summaryrefslogtreecommitdiff
path: root/data/templates/ocserv
AgeCommit message (Collapse)Author
2022-08-24T3896: update group syntax per PR1463RageLtMan
2022-08-18T3896: update groupconfig syntax per PR1463RageLtMan
Address @sever-sever's suggestion to refactor how groupconfig is defined, parsed, and set (with his proposed conditional string appending Py-sugar). Use the disable-mobike refactor as template for XML simplification. Testing: None yet
2022-08-18T3896: Use group selector and forced dns tunnelingRageLtMan
Enterprise RADIUS configurations often utilize group selectors for authentication and attribute distribution for connecting clients. Ocserv implements this functionality via the `select-group` config file attribute, repeating for multiple groups. When a user selects their membership group and the request is passed to the RADIUS server, ocserv will match the returned Class attribute against the value selected by the user. This functionality also works for local group membership resolution, although VyOS currently doesn't have group membership configuration for this. Expose the tunnel-all-dns option in the ocserv config file allowing users who deploy default routes to select split-dns and those who do not to enable full DNS tunneling. Testing: Smoketests & build Configured groups in openconnect profile and verified existence in /run/ocserv/ocserv.conf Configured forced dns tunneling and verified presence of setting in /run/ocserv/ocserv.conf
2022-08-18T3896: Drop cserv local user req, add groupconfigRageLtMan
From ocserv documentation: ``` If the groupconfig option is set, then config-per-user will be overriden, and all configuration will be read from radius. That also includes the Acct-Interim-Interval, and Session-Timeout values. ``` Implement yes/no configuration and parameter handling during jinja rendering. Fix bug wherein openconnect-server configuration requires creation of local user accounts even when RADIUS authentication is used. Testing: Set the groupconfig=yes param and observed change in generated /run/ocserv/ocserv.conf. Removed the local users via `delete vpn openconnect authentication local-users` and observed commit & service operation
2022-08-15ocserv: openconnect: T4614: add support for split-dnsChristian Poessinger
set vpn openconnect network-settings split-dns <domain>
2022-08-15ocserv: T4333: migrate to new vyos_defined Jinja2 testChristian Poessinger
2022-05-01openconnect: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-04-13ocserv: T4333: migrate to new vyos_defined Jinja2 testChristian Poessinger
2022-04-09ocserv: T4231: Added OTP support for Openconnect 2FAgoodNETnick
2022-03-16ocserv: T4231: Added OTP support for Openconnect 2FAgoodNETnick
2021-07-20pki: openconnect: T3642: Migrate OpenConnect SSL to PKI configurationsarthurdev
2020-09-09openconnect: T2036: Move CLI commands under vpn openconnectDmitriyEshenko
2020-08-18anyconnect: T2036: add anyconnect VPN supportEshenko Dmitriy