summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-07-12op-mode: T427: add "summary" command for WireGuard interface informationChristian Poessinger
2021-07-11ipsec: T2816: use common "if key in dict:" patternChristian Poessinger
2021-07-11ipsec: T2816: fix NameErrorChristian Poessinger
Commit a5cd877a0a ("ipsec: T2816: Migrate ipsec-settings.xml.in and charon.conf to vpn_ipsec.py") unfortunately removed the dictionary definition for "data" which is required when running the l2tp handler script.
2021-07-11vxlan: T3665: add VRF supportChristian Poessinger
2021-07-11smoketest: ospf: change passive-interface debuggingChristian Poessinger
2021-07-10Merge pull request #916 from jack9603301/T3667Christian Poessinger
bridge: op-mode: T3667: Moving VLANs and modifying XML errors
2021-07-10bridge: op-mode: T3667: Fix command line errorsjack9603301
2021-07-10bridge: op-mode: T3667: Moving `vlan` to better locationsjack9603301
2021-07-09Merge pull request #915 from jack9603301/T3667Christian Poessinger
bridge: op-mode: T3667: Fix command line errors
2021-07-10bridge: op-mode: T3667: Fix command line errorsjack9603301
2021-07-09Merge pull request #913 from jack9603301/T3667Christian Poessinger
op-mode: brctl: T3667: Using bridge command structure instead of brctl
2021-07-09op-mode: brctl: T3667: Using `bridge` command structure instead of `brctl`jack9603301
2021-07-08T3663: add pre_hook argument to util.wait_for_inotifyDaniil Baturin
When waiting for processes that don't take long, we need add an inotify watcher _before_ starting that process. The pre-hook arguments allows the user to pass a () -> () anonymous function to be called before adding a watch.
2021-07-08T3663: fix the call to time.time() to match the new import scheme.Daniil Baturin
2021-07-07Merge pull request #912 from sarthurdev/pki_ipsec_rsaChristian Poessinger
pki: T3642: Migrate rsa-keys to PKI configuration
2021-07-07pki: T3642: Migrate rsa-keys to PKI configurationsarthurdev
2021-07-06Merge pull request #911 from sarthurdev/pki_sanChristian Poessinger
pki: ipsec: T3642: T1210: T2816: Add SANs to generated certificates, more IPSec remote-access features and fixes
2021-07-06ipsec: T2816: Migrate ipsec-settings.xml.in and charon.conf to vpn_ipsec.pysarthurdev
Also adds check for the charon socket instead of an arbitrary sleep()
2021-07-05ipsec: T1210: T1251: Add more features to remote-access connectionssarthurdev
- Adds client/server authentication methods. - Adds basic verification to remote-access. - Adds DHCP pool and options to remote-access. - Cleanup unused PKI files.
2021-07-05T3663: python3-inotify should be a runtime dependencyJohn Estabrook
2021-07-05pki: ipsec: T3642: Fix issue with '.' being present in tag nodes, adds new ↵sarthurdev
vyos.util method `dict_search_args` to allow for dot characters in keys.
2021-07-05pki: T3642: Support for adding SANs on certificate requestssarthurdev
2021-07-04Merge pull request #910 from sarthurdev/pki_extChristian Poessinger
pki: T3642: Add standard extensions to generated certificates
2021-07-04pki: T3642: Add standard extensions to generated certificatessarthurdev
2021-07-04vyos.util: T3663: move inotify-based imports to function levelChristian Poessinger
Keep the vyos.util function clean and not pull in the rest of the world when importing it.
2021-07-04Merge pull request #908 from c-po/ipsec-ikev2-remote-accessChristian Poessinger
ipsec: T1210: T1251: IKEv2 road-warrior support
2021-07-04ipsec: T2816: add completion helper for tunnel interfacesChristian Poessinger
2021-07-04T3663: prerequisites for inotify-based watching implementations.Daniil Baturin
2021-07-04ipsec: T1210: T1251: add "local" traffic-selector include definitionChristian Poessinger
Used by both site2site and remote-access/road-warrior VPN connections.
2021-07-04ipsec: T1210: T1251: add remote-access "name-server" definition to pool configChristian Poessinger
2021-07-04ipsec: T2816: add completion helper for VTI interfacesChristian Poessinger
2021-07-04ipsec: T2816: add include definition for ipsec local-addressChristian Poessinger
2021-07-04ipsec: T2816: use common building block/include for port definitionChristian Poessinger
2021-07-04ipsec: T1210: T1251: extend ra config with address pools/traffic selectorssarthurdev
2021-07-04smoketest: pki: adjust to "type" node removal on CLIChristian Poessinger
A certificate "type" can be auto derived from the certificate itself.
