Age | Commit message (Collapse) | Author |
|
Based on https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html
Added default value to dpd_action - clear
Added default value to close_action - none
|
|
|
|
This fixes a regressin introduced in commit e22e9c9210cb5 ("wwan: T3622: add
constraint for username/password CLI nodes").
|
|
T4857: snmp: Fix error when not defining client|network under community
|
|
After the RESTRICTED view was introduced snmpd requires a network to be
specified. Before adding the RESTRICTED view snmpd always assumed the default
network 0.0.0.0/0.
This commit re-adds the build in default networks for IPv4 and IPv6 and
exposes it as a proper default to the CLI so the user is informed about it:
vyos@vyos# set service snmp community foooo
Possible completions:
authorization Authorization type (default: ro)
+ client IP address of SNMP client allowed to contact system
+ network Subnet of SNMP client(s) allowed to contact system (default:
0.0.0.0/0, ::/0)
|
|
sstp-client
|
|
T1993: PPPoE-server add section shaper and fwmark option
|
|
- Username is up to 128 alphanumerical characters, -, _, #, and @
- Password is limited to ASCII characters only, with a total lenght of 128
|
|
containers"
This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
|
|
container: T4959: Add container registry authentication config for containers
|
|
T4971: PPPoE server add named ip pool and attr Framed-Pool
|
|
Extended PPPoE-server rate-limiter to avoid shaping marked resources
Often this feature needs for ISP, which provides access to some IX
or its resources.
set service pppoe-server shaper fwmark '223'
|
|
Minimum acceptable MTU. If client will try to negotiate less then
specified MTU then it will be NAKed or disconnected if rejects
greater MTU.
Change 'min-mtu' from 1492 to 1280
|
|
Add a new feature to allow to use named pools
Also it can be used with RADIUS attribute 'Framed-Pool'
set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
The old interface-name validator was replaced by a faster implementation in
OCaml. Interface validator can be selected by including the appropriate
code snippet.
|
|
|
|
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
|
|
|
|
|
|
|
|
Extend commit 8a75e92d ("T4817 added support for RFC 9234") to also support
peer-groups.
|
|
This improves commit d2885ad0 ("T4969: fix class match mark number").
|
|
T4969: fix class match mark number
|
|
|
|
|
|
|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
Some older VyOS 1.3 installations seem to use zero-length description fields.
Do not break them!
|
|
|
|
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
|
|
|
T1297: VRRP: add garp options to vrrp
|
|
|
|
CLI expects ipv4net/ipv6net but the help strings only suggested it should be
ipv4/ipv6. This has been corrected.
|
|
Some ISPs seem to use the host-uniq flag to authenticate client equipment.
Add CLI option in VyOS to allow specification of the host-uniq flag.
set interfaces pppoe pppoeN host-uniq <value>
|
|
Whenever a container is used and a folder is mounted, this happenes as
read-write which is the default in Docker/Podman - so is the default in VyOS.
A new option is added "set container name foo volume mode <ro|rw>" to specify
explicitly if rw (default) or ro should be used for this mounted folder.
|
|
config-mgmt: T4942: rewrite vyatta-config-mgmt to Python/XML
|
|
|
|
|
|
|
|
|
|
ipsec: T4925: Added PRF into IKE group
|
|
T4857: SNMP: Implement FRR SNMP Recomendations
|
|
|
|
warning message
|
|
Added the possibility to configure Pseudo-Random Functions (PRF)
in IKE group
set vpn ipsec ike-group <Ike-grp> proposal <number> prf <PRF>
|
|
|
|
* Move CLI from "system ntp" -> "service ntp"
* Drop NTP server option preempt as not supported by chrony
|
|
If IPsec "peer <tag> authentication remote-id" is not set
it should be "%any" by default
https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html#_connections_conn_remote
Set XML default value in use it in the python vpn_ipsec.py script
|