summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-02-24login: T4943: Fixed 2FA + RADIUS compatibilityzsdc
MFA requires KbdInteractiveAuthentication to ask a second factor, and the RADIUS module for PAM does not like it, which makes them incompatible. This commit: * disables KbdInteractiveAuthentication * changes order for PAM modules - make it first, before `pam_unix` or `pam_radius_auth` * enables the `forward_pass` option for `pam_google_authenticator` to accept both password and MFA in a single input As a result, local, RADIUS, and MFA work together. Important change: MFA should be entered together with a password. Before: ``` vyos login: <USERNAME> Password: <PASSWORD> Verification code: <MFA> ``` Now: ``` vyos login: <USERNAME> Password & verification code: <PASSWORD><MFA> ```
2023-02-24Merge pull request #1847 from aapostoliuk/T4985-2-sagittaChristian Breunig
ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici library
2023-02-24ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici libraryaapostoliuk
1. Changed reset IPSEC, IKE SAs to use vici library. 2. Created package vyos.ipsec to communicate with vici library.
2023-02-23Merge pull request #1842 from sever-sever/T5027Christian Breunig
T5027: Enable legacy provider to support current ciphers
2023-02-23Merge pull request #1829 from sever-sever/T5013Daniil Baturin
T5013: Extend accelppp op-mode script to get statistic
2023-02-23Merge pull request #1845 from sever-sever/T5017Daniil Baturin
T5017: Add interface ifbX to constraint interface-name
2023-02-23T5017: Add interface ifbX to constraint interface-nameViacheslav Hletenko
2023-02-23Update README.mdYuriy Andamasov
2023-02-23Update sonar-project.propertiesYuriy Andamasov
2023-02-23T5027: Enable legacy provider to support current ciphersViacheslav Hletenko
* We will need to remove insecure ciphers as a long-term solution (BF-CBC, DES...)
2023-02-23Update sonar-project.propertiesYuriy Andamasov
2023-02-23Update sonar-project.propertiesYuriy Andamasov
2023-02-23Create build.ymlYuriy Andamasov
2023-02-22Merge pull request #1841 from sever-sever/T5025Christian Breunig
T5025: Fix timezones and validator use timedatectl
2023-02-22T5025: Fix timezones and validator use timedatectlViacheslav Hletenko
Fix timezones completion help and validotor Use 'timedatectl' insted of find zoneinfo
2023-02-22Merge pull request #1840 from sarthurdev/T5023Christian Breunig
openconnect: T5023: Conf script missing optional config parameter
2023-02-22openconnect: T5023: Conf script missing optional config parametersarthurdev
2023-02-22Merge pull request #1839 from sarthurdev/ipsecChristian Breunig
ipsec: T4593: Remove references to deleted variables
2023-02-22ipsec: T4593: Remove references to deleted variablessarthurdev
2023-02-21Merge pull request #1835 from sever-sever/T5020Christian Breunig
T5020: Extend openvpn op-mode to get list of configured clients
2023-02-21Merge pull request #1834 from sever-sever/T5007Christian Breunig
T5007: Fix multicast implementation for the tunnel interfaces
2023-02-21Merge pull request #1837 from sever-sever/T4978Christian Breunig
T4978: Default values of port rewrite default container values
2023-02-21T4978: Default values of port rewrite default container valuesViacheslav Hletenko
As we have the same variable name 'default_values' for container name, port and volume, it rewrites default container parameters with default port parameters Fix it
2023-02-20T5020: Extend openvpn op-mode to get list of configured clientsViacheslav Hletenko
Extend openvpn.py op-mode script to get list of configured clients for the '--raw' output
2023-02-20T5007: Fix multicast implementation for the tunnel interfacesViacheslav Hletenko
Multicast has not been implemented for the tunnel interfaces. We have only configuration CLI commands that do anything. Fix it. ip link set dev <tag> multicast on ip link set dev <tag> multicast off
