Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-11-12 | T5728: OpenVPN server replace first_host_address to vpn_gateway | Viacheslav Hletenko | |
Some OpenVPN clients (OpenVPN3) do not understand address of gateway for the pushed networks. It leads that pushed routes are not installed at all. Replace `subnet | first_host_address` to the `vpn_gateway` to fix it | |||
2023-10-12 | openvpn: T5634: Remove support for insecure DES and Blowfish ciphers | Daniil Baturin | |
2023-09-14 | Merge pull request #1637 from ordex/T3214 | Daniil Baturin | |
openvpn: T3214: fix server-ipv6 and nopool handling | |||
2023-08-15 | T5271: correct dict path in the template for OpenVPN peer fingerprint | Daniil Baturin | |
2023-08-15 | T5270: generate 'dh none' unconditionally when dh-params is no present | Daniil Baturin | |
The condition is useless since OpenVPN simply switches to ECDH in all modes when the classic DH prime is not specified | |||
2023-08-09 | openvpn: T5271: add peer certificate fingerprint option | Daniil Baturin | |
2023-07-27 | openvpn: T4974: move CLI node "enable-dco" -> "offload dco" to match other ↵ | Christian Breunig | |
inetfaces Keep a common CLI structure by re-using the already established offload node from ethernet. | |||
2023-07-21 | T4974:add/fixed enable ovpn-dco by default | fett0 | |
2023-04-24 | OpenVPN: T4402: Update OpenVPN server.conf.j2 template | Nicolas Riebesel | |
The ifconfig-pool command requires the arguments separated by a space. Hence the space was added before the subnet mask. | |||
2023-02-23 | T5027: Enable legacy provider to support current ciphers | Viacheslav Hletenko | |
* We will need to remove insecure ciphers as a long-term solution (BF-CBC, DES...) | |||
2022-11-02 | openvpn: T3214: specify nopool on --server line only if needed | Antonio Quartulli | |
The --server directive will already create a pool automatically. For this reason noppol should be used only when an explicit client-ip-pool was configured by the user. If that's not the case, then the nopool flag should not be specified and no manual pool should be configured. Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> | |||
2022-04-18 | openvpn: T4351: bugfix of initial value on Jinja2 namespace | Christian Poessinger | |
Commit f2b722a8 ("openvpn: T4353: T4351: fix generation of openvpn-option string passed to daemon") changed how the openvpn-option CLI node is processed. Unfortunantely the initial value of the namespace must be '' instead of 0. | |||
2022-04-18 | openvpn: T4353: T4351: fix generation of openvpn-option string passed to daemon | Christian Poessinger | |
2022-04-18 | openvpn: T4353: fix Jinja2 linting errors | Christian Poessinger | |
2022-04-13 | openvpn: T4333: migrate to new vyos_defined Jinja2 test | Christian Poessinger | |
2022-02-09 | openvpn: T3686: Fix for check local-address in script and tmpl | Viacheslav Hletenko | |
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template | |||
2021-11-01 | Merge branch 'current' into T3350-sagitta | zdc | |
2021-10-07 | Merge branch 'current' into 2fa | Kim | |
2021-10-07 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
2021-10-07 | pull request fixes | Kim Hagen | |
2021-10-04 | OpenVPN: T3350: Changed custom options for OpenVPN processing | zsdc | |
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing. | |||
2021-09-27 | openvpn: T690: Fix template for gateway and metric | Viacheslav | |
Some OpenVPN clients doesnt support option gateway and metric. Set metric option only when 'metric' was added in config explicity. (cherry picked from commit 96681d8bf1ede069b573a4cbe3a2493c374d048e) | |||
2021-09-23 | openvpn: T3642: Openvpn does not work without dh parameter in EC mode | Nicolas Riebesel | |
2021-09-17 | Revert "openvpn: T3736: openvpn-option keeps and adds double dashes (--)" | Kim Hagen | |
This reverts commit 415e572dfba776a981e2ec1e4331c30cd5cb59f3. | |||
2021-09-17 | update the location of the openvpn-otp.so plugin | Kim Hagen | |
2021-09-08 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
2021-09-03 | do not use capitals in opmode | Kim Hagen | |
rename t0 to drift add subnemu for 2fa to make it more readable | |||
2021-09-03 | fix configure error if 2fa is defined but no option is defined | Kim Hagen | |
2021-09-03 | change secret file location in template | Kim Hagen | |
2021-09-03 | fix file location and use correct variable | Kim Hagen | |
2021-09-02 | add 2fa op files and update template | Kim Hagen | |
2021-08-17 | add part 2fa | Kim Hagen | |
2021-08-16 | openvpn: T690: Add metric for pushed routes | Viacheslav | |
2021-08-11 | openvpn: T3736: openvpn-option keeps and adds double dashes (--) | Kim Hagen | |
2021-07-21 | pki: openvpn: T3642: Migrate OpenVPN to PKI and refactor | sarthurdev | |
2021-06-25 | openvpn: T1704: drop deprecated disable-ncp option | Christian Poessinger | |
2021-06-24 | openvpn: T1512: T3641: drop deprecated "compat-names" option | Christian Poessinger | |
2021-06-24 | openvpn: T3641: remove deprecated iproute option | Christian Poessinger | |
Executing iproute2 commands as unprivileged member of the openvpn group is now handled via a sudoers file. | |||
2021-01-17 | openvpn: T2381: bugfix rendering multiple openvpn-options from CLI | Christian Poessinger | |
The CLI statement "set interfaces openvpn vtun10 openvpn-option '--tun-mtu 1500 --fragment 1300 --mssfix'" will render in vtun10.conf to: --tun-mtu 1500 --fragment 1300 --mssfix On startup OpenVPN complains about: openvpn-vtun10: Options error: Unrecognized option or missing or extra parameter(s) in vtun10.conf:76: tun-mtu (2.4.7) The options must be split on -- to a new configuration line. | |||
2021-01-14 | openvpn: T3219: fix for server client subnet IPv6 iroute | Jernej Jakob | |
2020-12-31 | openvpn: T2994: fix ipv6 server mode | Christian Poessinger | |
2020-12-21 | openvpn: T3143: Push routes in correct format <IP> <NETMASK> | DmitriyEshenko | |
2020-12-08 | openvpn: T3117: fix generated ncp-ciphers in server config | Christian Poessinger | |
2020-11-23 | openvpn: T3074: fix site-2-site operation mode | Christian Poessinger | |
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected. | |||
2020-11-22 | openvpn: T3080: add missing multiplication on keepalive config option | Christian Poessinger | |
2020-11-21 | openvpn: T3060: fix client authentication username and password file | Christian Poessinger | |
2020-11-21 | openvpn: T3060: always listen op IPv4 and IPv6 sockets | Christian Poessinger | |
2020-11-14 | openvpn: T2550: default connection protocol to udp | Christian Poessinger | |
setting this to udp will allow both IPv4 and IPv6 connections. According to the MAN page: proto indicates the protocol to use when connecting with the remote, and may be "tcp" or "udp". For forcing IPv4 or IPv6 connection suffix tcp or udp with 4/6 like udp4/udp6/tcp4/tcp6. | |||
2020-11-13 | openvpn: T3060: fix CLI to real config mapping for protocol node | Christian Poessinger | |
2020-11-13 | vyos.template: provide general is_ip(v4|v6) helpers | Christian Poessinger | |
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts. |