Age | Commit message (Collapse) | Author |
|
When instantiating NAT it is required to isntall some nftable jump targets.
The targets need to be added after a specific other target thus we need to
dynamically query the handler number. This is done by get_handler() which could
be moved to vyos.util at a later point in time so it can be reused for a
firewall rewrite.
|
|
|
|
|
|
|
|
New command added:
* set vpn sstp network-settings name-server 2001:db8::1111
|
|
New commands added:
* set vpn sstp network-settings client-ipv6-pool prefix 2001:db8::/64 mask 112
* set vpn sstp network-settings client-ipv6-pool delegate 2001:db8:100::/48 delegation-prefix 64
|
|
|
|
... no need to reinvent the wheel in our Python code.
|
|
The intermedite class only held the path to the configuration files - thus
its existence was doubtworthy. For better readability and a clean
inheritance graph that class has been dropped.
|
|
|
|
|
|
|
|
- delete log_file, log_level and user nodes
- rename hash_type to hash
- rename mine_interval to interval
|
|
|
|
This allows the radius client to work when a management VRF is in use.
|
|
|
|
* 'pptp-rewrite' of github.com:c-po/vyos-1x:
accel-ppp: fix wrong reference in verify() on missing attributes
accel-ppp: T2314: bugfix wrong placement of endif in Jinja2 template
vpn: pptp: T2351: add support for common radius-additions XML
vpn: pptp: T2351: migrate to common radius CLI
vpn: pptp: T2351: migrate to common name-server, wins-server nodes
accel-ppp: provide common wins-server include definition
vpn: pptp: T2351: use first IP from client pool as gateway address
vpn: pptp: T2351: align configuration to other accel implementations
vpn: pptp: T2351: migrate from SysVinit to systemd
vyos.util: migrate all cpu_count() occurances to common get_half_cpus()
|
|
|
|
|
|
|
|
|
|
Commit bb9f998 introduced a bug where openvpn fails to start if
'local-host' is an IPv4 address due to 'proto' wanting a IPv6 socket.
This adds a conditional check and uses normal proto if it's IPv4.
|
|
|
|
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to
systemd") as not all relevant configuration files have been re-rendered
into /run/openvpn.
|
|
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to
systemd") as not all relevant configuration files have been re-rendered
into /run/openvpn
|
|
|
|
|
|
|
|
|
|
implementations
|
|
|
|
|
|
When only defining a timeout limit the generated config will look like:
[connlimit]
limit=
burst=
timeout=5
This will trigger a "Floating point exception" on startup of Accel-PPP and it
can be re-surrected anymore until service is completely deleted and re-added.
|
|
Instead of having "dns-server server-1|server-2" nodes and the same for IPv6
all DNS nameservers are migrated to a common name-servers node.
|
|
|
|
Yet, VyOS knows these two encryption schemes for WiFi:
1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128)
2. TKIP = Temporal Key Integrity Protocol
These encryption schemes are new and especially the Galois counter mode
cipher suites are very desirable!
1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key
2. GCMP = Galois/counter mode protocol (GCMP-128)
3. GCMP-256 = Galois/counter mode protocol with 256-bit key
CCMP is supported by all WPA2 compatible NICs, so this remains the
default cipher for bidirectional and group packets while using WPA2.
Use 'iw list' to figure out which cipher suites your cards support
prior to configuring other cipher suites than CCMP. AP NICs and
STA NICs must both support at least one common cipher in a given
list in order to associate successfully.
|
|
openvpn: T149: IPv6 support
|
|
ipoe: T2294: Fix templates and migrate to systemd
|
|
|
|
- allow configuring IPv6 server addresses and push options
- add IPv6 server client IP pool
- add IPv6 push dhcp-option DNS6
- allow configuring IPv6 server client addresses
- allow configuring IPv6 site-to-site addresses
- validate all IPv6 options and addresses
- use protos that explicitely open an IPv6 listening socket
(tcp6-server, tcp6-client, udp6) as the default on Linux listens on
IPv4 only (https://community.openvpn.net/openvpn/ticket/360)
- add validator for any IPv6 address, host or network (used by pool)
|
|
|
|
|
|
openvpn: T2235: add custom server pool handling
|
|
- add config options and logic for server client-ip-pool
- add function for determining default IPs for the server in different
configurations
- verify for pool IPs and maximum subnet prefix length
- move remote netmask logic for client ifconfig-push to use new function
- add topology 'net30' , set it as default (as it already was)
- replace generic ip_* with IPv4* where necessary
- print warning to console when server client IP is in server pool
- fix server subnet help field
|
|
openvpn: T2283: move ccd to /run/openvpn
|
|
|
|
Commit a457c9d2 moved the config directory to /run/openvpn but didn't move
the client-config-dir in the template.
|
|
|
|
|
|
|