summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-05-25Merge pull request #429 from thomas-mangin/T2226-vpnJohn Estabrook
vpn: T2226: missed command for show vpn remote-access
2020-05-25vpn: T2226: missed command for show vpn remote-accessThomas Mangin
2020-05-24Merge pull request #426 from njh/pppoe-help-fixDaniil Baturin
Corrected help text for pppoe statistics command
2020-05-24Corrected help text for pppoe statistics commandNicholas Humfrey
2020-05-24fromdos: fix wrong line encodingChristian Poessinger
2020-05-23ping: T2457: bugfix when argument is IPv6 addressChristian Poessinger
2020-05-23ping: T2457: migrate from vyatta-opChristian Poessinger
2020-05-22migration: T2496: default to new syntax of version string on saveJohn Estabrook
2020-05-22login: T2492: must use try/except when adding user for the first timeChristian Poessinger
2020-05-22Merge branch 'nat-integration' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'nat-integration' of github.com:c-po/vyos-1x: nat: T2460: fix KeyError: 'sport' nat: T2460: migrate to new Python implementation nat: T2460: add src/op_mode/show_nat_translations.py
2020-05-22nat: T2460: fix KeyError: 'sport'Christian Poessinger
2020-05-22login: T2492: re-use code from vyos.utilChristian Poessinger
2020-05-22login: T2492: force setting of encrypted password on first bootChristian Poessinger
2020-05-22nat: T2460: migrate to new Python implementationChristian Poessinger
2020-05-22Merge branch 'T2460' of https://github.com/thomas-mangin/vyos-1x into ↵Christian Poessinger
nat-integration * 'T2460' of https://github.com/thomas-mangin/vyos-1x: nat: T2460: add src/op_mode/show_nat_translations.py
2020-05-22login: T2492: fix flake8 warningsChristian Poessinger
2020-05-22login: T2492: do not set encrypted user password when it is not changedChristian Poessinger
2020-05-22pppoe: T2488: bugfix, missing not in if condition prevented startupChristian Poessinger
Commit 39c53aadbf9e ("pppoe: T2488: remove logfile generation") accidently missed a not in an if statement.
2020-05-22pppoe: T2380: drop superfluous list_pppoe_peers.shChristian Poessinger
2020-05-22macsec: T2491: add replay window protectionChristian Poessinger
2020-05-22macsec: T2023: only render mka in template if encrypt enabledChristian Poessinger
2020-05-22macsec: T2023: flake8/autopep8 correctionsChristian Poessinger
2020-05-22macsec: T2023: fix wrong use or f-format stringChristian Poessinger
2020-05-22macsec: T2023: remove unused importChristian Poessinger
2020-05-21nat: T2460: add src/op_mode/show_nat_translations.pyThomas Mangin
2020-05-21macsec: T2023: add valueHelp for MKA keysChristian Poessinger
2020-05-21pppoe: T2380: fix NameError: name 'intf' is not definedChristian Poessinger
2020-05-21pppoe: T2380: dis-/connect should use proper systemd callsChristian Poessinger
2020-05-21pppoe: T2488: remove logfile generationChristian Poessinger
2020-05-21pppoe: wwan: T2488: drop individual ppp logsChristian Poessinger
2020-05-21wireless: T1627: remove get_conf_file()Christian Poessinger
2020-05-21macsec: T2023: delete wpa_supplicant config when interface is removedChristian Poessinger
2020-05-21macsec: T2023: stop wpa_supplicant on interface deletionChristian Poessinger
2020-05-21Merge branch 'macsec-t2023' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'macsec-t2023' of github.com:c-po/vyos-1x: macsec: T2023: cleanup wpa_supplicant config file name macsec: T2023: improve verify() when encryption is enabled macsec: T2023: support MACsec Key Agreement protocol actor priority macsec: T2023: rename "security key" node to "security mka" macsec: T2023: use wpa_supplicant for key management macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node macsec: T2023: extend key generator for CAK and CKN in operation mode macsec: T2023: remove gcm-aes-256 cipher type macsec: T2023: cipher suite is mandatory macsec: T2023: use list when working with Config() macsec: T2023: add 'show interfaces macsec' op-mode tree macsec: T2023: add optional encryption command macsec: T2023: generate secure channel keys in operation mode macsec: T2023: add initial XML and Python interfaces ifconfig: T2023: add initial MACsec abstraction interface: T2023: adopt _delete() to common style interface: T2023: remove superfluous at end of list macvlan: T2023: prepare common source interface include file
2020-05-21macsec: T2023: cleanup wpa_supplicant config file nameChristian Poessinger
2020-05-21macsec: T2023: improve verify() when encryption is enabledChristian Poessinger
With enabled encryption keys must be configured.
2020-05-21macsec: T2023: support MACsec Key Agreement protocol actor priorityChristian Poessinger
2020-05-21macsec: T2023: rename "security key" node to "security mka"Christian Poessinger
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that.
2020-05-21macsec: T2023: use wpa_supplicant for key managementChristian Poessinger
2020-05-21macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" nodeChristian Poessinger
This is best suited as a key is required, too.
2020-05-21macsec: T2023: extend key generator for CAK and CKN in operation modeChristian Poessinger
CAK - Connectivity Association Key CKN - Connectivity Association Name
2020-05-21macsec: T2023: remove gcm-aes-256 cipher typeChristian Poessinger
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2.
2020-05-21macsec: T2023: cipher suite is mandatoryChristian Poessinger
2020-05-21macsec: T2023: use list when working with Config()Christian Poessinger
2020-05-21macsec: T2023: add 'show interfaces macsec' op-mode treeChristian Poessinger
vyos@vyos# run show interfaces macsec 13: macsec1: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bf19260001 on SA 0 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0 vyos@vyos# run show interfaces macsec macsec2 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0
2020-05-21macsec: T2023: add optional encryption commandChristian Poessinger
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt
2020-05-21macsec: T2023: generate secure channel keys in operation modeChristian Poessinger
2020-05-21macsec: T2023: add initial XML and Python interfacesChristian Poessinger
2020-05-21ifconfig: T2023: add initial MACsec abstractionChristian Poessinger