Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-05-29 | airbag: T2088: explicit enabling of the feature | Thomas Mangin | |
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing) | |||
2020-05-25 | Merge pull request #429 from thomas-mangin/T2226-vpn | John Estabrook | |
vpn: T2226: missed command for show vpn remote-access | |||
2020-05-25 | vpn: T2226: missed command for show vpn remote-access | Thomas Mangin | |
2020-05-24 | Merge pull request #426 from njh/pppoe-help-fix | Daniil Baturin | |
Corrected help text for pppoe statistics command | |||
2020-05-24 | Corrected help text for pppoe statistics command | Nicholas Humfrey | |
2020-05-24 | fromdos: fix wrong line encoding | Christian Poessinger | |
2020-05-23 | ping: T2457: bugfix when argument is IPv6 address | Christian Poessinger | |
2020-05-23 | ping: T2457: migrate from vyatta-op | Christian Poessinger | |
2020-05-22 | migration: T2496: default to new syntax of version string on save | John Estabrook | |
2020-05-22 | login: T2492: must use try/except when adding user for the first time | Christian Poessinger | |
2020-05-22 | Merge branch 'nat-integration' of github.com:c-po/vyos-1x into current | Christian Poessinger | |
* 'nat-integration' of github.com:c-po/vyos-1x: nat: T2460: fix KeyError: 'sport' nat: T2460: migrate to new Python implementation nat: T2460: add src/op_mode/show_nat_translations.py | |||
2020-05-22 | nat: T2460: fix KeyError: 'sport' | Christian Poessinger | |
2020-05-22 | login: T2492: re-use code from vyos.util | Christian Poessinger | |
2020-05-22 | login: T2492: force setting of encrypted password on first boot | Christian Poessinger | |
2020-05-22 | nat: T2460: migrate to new Python implementation | Christian Poessinger | |
2020-05-22 | Merge branch 'T2460' of https://github.com/thomas-mangin/vyos-1x into ↵ | Christian Poessinger | |
nat-integration * 'T2460' of https://github.com/thomas-mangin/vyos-1x: nat: T2460: add src/op_mode/show_nat_translations.py | |||
2020-05-22 | login: T2492: fix flake8 warnings | Christian Poessinger | |
2020-05-22 | login: T2492: do not set encrypted user password when it is not changed | Christian Poessinger | |
2020-05-22 | pppoe: T2488: bugfix, missing not in if condition prevented startup | Christian Poessinger | |
Commit 39c53aadbf9e ("pppoe: T2488: remove logfile generation") accidently missed a not in an if statement. | |||
2020-05-22 | pppoe: T2380: drop superfluous list_pppoe_peers.sh | Christian Poessinger | |
2020-05-22 | macsec: T2491: add replay window protection | Christian Poessinger | |
2020-05-22 | macsec: T2023: only render mka in template if encrypt enabled | Christian Poessinger | |
2020-05-22 | macsec: T2023: flake8/autopep8 corrections | Christian Poessinger | |
2020-05-22 | macsec: T2023: fix wrong use or f-format string | Christian Poessinger | |
2020-05-22 | macsec: T2023: remove unused import | Christian Poessinger | |
2020-05-21 | nat: T2460: add src/op_mode/show_nat_translations.py | Thomas Mangin | |
2020-05-21 | macsec: T2023: add valueHelp for MKA keys | Christian Poessinger | |
2020-05-21 | pppoe: T2380: fix NameError: name 'intf' is not defined | Christian Poessinger | |
2020-05-21 | pppoe: T2380: dis-/connect should use proper systemd calls | Christian Poessinger | |
2020-05-21 | pppoe: T2488: remove logfile generation | Christian Poessinger | |
2020-05-21 | pppoe: wwan: T2488: drop individual ppp logs | Christian Poessinger | |
2020-05-21 | wireless: T1627: remove get_conf_file() | Christian Poessinger | |
2020-05-21 | macsec: T2023: delete wpa_supplicant config when interface is removed | Christian Poessinger | |
2020-05-21 | macsec: T2023: stop wpa_supplicant on interface deletion | Christian Poessinger | |
2020-05-21 | Merge branch 'macsec-t2023' of github.com:c-po/vyos-1x into current | Christian Poessinger | |
* 'macsec-t2023' of github.com:c-po/vyos-1x: macsec: T2023: cleanup wpa_supplicant config file name macsec: T2023: improve verify() when encryption is enabled macsec: T2023: support MACsec Key Agreement protocol actor priority macsec: T2023: rename "security key" node to "security mka" macsec: T2023: use wpa_supplicant for key management macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node macsec: T2023: extend key generator for CAK and CKN in operation mode macsec: T2023: remove gcm-aes-256 cipher type macsec: T2023: cipher suite is mandatory macsec: T2023: use list when working with Config() macsec: T2023: add 'show interfaces macsec' op-mode tree macsec: T2023: add optional encryption command macsec: T2023: generate secure channel keys in operation mode macsec: T2023: add initial XML and Python interfaces ifconfig: T2023: add initial MACsec abstraction interface: T2023: adopt _delete() to common style interface: T2023: remove superfluous at end of list macvlan: T2023: prepare common source interface include file | |||
2020-05-21 | macsec: T2023: cleanup wpa_supplicant config file name | Christian Poessinger | |
2020-05-21 | macsec: T2023: improve verify() when encryption is enabled | Christian Poessinger | |
With enabled encryption keys must be configured. | |||
2020-05-21 | macsec: T2023: support MACsec Key Agreement protocol actor priority | Christian Poessinger | |
2020-05-21 | macsec: T2023: rename "security key" node to "security mka" | Christian Poessinger | |
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that. | |||
2020-05-21 | macsec: T2023: use wpa_supplicant for key management | Christian Poessinger | |
2020-05-21 | macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node | Christian Poessinger | |
This is best suited as a key is required, too. | |||
2020-05-21 | macsec: T2023: extend key generator for CAK and CKN in operation mode | Christian Poessinger | |
CAK - Connectivity Association Key CKN - Connectivity Association Name | |||
2020-05-21 | macsec: T2023: remove gcm-aes-256 cipher type | Christian Poessinger | |
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2. | |||
2020-05-21 | macsec: T2023: cipher suite is mandatory | Christian Poessinger | |
2020-05-21 | macsec: T2023: use list when working with Config() | Christian Poessinger | |
2020-05-21 | macsec: T2023: add 'show interfaces macsec' op-mode tree | Christian Poessinger | |
vyos@vyos# run show interfaces macsec 13: macsec1: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bf19260001 on SA 0 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0 vyos@vyos# run show interfaces macsec macsec2 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0 | |||
2020-05-21 | macsec: T2023: add optional encryption command | Christian Poessinger | |
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt | |||
2020-05-21 | macsec: T2023: generate secure channel keys in operation mode | Christian Poessinger | |
2020-05-21 | macsec: T2023: add initial XML and Python interfaces | Christian Poessinger | |
2020-05-21 | ifconfig: T2023: add initial MACsec abstraction | Christian Poessinger | |