summaryrefslogtreecommitdiff
path: root/data
AgeCommit message (Collapse)Author
2020-05-16nat: T2198: automatically determine handler numbersChristian Poessinger
When instantiating NAT it is required to isntall some nftable jump targets. The targets need to be added after a specific other target thus we need to dynamically query the handler number. This is done by get_handler() which could be moved to vyos.util at a later point in time so it can be reused for a firewall rewrite.
2020-05-16nat: T2198: move from iptables to nftablesChristian Poessinger
2020-05-16nat: T2198: migrate to common template for source/destination NATChristian Poessinger
2020-05-16nat: T2198: destination nat template for iptables-restoreChristian Poessinger
2020-05-06sstp: T2392: add IPv6 DNS supportChristian Poessinger
New command added: * set vpn sstp network-settings name-server 2001:db8::1111
2020-05-06sstp: T2392: add initial IPv6 supportChristian Poessinger
New commands added: * set vpn sstp network-settings client-ipv6-pool prefix 2001:db8::/64 mask 112 * set vpn sstp network-settings client-ipv6-pool delegate 2001:db8:100::/48 delegation-prefix 64
2020-05-04openvpn: T2241: remove redundant bridge_member variableJernej Jakob
2020-04-30dhcpv6-server: T2406: move FQDN quoting to Jinja2 templateChristian Poessinger
... no need to reinvent the wheel in our Python code.
2020-04-28dhclient: T2393: remove intermediate _DHCP helper classChristian Poessinger
The intermedite class only held the path to the configuration files - thus its existence was doubtworthy. For better readability and a clean inheritance graph that class has been dropped.
2020-04-28dhclient6: T2393: T2394: migrate from SysVinit to systemdChristian Poessinger
2020-04-28dhclient: T2393: migrate from SysVinit to systemdChristian Poessinger
2020-04-27pppoe-server: T2391: Migrate single-session param to [common] sectionDmitriyEshenko
2020-04-26salt: T2384: migrate config optionsChristian Poessinger
- delete log_file, log_level and user nodes - rename hash_type to hash - rename mine_interval to interval
2020-04-26salt: T2384: always log to syslogChristian Poessinger
2020-04-25login: radius: T2304: add VRF supportChristian Poessinger
This allows the radius client to work when a management VRF is in use.
2020-04-23pppoe-server: T2373: Implement CLI commands for auth protocolsDmitriyEshenko
2020-04-22Merge branch 'pptp-rewrite' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'pptp-rewrite' of github.com:c-po/vyos-1x: accel-ppp: fix wrong reference in verify() on missing attributes accel-ppp: T2314: bugfix wrong placement of endif in Jinja2 template vpn: pptp: T2351: add support for common radius-additions XML vpn: pptp: T2351: migrate to common radius CLI vpn: pptp: T2351: migrate to common name-server, wins-server nodes accel-ppp: provide common wins-server include definition vpn: pptp: T2351: use first IP from client pool as gateway address vpn: pptp: T2351: align configuration to other accel implementations vpn: pptp: T2351: migrate from SysVinit to systemd vyos.util: migrate all cpu_count() occurances to common get_half_cpus()
2020-04-22accel-ppp: T2314: bugfix wrong placement of endif in Jinja2 templateChristian Poessinger
2020-04-22vpn: pptp: T2351: align configuration to other accel implementationsChristian Poessinger
2020-04-21mroute: T2364: Implement CLI commands for mrouteDmitriyEshenko
2020-04-21vpn: pptp: T2351: migrate from SysVinit to systemdChristian Poessinger
2020-04-20openvpn: T2339: fix for IPv4 local-host addressesJernej Jakob
Commit bb9f998 introduced a bug where openvpn fails to start if 'local-host' is an IPv4 address due to 'proto' wanting a IPv6 socket. This adds a conditional check and uses normal proto if it's IPv4.
2020-04-20pppoe-server: T2344: fix client static IP assignmentChristian Poessinger
2020-04-19openvpn: T2308: fix path to UNIX control socketChristian Poessinger
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to systemd") as not all relevant configuration files have been re-rendered into /run/openvpn.
