Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-05-22 | migration: T2496: default to new syntax of version string on save | John Estabrook | |
2020-05-22 | login: T2492: must use try/except when adding user for the first time | Christian Poessinger | |
2020-05-22 | Merge branch 'nat-integration' of github.com:c-po/vyos-1x into current | Christian Poessinger | |
* 'nat-integration' of github.com:c-po/vyos-1x: nat: T2460: fix KeyError: 'sport' nat: T2460: migrate to new Python implementation nat: T2460: add src/op_mode/show_nat_translations.py | |||
2020-05-22 | nat: T2460: fix KeyError: 'sport' | Christian Poessinger | |
2020-05-22 | login: T2492: re-use code from vyos.util | Christian Poessinger | |
2020-05-22 | login: T2492: force setting of encrypted password on first boot | Christian Poessinger | |
2020-05-22 | nat: T2460: migrate to new Python implementation | Christian Poessinger | |
2020-05-22 | Merge branch 'T2460' of https://github.com/thomas-mangin/vyos-1x into ↵ | Christian Poessinger | |
nat-integration * 'T2460' of https://github.com/thomas-mangin/vyos-1x: nat: T2460: add src/op_mode/show_nat_translations.py | |||
2020-05-22 | login: T2492: fix flake8 warnings | Christian Poessinger | |
2020-05-22 | login: T2492: do not set encrypted user password when it is not changed | Christian Poessinger | |
2020-05-22 | pppoe: T2488: bugfix, missing not in if condition prevented startup | Christian Poessinger | |
Commit 39c53aadbf9e ("pppoe: T2488: remove logfile generation") accidently missed a not in an if statement. | |||
2020-05-22 | pppoe: T2380: drop superfluous list_pppoe_peers.sh | Christian Poessinger | |
2020-05-22 | macsec: T2491: add replay window protection | Christian Poessinger | |
2020-05-22 | macsec: T2023: only render mka in template if encrypt enabled | Christian Poessinger | |
2020-05-22 | macsec: T2023: flake8/autopep8 corrections | Christian Poessinger | |
2020-05-22 | macsec: T2023: fix wrong use or f-format string | Christian Poessinger | |
2020-05-22 | macsec: T2023: remove unused import | Christian Poessinger | |
2020-05-21 | nat: T2460: add src/op_mode/show_nat_translations.py | Thomas Mangin | |
2020-05-21 | macsec: T2023: add valueHelp for MKA keys | Christian Poessinger | |
2020-05-21 | pppoe: T2380: fix NameError: name 'intf' is not defined | Christian Poessinger | |
2020-05-21 | pppoe: T2380: dis-/connect should use proper systemd calls | Christian Poessinger | |
2020-05-21 | pppoe: T2488: remove logfile generation | Christian Poessinger | |
2020-05-21 | pppoe: wwan: T2488: drop individual ppp logs | Christian Poessinger | |
2020-05-21 | wireless: T1627: remove get_conf_file() | Christian Poessinger | |
2020-05-21 | macsec: T2023: delete wpa_supplicant config when interface is removed | Christian Poessinger | |
2020-05-21 | macsec: T2023: stop wpa_supplicant on interface deletion | Christian Poessinger | |
2020-05-21 | Merge branch 'macsec-t2023' of github.com:c-po/vyos-1x into current | Christian Poessinger | |
* 'macsec-t2023' of github.com:c-po/vyos-1x: macsec: T2023: cleanup wpa_supplicant config file name macsec: T2023: improve verify() when encryption is enabled macsec: T2023: support MACsec Key Agreement protocol actor priority macsec: T2023: rename "security key" node to "security mka" macsec: T2023: use wpa_supplicant for key management macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node macsec: T2023: extend key generator for CAK and CKN in operation mode macsec: T2023: remove gcm-aes-256 cipher type macsec: T2023: cipher suite is mandatory macsec: T2023: use list when working with Config() macsec: T2023: add 'show interfaces macsec' op-mode tree macsec: T2023: add optional encryption command macsec: T2023: generate secure channel keys in operation mode macsec: T2023: add initial XML and Python interfaces ifconfig: T2023: add initial MACsec abstraction interface: T2023: adopt _delete() to common style interface: T2023: remove superfluous at end of list macvlan: T2023: prepare common source interface include file | |||
2020-05-21 | macsec: T2023: cleanup wpa_supplicant config file name | Christian Poessinger | |
2020-05-21 | macsec: T2023: improve verify() when encryption is enabled | Christian Poessinger | |
With enabled encryption keys must be configured. | |||
2020-05-21 | macsec: T2023: support MACsec Key Agreement protocol actor priority | Christian Poessinger | |
2020-05-21 | macsec: T2023: rename "security key" node to "security mka" | Christian Poessinger | |
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that. | |||
2020-05-21 | macsec: T2023: use wpa_supplicant for key management | Christian Poessinger | |
2020-05-21 | macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node | Christian Poessinger | |
This is best suited as a key is required, too. | |||
2020-05-21 | macsec: T2023: extend key generator for CAK and CKN in operation mode | Christian Poessinger | |
CAK - Connectivity Association Key CKN - Connectivity Association Name | |||
2020-05-21 | macsec: T2023: remove gcm-aes-256 cipher type | Christian Poessinger | |
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2. | |||
2020-05-21 | macsec: T2023: cipher suite is mandatory | Christian Poessinger | |
2020-05-21 | macsec: T2023: use list when working with Config() | Christian Poessinger | |
2020-05-21 | macsec: T2023: add 'show interfaces macsec' op-mode tree | Christian Poessinger | |
vyos@vyos# run show interfaces macsec 13: macsec1: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bf19260001 on SA 0 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0 vyos@vyos# run show interfaces macsec macsec2 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0 | |||
2020-05-21 | macsec: T2023: add optional encryption command | Christian Poessinger | |
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt | |||
2020-05-21 | macsec: T2023: generate secure channel keys in operation mode | Christian Poessinger | |
2020-05-21 | macsec: T2023: add initial XML and Python interfaces | Christian Poessinger | |
2020-05-21 | ifconfig: T2023: add initial MACsec abstraction | Christian Poessinger | |
2020-05-20 | interface: T2023: adopt _delete() to common style | Christian Poessinger | |
2020-05-20 | interface: T2023: remove superfluous at end of list | Christian Poessinger | |
2020-05-20 | macvlan: T2023: prepare common source interface include file | Christian Poessinger | |
2020-05-20 | Merge pull request #417 from thomas-mangin/T2467 | Christian Poessinger | |
util: T2467: fix missing import | |||
2020-05-20 | util: T2467: fix missing import | Thomas Mangin | |
2020-05-20 | Merge pull request #416 from kroy-the-rabbit/patch-5 | Daniil Baturin | |
T2465: Permissions on vyos-hostsd socket incorrect | |||
2020-05-20 | Merge pull request #415 from kroy-the-rabbit/revert-413-patch-4 | Daniil Baturin | |
Revert "T2465: vyos-hostsd-client needs sudo" | |||
2020-05-19 | T2465: Permissions on vyos-hostsd socket incorrect | kroy-the-rabbit | |
The DHCP server is unable to apply entries to the hosts file because the permissions on the socket are getting created wrong. ``` $ ls -al /run/vyos-hostsd.sock srwxrwxrwx 1 root vyattacfg 0 May 20 01:38 /run/vyos-hostsd.sock ``` This gives it the correct permissions so that the nobody/nobody user/group can change it. |