Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-07-03 | ipsec: T2816: rework IKE and ESP key assignment | Christian Poessinger | |
Commit 2d79a500 ("ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string") added a Jinja2 helper function which can be used to transform VyOS CLI ESP and IKE key proposals into a strongSwan compatible string cipher. This commit changes the IPSec implementation to make use of this new Jinja2 filter fubction/Python helper. This is required base work for better automated tests (smoketests) but also for an IKEv2 road-warrior setup. | |||
2021-07-03 | ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string | Christian Poessinger | |
2021-07-02 | ipsec: T2816: adjust Jinja2 template to coding style | Christian Poessinger | |
* use indent = 2 * prefer 'if foo.bar is defined' over 'if "bar" in foo' | |||
2021-07-02 | xml: provide building block for a generic description node | Christian Poessinger | |
2021-07-02 | conntrack: T3535: add support for multiple failsave links | Christian Poessinger | |
2021-07-02 | conntrack: T3660: make peer port configurable | Christian Poessinger | |
2021-07-02 | conntrack: T3535: add missing valueHelp/constraint for peer CLI node | Christian Poessinger | |
2021-07-02 | smoketest: ipam: add site2site x509 auth testcase | Christian Poessinger | |
2021-07-02 | smoketest: ipsec: place peer local-address into variable | Christian Poessinger | |
2021-07-02 | smoketest: ipsec: IKE and ESP settings can be done one time in setUp() | Christian Poessinger | |
2021-07-02 | Merge pull request #903 from sarthurdev/T3659_T3656 | Christian Poessinger | |
ipsec: T3656: T3659: Fix passthrough with ipv6. Fix op-mode ipsec commands. Remove python3-crypto dependency. | |||
2021-07-02 | ipsec: T3656: T3659: Fix pass-through with ipv6. Fix op-mode ipsec commands. ↵ | sarthurdev | |
Remove python3-crypto dependency. | |||
2021-07-01 | vyos.util: remove no longer needed copy_file helper method | Christian Poessinger | |
The IPSec ceritifcate handling is now done by storing the CA key inside the running configuration. | |||
2021-07-01 | Merge branch 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x into pki-cli | Christian Poessinger | |
* 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x: pki: ipsec: T3642: Update migration script to account for file permission issues pki: ipsec: T3642: Migrate IPSec to use PKI configuration pki: T3642: New PKI config and management | |||
2021-07-01 | ipsec: T3643: bugfix on wrong destination file path for x509 key file | Christian Poessinger | |
Commit a6b526fd982 ("ipsec: T3643: us vyos.util.copy_file() over raw UNIX cp command") used a new helper to copy the x509 certificate files, but it also added a bug where the certificate key file was copied to the wrong location. This has been fixed and the corect path is used again. | |||
2021-07-01 | vyos.util: fix IsADirectoryError and SameFileError for copy_file | Christian Poessinger | |
Commit 5303ec39 ("vyos.util: add new helper copy_file()") added a new helper function to copy a file from A -> B and create the destination directory if required. It did also throw an excpetion if the destination file already existed and consisted of the same file - this is now ignored and we always copy the source to the destination. | |||
2021-07-01 | pki: ipsec: T3642: Update migration script to account for file permission issues | sarthurdev | |
2021-06-30 | smoketest: ipsec: add more re-usable variable definitions throughout the test | Christian Poessinger | |
2021-06-30 | Merge pull request #902 from bstepler/T3658 | Christian Poessinger | |
dhcpdv6: T3658: add support for dhcpdv6 fixed-prefix6 | |||
2021-06-30 | dhcpdv6: T3658: add support for dhcpdv6 fixed-prefix6 | Brandon Stepler | |
2021-06-29 | Debian: T3641: remove absolut path to tcpdump which now resides in /usr/bin | Christian Poessinger | |
2021-06-29 | pki: ipsec: T3642: Migrate IPSec to use PKI configuration | sarthurdev | |
2021-06-29 | pppoe-server: T3405: Add interface cache feature | DmitriyEshenko | |
2021-06-29 | smoketest: bgp: T3657: test ipv6 link-local peering | Christian Poessinger | |
2021-06-29 | pki: T3642: New PKI config and management | sarthurdev | |
2021-06-28 | ipsec: T1441: switch from vti to xfrm interfaces | Christian Poessinger | |