2023-02-18Merge pull request #1831 from nicolas-fort/T4886-add-cero-matcherChristian Breunig
T4886: allow connection-mark 0 value, which is acceptable
2023-02-18T4886: allow connection-mark 0 value, which is acceptableNicolas Fort
2023-02-18Merge pull request #1830 from sever-sever/T5011Christian Breunig
T5011: Set default values for min_mtu max_mtu
2023-02-18T5011: Set default values for min_mtu max_mtuViacheslav Hletenko
Some interface drivers don't support/provide min_mtu and max_mtu values For example VyOS in docker container with 'veth' driver on some platforms As a workarund add default values for min/max MTU for calculations and pass function "verify_mtu(config)"
2023-02-18T5013: accelppp replace cpu key to cpu_load_percentage op-modeViacheslav Hletenko
Change op-mode raw statistics for accel_ppp.py dict key 'cpu' to 'cpu_load_percentage' and value to integer
2023-02-18T5013: Extend accelppp op-mode script to get statisticViacheslav Hletenko
Extend accelppp.py op-mode script to get subnet/start/stop/gateway/client_ip_pool/ etc info from the configuration
2023-02-17Merge pull request #1828 from rayzilt/fix-qos-classes-printf-helpChristian Breunig
qos: classes: helptext: T5015: Escape % in printf
2023-02-17qos: classes: helptext: T5015: Escape % in printfSilvan Raijer
2023-02-17Merge pull request #1826 from aapostoliuk/T5008-sagittaChristian Breunig
macsec: T5008: Changed length of CKN to (2..64 hex-digits)
2023-02-17Merge pull request #1827 from sever-sever/T5005Christian Breunig
T5005: PPPoE server allow any login with option noauth
2023-02-17T5005: PPPoE server allow any login with option noauthViacheslav Hletenko
Disabling authentication is useful in emergency situations (e.g. RADIUS server is down) or testing purposes. Clients can connect with any login and username. set service pppoe-server authentication mode 'noauth'
2023-02-17macsec: T5008: Changed length of CKN to (2..64 hex-digits)aapostoliuk
Based on wpa_supplicant documentation. mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string (2..64 hex-digits) Changed allowable length of CKN from strong 64 hex-digits to the range (2..64 hex-digits)
2023-02-16Merge pull request #1825 from sever-sever/T5002Christian Breunig
T5002: Add uk United Kindom keymap
2023-02-16T5002: Add uk United Kindom keymapViacheslav Hletenko
set system option keyboard-layout uk
2023-02-15Merge pull request #1817 from sarthurdev/bookwormChristian Breunig
debian: T5003: Upgrade base system to Debian 12 "Bookworm"
2023-02-15Merge pull request #1811 from jestabro/udiffChristian Breunig
config_mgmt: T4991: use configtree.show_diff instead of Python difflib
2023-02-15Merge pull request #1821 from sarthurdev/ipsecChristian Breunig
ipsec: T4593: Migrate and remove legacy `include-ipsec` nodes
2023-02-15Merge pull request #1822 from sever-sever/T4971Christian Breunig
T4971: Accel-ppp verify if client_ip_pool key exists in config
2023-02-15Merge pull request #1823 from jestabro/api-asyncViacheslav Hletenko
http-api: T5006: add explicit async to retrieve/configure methods for REST
2023-02-15T4971: Accel-ppp verify if client_ip_pool key exists in configViacheslav Hletenko
If 'client_ip_pool' not exists in config we cannot search it in the dictionary dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name']) Add check
2023-02-15ipsec: T4593: Migrate and remove legacy `include-ipsec` nodessarthurdev
Not supported with swanctl
2023-02-14http-api: T5006: add explicit async to retrieve/configure methodsJohn Estabrook
2023-02-14strongSwan: T4593: move to charon-systemdChristian Breunig
2023-02-14Merge pull request #1819 from aapostoliuk/T4985-sagittaChristian Breunig
ipsec: T4985: Fixed 'reset vpn ipsec-peer {peer}' command
2023-02-14ipsec: T4985: Fixed 'reset vpn ipsec-peer {peer}' commandaapostoliuk
Fixed 'reset vpn ipsec-peer {peer}' command. The op-mode script uses value 'None' in the 'tunnel' parameter to clear all CHILD SAs.