| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-07-12 | op-mode: T427: add "summary" command for WireGuard interface information | Christian Poessinger | |
| 2021-07-11 | ipsec: T2816: use common "if key in dict:" pattern | Christian Poessinger | |
| 2021-07-11 | ipsec: T2816: fix NameError | Christian Poessinger | |
| Commit a5cd877a0a ("ipsec: T2816: Migrate ipsec-settings.xml.in and charon.conf to vpn_ipsec.py") unfortunately removed the dictionary definition for "data" which is required when running the l2tp handler script. | |||
| 2021-07-11 | vxlan: T3665: add VRF support | Christian Poessinger | |
| 2021-07-11 | smoketest: ospf: change passive-interface debugging | Christian Poessinger | |
| 2021-07-10 | Merge pull request #916 from jack9603301/T3667 | Christian Poessinger | |
| bridge: op-mode: T3667: Moving VLANs and modifying XML errors | |||
| 2021-07-10 | bridge: op-mode: T3667: Fix command line errors | jack9603301 | |
| 2021-07-10 | bridge: op-mode: T3667: Moving `vlan` to better locations | jack9603301 | |
| 2021-07-09 | Merge pull request #915 from jack9603301/T3667 | Christian Poessinger | |
| bridge: op-mode: T3667: Fix command line errors | |||
| 2021-07-10 | bridge: op-mode: T3667: Fix command line errors | jack9603301 | |
| 2021-07-09 | Merge pull request #913 from jack9603301/T3667 | Christian Poessinger | |
| op-mode: brctl: T3667: Using bridge command structure instead of brctl | |||
| 2021-07-09 | op-mode: brctl: T3667: Using `bridge` command structure instead of `brctl` | jack9603301 | |
| 2021-07-08 | T3663: add pre_hook argument to util.wait_for_inotify | Daniil Baturin | |
| When waiting for processes that don't take long, we need add an inotify watcher _before_ starting that process. The pre-hook arguments allows the user to pass a () -> () anonymous function to be called before adding a watch. | |||
| 2021-07-08 | T3663: fix the call to time.time() to match the new import scheme. | Daniil Baturin | |
| 2021-07-07 | Merge pull request #912 from sarthurdev/pki_ipsec_rsa | Christian Poessinger | |
| pki: T3642: Migrate rsa-keys to PKI configuration | |||
| 2021-07-07 | pki: T3642: Migrate rsa-keys to PKI configuration | sarthurdev | |
| 2021-07-06 | Merge pull request #911 from sarthurdev/pki_san | Christian Poessinger | |
| pki: ipsec: T3642: T1210: T2816: Add SANs to generated certificates, more IPSec remote-access features and fixes | |||
| 2021-07-06 | ipsec: T2816: Migrate ipsec-settings.xml.in and charon.conf to vpn_ipsec.py | sarthurdev | |
| Also adds check for the charon socket instead of an arbitrary sleep() | |||
| 2021-07-05 | ipsec: T1210: T1251: Add more features to remote-access connections | sarthurdev | |
| - Adds client/server authentication methods. - Adds basic verification to remote-access. - Adds DHCP pool and options to remote-access. - Cleanup unused PKI files. | |||
| 2021-07-05 | T3663: python3-inotify should be a runtime dependency | John Estabrook | |
| 2021-07-05 | pki: ipsec: T3642: Fix issue with '.' being present in tag nodes, adds new ↵ | sarthurdev | |
| vyos.util method `dict_search_args` to allow for dot characters in keys. | |||
| 2021-07-05 | pki: T3642: Support for adding SANs on certificate requests | sarthurdev | |
| 2021-07-04 | Merge pull request #910 from sarthurdev/pki_ext | Christian Poessinger | |
| pki: T3642: Add standard extensions to generated certificates | |||
| 2021-07-04 | pki: T3642: Add standard extensions to generated certificates | sarthurdev | |
| 2021-07-04 | vyos.util: T3663: move inotify-based imports to function level | Christian Poessinger | |
| Keep the vyos.util function clean and not pull in the rest of the world when importing it. | |||
| 2021-07-04 | Merge pull request #908 from c-po/ipsec-ikev2-remote-access | Christian Poessinger | |
| ipsec: T1210: T1251: IKEv2 road-warrior support | |||
| 2021-07-04 | ipsec: T2816: add completion helper for tunnel interfaces | Christian Poessinger | |
| 2021-07-04 | T3663: prerequisites for inotify-based watching implementations. | Daniil Baturin | |
| 2021-07-04 | ipsec: T1210: T1251: add "local" traffic-selector include definition | Christian Poessinger | |
| Used by both site2site and remote-access/road-warrior VPN connections. | |||
| 2021-07-04 | ipsec: T1210: T1251: add remote-access "name-server" definition to pool config | Christian Poessinger | |
| 2021-07-04 | ipsec: T2816: add completion helper for VTI interfaces | Christian Poessinger | |