2020-04-19openvpn: T2336: fix auth-user-pass file generationChristian Poessinger
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to systemd") as not all relevant configuration files have been re-rendered into /run/openvpn
2020-04-19ipoe-server: T2324: bugfix template generation on interface lineChristian Poessinger
2020-04-19pppoe-server: T2314: add common accel-radius-additions XML fileChristian Poessinger
2020-04-18ipoe-server: T2324: move template files to common accel-ppp template directoryChristian Poessinger
2020-04-18ipoe-server: T2324: migrate IPv6 client IP pool to common CLI nodesChristian Poessinger
2020-04-18ipoe-server: T2324: remove boilerplate code and adjust to other accel ↵Christian Poessinger
implementations
2020-04-18accel-ppp: T2314: use common tempplate for chap-secretsChristian Poessinger
2020-04-18pppoe-server: T2314: migrate IPv6 to common CLI nodes with embeeded validationChristian Poessinger
2020-04-18pppoe-server: T2313: bugfix Floating Point ExceptionChristian Poessinger
When only defining a timeout limit the generated config will look like: [connlimit] limit= burst= timeout=5 This will trigger a "Floating point exception" on startup of Accel-PPP and it can be re-surrected anymore until service is completely deleted and re-added.
2020-04-18pppoe-server: T2314: migrate IPv4/IPv6 name-servers to common nodeChristian Poessinger
Instead of having "dns-server server-1|server-2" nodes and the same for IPv6 all DNS nameservers are migrated to a common name-servers node.
2020-04-18pppoe-server: T2314: remove boilerplate code and adjustChristian Poessinger
2020-04-17wireless: T2306: Add new cipher suites to the WiFi configurationAlain Lamar
Yet, VyOS knows these two encryption schemes for WiFi: 1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128) 2. TKIP = Temporal Key Integrity Protocol These encryption schemes are new and especially the Galois counter mode cipher suites are very desirable! 1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key 2. GCMP = Galois/counter mode protocol (GCMP-128) 3. GCMP-256 = Galois/counter mode protocol with 256-bit key CCMP is supported by all WPA2 compatible NICs, so this remains the default cipher for bidirectional and group packets while using WPA2. Use 'iw list' to figure out which cipher suites your cards support prior to configuring other cipher suites than CCMP. AP NICs and STA NICs must both support at least one common cipher in a given list in order to associate successfully.
2020-04-16Merge pull request #342 from jjakob/openvpn-ipv6Christian Poessinger
openvpn: T149: IPv6 support
2020-04-16Merge pull request #347 from DmitriyEshenko/fix-ipoeChristian Poessinger
ipoe: T2294: Fix templates and migrate to systemd
2020-04-16ipoe: T2294: Fix templatesDmitriyEshenko
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-15openvpn: T2335: allow disabling client-ip-poolJernej Jakob
2020-04-13ddclient: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-13Merge pull request #325 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2235: add custom server pool handling
2020-04-13openvpn: T2235: add custom server pool handlingjjakob
- add config options and logic for server client-ip-pool - add function for determining default IPs for the server in different configurations - verify for pool IPs and maximum subnet prefix length - move remote netmask logic for client ifconfig-push to use new function - add topology 'net30' , set it as default (as it already was) - replace generic ip_* with IPv4* where necessary - print warning to console when server client IP is in server pool - fix server subnet help field
2020-04-13Merge pull request #339 from jjakob/openvpn-dir-fixChristian Poessinger
openvpn: T2283: move ccd to /run/openvpn
2020-04-13dhcp-relay: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-13openvpn: T2283: move ccd to /run/openvpnjjakob
Commit a457c9d2 moved the config directory to /run/openvpn but didn't move the client-config-dir in the template.
2020-04-13dhcpv6-relay: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-12dhcpv6-server: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-12dhcp-server: T2185: migrate from SysVinit to systemdChristian Poessinger