summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-22login: T2492: do not set encrypted user password when it is not changedChristian Poessinger
2020-05-22pppoe: T2488: bugfix, missing not in if condition prevented startupChristian Poessinger
Commit 39c53aadbf9e ("pppoe: T2488: remove logfile generation") accidently missed a not in an if statement.
2020-05-22pppoe: T2380: drop superfluous list_pppoe_peers.shChristian Poessinger
2020-05-22macsec: T2491: add replay window protectionChristian Poessinger
2020-05-22macsec: T2023: only render mka in template if encrypt enabledChristian Poessinger
2020-05-22macsec: T2023: flake8/autopep8 correctionsChristian Poessinger
2020-05-22macsec: T2023: fix wrong use or f-format stringChristian Poessinger
2020-05-22macsec: T2023: remove unused importChristian Poessinger
2020-05-21macsec: T2023: add valueHelp for MKA keysChristian Poessinger
2020-05-21pppoe: T2380: fix NameError: name 'intf' is not definedChristian Poessinger
2020-05-21pppoe: T2380: dis-/connect should use proper systemd callsChristian Poessinger
2020-05-21pppoe: T2488: remove logfile generationChristian Poessinger
2020-05-21pppoe: wwan: T2488: drop individual ppp logsChristian Poessinger
2020-05-21wireless: T1627: remove get_conf_file()Christian Poessinger
2020-05-21macsec: T2023: delete wpa_supplicant config when interface is removedChristian Poessinger
2020-05-21macsec: T2023: stop wpa_supplicant on interface deletionChristian Poessinger
2020-05-21Merge branch 'macsec-t2023' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'macsec-t2023' of github.com:c-po/vyos-1x: macsec: T2023: cleanup wpa_supplicant config file name macsec: T2023: improve verify() when encryption is enabled macsec: T2023: support MACsec Key Agreement protocol actor priority macsec: T2023: rename "security key" node to "security mka" macsec: T2023: use wpa_supplicant for key management macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node macsec: T2023: extend key generator for CAK and CKN in operation mode macsec: T2023: remove gcm-aes-256 cipher type macsec: T2023: cipher suite is mandatory macsec: T2023: use list when working with Config() macsec: T2023: add 'show interfaces macsec' op-mode tree macsec: T2023: add optional encryption command macsec: T2023: generate secure channel keys in operation mode macsec: T2023: add initial XML and Python interfaces ifconfig: T2023: add initial MACsec abstraction interface: T2023: adopt _delete() to common style interface: T2023: remove superfluous at end of list macvlan: T2023: prepare common source interface include file
2020-05-21macsec: T2023: cleanup wpa_supplicant config file nameChristian Poessinger
2020-05-21macsec: T2023: improve verify() when encryption is enabledChristian Poessinger
With enabled encryption keys must be configured.
2020-05-21macsec: T2023: support MACsec Key Agreement protocol actor priorityChristian Poessinger
2020-05-21macsec: T2023: rename "security key" node to "security mka"Christian Poessinger
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that.
2020-05-21macsec: T2023: use wpa_supplicant for key managementChristian Poessinger
2020-05-21macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" nodeChristian Poessinger
This is best suited as a key is required, too.
2020-05-21macsec: T2023: extend key generator for CAK and CKN in operation modeChristian Poessinger
CAK - Connectivity Association Key CKN - Connectivity Association Name
2020-05-21macsec: T2023: remove gcm-aes-256 cipher typeChristian Poessinger
Cipher type gcm-aes-256 is supported by Linux 4.19 but it is not available in iproute2 4.19. We could backport it of course but the plan is to Upgrade to a more recent 5.x series kernel anyway once all out-of-tree module issues are resolved, mainly Intel QAT. gcm-aes-256 support was added to iproute2 package with commit b16f5253233 ("Add support for configuring MACsec gcm-aes-256 cipher type.") which made it into the 5.2 release of iproute2.
2020-05-21macsec: T2023: cipher suite is mandatoryChristian Poessinger
2020-05-21macsec: T2023: use list when working with Config()Christian Poessinger
2020-05-21macsec: T2023: add 'show interfaces macsec' op-mode treeChristian Poessinger
vyos@vyos# run show interfaces macsec 13: macsec1: protect on validate strict sc off sa off encrypt off send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bf19260001 on SA 0 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0 vyos@vyos# run show interfaces macsec macsec2 14: macsec2: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 005056bfefaa0001 on SA 0
2020-05-21macsec: T2023: add optional encryption commandChristian Poessinger
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt
2020-05-21macsec: T2023: generate secure channel keys in operation modeChristian Poessinger
2020-05-21macsec: T2023: add initial XML and Python interfacesChristian Poessinger
2020-05-21ifconfig: T2023: add initial MACsec abstractionChristian Poessinger
2020-05-20interface: T2023: adopt _delete() to common styleChristian Poessinger
2020-05-20interface: T2023: remove superfluous at end of listChristian Poessinger
2020-05-20macvlan: T2023: prepare common source interface include fileChristian Poessinger
2020-05-20Merge pull request #417 from thomas-mangin/T2467Christian Poessinger
util: T2467: fix missing import
2020-05-20util: T2467: fix missing importThomas Mangin
2020-05-20Merge pull request #416 from kroy-the-rabbit/patch-5Daniil Baturin
T2465: Permissions on vyos-hostsd socket incorrect
2020-05-20Merge pull request #415 from kroy-the-rabbit/revert-413-patch-4Daniil Baturin
Revert "T2465: vyos-hostsd-client needs sudo"
2020-05-19T2465: Permissions on vyos-hostsd socket incorrectkroy-the-rabbit
The DHCP server is unable to apply entries to the hosts file because the permissions on the socket are getting created wrong. ``` $ ls -al /run/vyos-hostsd.sock srwxrwxrwx 1 root vyattacfg 0 May 20 01:38 /run/vyos-hostsd.sock ``` This gives it the correct permissions so that the nobody/nobody user/group can change it.
2020-05-19Revert "T2465: vyos-hostsd-client needs sudo"kroy-the-rabbit
2020-05-19bgp: T2387: rename new implementation else system will not bootChristian Poessinger
It is not possible to simply remove the node.def file in a tag node. Rather rename the tag node to take it out of order by default. Upcoming BGP developers simply need to remove this line in the Makefile added by the commit.
2020-05-19Merge pull request #414 from thomas-mangin/T2467Christian Poessinger
util: T2467: automatically add sudo to known commands
2020-05-19Merge pull request #378 from sever-sever/bgp-xml-confChristian Poessinger
bgp-xml: T2387:Commands in XML for [conf_mode] bgp
2020-05-19wireguard: T2481: support IPv6 based underlayChristian Poessinger
2020-05-19util: T2467: add systemctl to autosudoThomas Mangin
2020-05-19util: T2467: add autosudo as an option to commandThomas Mangin
2020-05-19nat: do not report unassigned IP address for DNATChristian Poessinger
That warning made no sense as the destination address where we forward a port to is by design not locally connected.
2020-05-19Merge pull request #413 from kroy-the-rabbit/patch-4Christian Poessinger
T2465: vyos-hostsd-client needs sudo
2020-05-19dhcpv6-pd: T421: support ethernet based interfacesChristian Poessinger
Add support for prefix delegation when receiving the prefix via ethernet, bridge, bond, wireless.