summaryrefslogtreecommitdiff
path: root/data/templates/openvpn
AgeCommit message (Collapse)Author
2023-11-12T5728: OpenVPN server replace first_host_address to vpn_gatewayViacheslav Hletenko
Some OpenVPN clients (OpenVPN3) do not understand address of gateway for the pushed networks. It leads that pushed routes are not installed at all. Replace `subnet | first_host_address` to the `vpn_gateway` to fix it
2023-10-12openvpn: T5634: Remove support for insecure DES and Blowfish ciphersDaniil Baturin
2023-09-14Merge pull request #1637 from ordex/T3214Daniil Baturin
openvpn: T3214: fix server-ipv6 and nopool handling
2023-08-15T5271: correct dict path in the template for OpenVPN peer fingerprintDaniil Baturin
2023-08-15T5270: generate 'dh none' unconditionally when dh-params is no presentDaniil Baturin
The condition is useless since OpenVPN simply switches to ECDH in all modes when the classic DH prime is not specified
2023-08-09openvpn: T5271: add peer certificate fingerprint optionDaniil Baturin
2023-07-27openvpn: T4974: move CLI node "enable-dco" -> "offload dco" to match other ↵Christian Breunig
inetfaces Keep a common CLI structure by re-using the already established offload node from ethernet.
2023-07-21 T4974:add/fixed enable ovpn-dco by defaultfett0
2023-04-24OpenVPN: T4402: Update OpenVPN server.conf.j2 templateNicolas Riebesel
The ifconfig-pool command requires the arguments separated by a space. Hence the space was added before the subnet mask.
2023-02-23T5027: Enable legacy provider to support current ciphersViacheslav Hletenko
* We will need to remove insecure ciphers as a long-term solution (BF-CBC, DES...)
2022-11-02openvpn: T3214: specify nopool on --server line only if neededAntonio Quartulli
The --server directive will already create a pool automatically. For this reason noppol should be used only when an explicit client-ip-pool was configured by the user. If that's not the case, then the nopool flag should not be specified and no manual pool should be configured. Signed-off-by: Antonio Quartulli <antonio@mandelbit.com>
2022-04-18openvpn: T4351: bugfix of initial value on Jinja2 namespaceChristian Poessinger
Commit f2b722a8 ("openvpn: T4353: T4351: fix generation of openvpn-option string passed to daemon") changed how the openvpn-option CLI node is processed. Unfortunantely the initial value of the namespace must be '' instead of 0.
2022-04-18openvpn: T4353: T4351: fix generation of openvpn-option string passed to daemonChristian Poessinger
2022-04-18openvpn: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-04-13openvpn: T4333: migrate to new vyos_defined Jinja2 testChristian Poessinger
2022-02-09openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template
2021-11-01Merge branch 'current' into T3350-sagittazdc
2021-10-07Merge branch 'current' into 2faKim
2021-10-07openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-10-07pull request fixesKim Hagen
2021-10-04OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing.
2021-09-27openvpn: T690: Fix template for gateway and metricViacheslav
Some OpenVPN clients doesnt support option gateway and metric. Set metric option only when 'metric' was added in config explicity. (cherry picked from commit 96681d8bf1ede069b573a4cbe3a2493c374d048e)
2021-09-23openvpn: T3642: Openvpn does not work without dh parameter in EC modeNicolas Riebesel
2021-09-17Revert "openvpn: T3736: openvpn-option keeps and adds double dashes (--)"Kim Hagen
This reverts commit 415e572dfba776a981e2ec1e4331c30cd5cb59f3.
2021-09-17update the location of the openvpn-otp.so pluginKim Hagen
2021-09-08openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-09-03do not use capitals in opmodeKim Hagen
rename t0 to drift add subnemu for 2fa to make it more readable
2021-09-03fix configure error if 2fa is defined but no option is definedKim Hagen
2021-09-03change secret file location in templateKim Hagen
2021-09-03fix file location and use correct variableKim Hagen
2021-09-02add 2fa op files and update templateKim Hagen
2021-08-17add part 2faKim Hagen
2021-08-16openvpn: T690: Add metric for pushed routesViacheslav
2021-08-11openvpn: T3736: openvpn-option keeps and adds double dashes (--)Kim Hagen
2021-07-21pki: openvpn: T3642: Migrate OpenVPN to PKI and refactorsarthurdev
2021-06-25openvpn: T1704: drop deprecated disable-ncp optionChristian Poessinger
2021-06-24openvpn: T1512: T3641: drop deprecated "compat-names" optionChristian Poessinger
2021-06-24openvpn: T3641: remove deprecated iproute optionChristian Poessinger
Executing iproute2 commands as unprivileged member of the openvpn group is now handled via a sudoers file.
2021-01-17openvpn: T2381: bugfix rendering multiple openvpn-options from CLIChristian Poessinger
The CLI statement "set interfaces openvpn vtun10 openvpn-option '--tun-mtu 1500 --fragment 1300 --mssfix'" will render in vtun10.conf to: --tun-mtu 1500 --fragment 1300 --mssfix On startup OpenVPN complains about: openvpn-vtun10: Options error: Unrecognized option or missing or extra parameter(s) in vtun10.conf:76: tun-mtu (2.4.7) The options must be split on -- to a new configuration line.
2021-01-14openvpn: T3219: fix for server client subnet IPv6 irouteJernej Jakob
2020-12-31openvpn: T2994: fix ipv6 server modeChristian Poessinger
2020-12-21openvpn: T3143: Push routes in correct format <IP> <NETMASK>DmitriyEshenko
2020-12-08openvpn: T3117: fix generated ncp-ciphers in server configChristian Poessinger
2020-11-23openvpn: T3074: fix site-2-site operation modeChristian Poessinger
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected.
2020-11-22openvpn: T3080: add missing multiplication on keepalive config optionChristian Poessinger
2020-11-21openvpn: T3060: fix client authentication username and password fileChristian Poessinger
2020-11-21openvpn: T3060: always listen op IPv4 and IPv6 socketsChristian Poessinger
2020-11-14openvpn: T2550: default connection protocol to udpChristian Poessinger
setting this to udp will allow both IPv4 and IPv6 connections. According to the MAN page: proto indicates the protocol to use when connecting with the remote, and may be "tcp" or "udp". For forcing IPv4 or IPv6 connection suffix tcp or udp with 4/6 like udp4/udp6/tcp4/tcp6.
2020-11-13openvpn: T3060: fix CLI to real config mapping for protocol nodeChristian Poessinger
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.