XFRM interfaces are similar to VTI devices in their basic functionality but offer several advantages: * No tunnel endpoint addresses have to be configured on the interfaces. Compared to VTIs, which are layer 3 tunnel devices with mandatory endpoints, this resolves issues with wildcard addresses (only one VTI with wildcard endpoints is supported), avoids a 1:1 mapping between SAs and interfaces, and easily allows SAs with multiple peers to share the same interface. * Because there are no endpoint addresses, IPv4 and IPv6 SAs are supported on the same interface (VTI devices only support one address family). * IPsec modes other than tunnel are supported (VTI devices only support tunnel mode). * No awkward configuration via GRE keys and XFRM marks. Instead, a new identifier (XFRM interface ID) links policies and SAs with XFRM interfaces. | |||
2021-06-28 | bgp: T3657: fix remote-as validator for IPv6 link-local peering | Christian Poessinger | |
The "v6only" CLI tree was not taken into account during validation. vyos@vyos:~$ show configuration commands | grep bgp set protocols bgp local-as '200' set protocols bgp neighbor eth0.204 address-family ipv6-unicast set protocols bgp neighbor eth0.204 interface v6only remote-as '100' vyos@vyos:~$ show bgp ipv6 sum IPv6 Unicast Summary: BGP router identifier 172.18.254.201, local AS number 200 vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 21 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt eth0.204 4 100 99 99 0 0 0 01:35:07 0 0 Total number of neighbors 1 | |||
2021-06-27 | op-mode: bond: T2546: implement "show interface bond * slaves" command | Christian Poessinger | |
Add implementation with XML and Python. | |||
2021-06-26 | Debian: disable systemd salt-minion configuration - all handled in vyos-build | Christian Poessinger | |
2021-06-26 | Debian: ensure path for vyos-postconfig-bootup.script exists | Christian Poessinger | |
2021-06-26 | Debian: drop ipsec key removal from postinst script - done on every system boot | Christian Poessinger | |
2021-06-26 | Import vyos-postconfig-bootup.script from vyatta-cfg-system | Christian Poessinger | |
2021-06-26 | Import configuration files from vyatta-cfg-system | Christian Poessinger | |
2021-06-26 | Debian: no need to disable salt-minion in postinst script | Christian Poessinger | |
This is already done in systemd service disable hook from vyos-build. | |||
2021-06-26 | Import sudoers configuration from vyatta-cfg-system | Christian Poessinger | |
2021-06-26 | banner: T2135: adjust to raw strings from vyatta-cfg repo | Christian Poessinger | |
2021-06-26 | nat: T1083: fix Jinja2 templating error | Christian Poessinger | |
Commit 166d44b3 ("nat: T1083: add translation options for persistent/random mapping of address and port") added support for persistent IP address and port mappings for NAT. Unfortunately one if clause got lost in translation. | |||
2021-06-26 | nat: T1083: add translation options for persistent/random mapping of address ↵ | Igor Melnyk | |
and port Tested using: set destination rule 100 inbound-interface 'eth0' set destination rule 100 translation address '19.13.23.42' set destination rule 100 translation options address-mapping 'random' set destination rule 100 translation options port-mapping 'none' set source rule 1000 outbound-interface 'eth0' set source rule 1000 translation address '122.233.231.12' set source rule 1000 translation options address-mapping 'persistent' set source rule 1000 translation options port-mapping 'fully-random' | |||
2021-06-26 | openvpn: T3641: adjust deprecated "openvpn --genkey" command | Christian Poessinger | |
WARNING: Using --genkey --secret filename is DEPRECATED. Use --genkey secret filename instead. | |||
2021-06-26 | ipsec: T3643: us vyos.util.copy_file() over raw UNIX cp command | Christian Poessinger | |
2021-06-26 | vyos.util: add new helper copy_file() | Christian Poessinger | |
Copy a file from A -> B but also support adjusting Bs file permissions and creation of Bs base directory if required. | |||
2021-06-26 | ipsec: T3643: use variable for path names | Christian Poessinger | |
2021-06-26 | Revert "ipsec: T3643: move swanctl.conf to /run" | Christian Poessinger | |
This reverts commit 95bbbb8bed92a60a320ff255c8b8656145f3c540. | |||
2021-06-25 | Merge pull request #899 from jack9603301/T3648 | Christian Poessinger | |
nat: nat66: T3648: Fix script logic errors and missing logic handling | |||
2021-06-26 | nat: nat66: T3648: Fix script logic errors and missing logic handling | jack9603301 | |
2021-06-25 | smoketest: ospf: sometimes the passive-interface-test fails - add debug code | Christian Poessinger | |
2021-06-25 | openvpn: T1704: drop deprecated disable-ncp option | Christian Poessinger | |
2021-06-25 | smoketest: bonding: T3649: fix typo in testcase name | Christian Poessinger | |
2021-06-25 | Merge pull request #898 from DmitriyEshenko/1x25062021 | Christian Poessinger | |
T3649: bonding: Add additional hash policies | |||
2021-06-25 | T3649: bonding: Add additional hash policies | DmitriyEshenko | |