| 2021-07-04 | ipsec: T2816: add include definition for ipsec local-address | Christian Poessinger | |
| 2021-07-04 | ipsec: T2816: use common building block/include for port definition | Christian Poessinger | |
| 2021-07-04 | ipsec: T1210: T1251: extend ra config with address pools/traffic selectors | sarthurdev | |
| 2021-07-04 | smoketest: pki: adjust to "type" node removal on CLI | Christian Poessinger | |
| A certificate "type" can be auto derived from the certificate itself. | |||
| 2021-07-04 | ipsec: T1210: T1251: IKEv2 road-warrior support | Christian Poessinger | |
| set vpn ipsec esp-group ESP-RW compression 'disable' set vpn ipsec esp-group ESP-RW lifetime '3600' set vpn ipsec esp-group ESP-RW pfs 'disable' set vpn ipsec esp-group ESP-RW proposal 10 encryption 'aes256' set vpn ipsec esp-group ESP-RW proposal 10 hash 'sha256' set vpn ipsec esp-group ESP-RW proposal 20 encryption 'aes256' set vpn ipsec esp-group ESP-RW proposal 20 hash 'sha1' set vpn ipsec ike-group IKE-RW key-exchange 'ikev2' set vpn ipsec ike-group IKE-RW lifetime '10800' set vpn ipsec ike-group IKE-RW mobike 'enable' set vpn ipsec ike-group IKE-RW proposal 10 dh-group '2' set vpn ipsec ike-group IKE-RW proposal 10 encryption 'aes256' set vpn ipsec ike-group IKE-RW proposal 10 hash 'sha1' set vpn ipsec ike-group IKE-RW proposal 20 dh-group '2' set vpn ipsec ike-group IKE-RW proposal 20 encryption 'aes128' set vpn ipsec ike-group IKE-RW proposal 20 hash 'sha1' set vpn ipsec ipsec-interfaces interface 'dum0' set vpn ipsec remote-access rw authentication id 'vyos' set vpn ipsec remote-access rw authentication local-users username vyos password vyos set vpn ipsec remote-access rw authentication x509 ca-certificate 'peer_172-18-254-202' set vpn ipsec remote-access rw authentication x509 certificate 'peer_172-18-254-202' set vpn ipsec remote-access rw description 'asdf' set vpn ipsec remote-access rw esp-group 'ESP-RW' set vpn ipsec remote-access rw ike-group 'IKE-RW' | |||
| 2021-07-03 | ipsec: T2816: remove erroneously added config snipped for road-warriors | Christian Poessinger | |
| Commit 32fab6c7c ("ipsec: T2816: provide esp and ike-group XML building block") by accident added an IKEv2 road-warrior configuration to swanctl template. The config blog was never activate as the CLI nodes are still missing. Still unclean :(. | |||
| 2021-07-03 | Merge pull request #907 from sarthurdev/ipsec_cleanup | Christian Poessinger | |
| ipsec: T2816: Remove legacy vyatta code that references Openswan | |||
| 2021-07-03 | ipsec: T2816: Remove legacy vyatta code that references Openswan | sarthurdev | |
| 2021-07-03 | Revert "ipsec: T2816: drop duplicate dict key "data" from generate()" | Christian Poessinger | |
| This reverts commit fb1802111155b52c9d63a079e18127de76033678. | |||
| 2021-07-03 | Merge pull request #906 from sarthurdev/pki_typo | Christian Poessinger | |
| pki: T3642: Fix for correct method on encoding certificate request | |||
| 2021-07-03 | pki: T3642: Fix for correct method on encoding certificate request | sarthurdev | |
| 2021-07-03 | ipsec: T1210: T1251: add dependency on libcharon-extauth-plugins | Christian Poessinger | |
| 2021-07-03 | ipsec: T2816: drop duplicate dict key "data" from generate() | Christian Poessinger | |
| 2021-07-03 | ipsec: T2816: provide x509 certificate base auth building blocks | Christian Poessinger | |
| 2021-07-03 | ipsec: T2816: provide esp and ike-group XML building block | Christian Poessinger | |
| 2021-07-03 | Merge pull request #905 from sarthurdev/pki_subca | Christian Poessinger | |
| pki: T3642: Add support for signing and revoking subordinate CAs | |||
| 2021-07-03 | ipsec: T2816: rework log options for debugging | Christian Poessinger | |
| Renamed CLI from "logging log-modes" to "log subsystem" and "logging log-level" to "log level". THat is more human firendly. | |||
| 2021-07-03 | pki: T3642: Add support for signing and revoking subordinate CAs | sarthurdev | |
| 2021-07-03 | Merge branch 'ipsec-ikev2-remote-access' of github.com:c-po/vyos-1x into current | Christian Poessinger | |
| * 'ipsec-ikev2-remote-access' of github.com:c-po/vyos-1x: ipsec: T2816: remove default values from Jinja2 template and place them in XML ipsec: T2816: rework IKE and ESP key assignment ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string ipsec: T2816: adjust Jinja2 template to coding style xml: provide building block for a generic description node | |||
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) |
| summaryrefslogtreecommitdiff |