2021-07-04ipsec: T1210: T1251: IKEv2 road-warrior supportChristian Poessinger
set vpn ipsec esp-group ESP-RW compression 'disable' set vpn ipsec esp-group ESP-RW lifetime '3600' set vpn ipsec esp-group ESP-RW pfs 'disable' set vpn ipsec esp-group ESP-RW proposal 10 encryption 'aes256' set vpn ipsec esp-group ESP-RW proposal 10 hash 'sha256' set vpn ipsec esp-group ESP-RW proposal 20 encryption 'aes256' set vpn ipsec esp-group ESP-RW proposal 20 hash 'sha1' set vpn ipsec ike-group IKE-RW key-exchange 'ikev2' set vpn ipsec ike-group IKE-RW lifetime '10800' set vpn ipsec ike-group IKE-RW mobike 'enable' set vpn ipsec ike-group IKE-RW proposal 10 dh-group '2' set vpn ipsec ike-group IKE-RW proposal 10 encryption 'aes256' set vpn ipsec ike-group IKE-RW proposal 10 hash 'sha1' set vpn ipsec ike-group IKE-RW proposal 20 dh-group '2' set vpn ipsec ike-group IKE-RW proposal 20 encryption 'aes128' set vpn ipsec ike-group IKE-RW proposal 20 hash 'sha1' set vpn ipsec ipsec-interfaces interface 'dum0' set vpn ipsec remote-access rw authentication id 'vyos' set vpn ipsec remote-access rw authentication local-users username vyos password vyos set vpn ipsec remote-access rw authentication x509 ca-certificate 'peer_172-18-254-202' set vpn ipsec remote-access rw authentication x509 certificate 'peer_172-18-254-202' set vpn ipsec remote-access rw description 'asdf' set vpn ipsec remote-access rw esp-group 'ESP-RW' set vpn ipsec remote-access rw ike-group 'IKE-RW'
2021-07-03ipsec: T2816: remove erroneously added config snipped for road-warriorsChristian Poessinger
Commit 32fab6c7c ("ipsec: T2816: provide esp and ike-group XML building block") by accident added an IKEv2 road-warrior configuration to swanctl template. The config blog was never activate as the CLI nodes are still missing. Still unclean :(.
2021-07-03Merge pull request #907 from sarthurdev/ipsec_cleanupChristian Poessinger
ipsec: T2816: Remove legacy vyatta code that references Openswan
2021-07-03ipsec: T2816: Remove legacy vyatta code that references Openswansarthurdev
2021-07-03Revert "ipsec: T2816: drop duplicate dict key "data" from generate()"Christian Poessinger
This reverts commit fb1802111155b52c9d63a079e18127de76033678.
2021-07-03Merge pull request #906 from sarthurdev/pki_typoChristian Poessinger
pki: T3642: Fix for correct method on encoding certificate request
2021-07-03pki: T3642: Fix for correct method on encoding certificate requestsarthurdev
2021-07-03ipsec: T1210: T1251: add dependency on libcharon-extauth-pluginsChristian Poessinger
2021-07-03ipsec: T2816: drop duplicate dict key "data" from generate()Christian Poessinger
2021-07-03ipsec: T2816: provide x509 certificate base auth building blocksChristian Poessinger
2021-07-03ipsec: T2816: provide esp and ike-group XML building blockChristian Poessinger
2021-07-03Merge pull request #905 from sarthurdev/pki_subcaChristian Poessinger
pki: T3642: Add support for signing and revoking subordinate CAs
2021-07-03ipsec: T2816: rework log options for debuggingChristian Poessinger
Renamed CLI from "logging log-modes" to "log subsystem" and "logging log-level" to "log level". THat is more human firendly.
2021-07-03pki: T3642: Add support for signing and revoking subordinate CAssarthurdev
2021-07-03Merge branch 'ipsec-ikev2-remote-access' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'ipsec-ikev2-remote-access' of github.com:c-po/vyos-1x: ipsec: T2816: remove default values from Jinja2 template and place them in XML ipsec: T2816: rework IKE and ESP key assignment ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string ipsec: T2816: adjust Jinja2 template to coding style xml: provide building block for a generic description node
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-19 12:32:53 +0000