-08-18T22:57:19+00:00 urn:sha1:4a5e4cfd6c11a6eed3252744ec45638249d6d2b1 Address @sever-sever's suggestion to refactor how groupconfig is defined, parsed, and set (with his proposed conditional string appending Py-sugar). Use the disable-mobike refactor as template for XML simplification. Testing: None yet 2022-08-18T13:58:59+00:00 RageLtMan rageltman [at] sempervictus 2022-08-18T01:03:50+00:00 urn:sha1:0b3bfe97b617b08ab9fd6682a0875c75c8a7bc5c Enterprise RADIUS configurations often utilize group selectors for authentication and attribute distribution for connecting clients. Ocserv implements this functionality via the `select-group` config file attribute, repeating for multiple groups. When a user selects their membership group and the request is passed to the RADIUS server, ocserv will match the returned Class attribute against the value selected by the user. This functionality also works for local group membership resolution, although VyOS currently doesn't have group membership configuration for this. Expose the tunnel-all-dns option in the ocserv config file allowing users who deploy default routes to select split-dns and those who do not to enable full DNS tunneling. Testing: Smoketests & build Configured groups in openconnect profile and verified existence in /run/ocserv/ocserv.conf Configured forced dns tunneling and verified presence of setting in /run/ocserv/ocserv.conf