Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-07-06 | ipsec: T2816: Migrate ipsec-settings.xml.in and charon.conf to vpn_ipsec.py | sarthurdev | |
Also adds check for the charon socket instead of an arbitrary sleep() | |||
2021-07-05 | pki: ipsec: T3642: Fix issue with '.' being present in tag nodes, adds new ↵ | sarthurdev | |
vyos.util method `dict_search_args` to allow for dot characters in keys. | |||
2021-07-05 | pki: T3642: Support for adding SANs on certificate requests | sarthurdev | |
2021-07-04 | Merge pull request #910 from sarthurdev/pki_ext | Christian Poessinger | |
pki: T3642: Add standard extensions to generated certificates | |||
2021-07-04 | pki: T3642: Add standard extensions to generated certificates | sarthurdev | |
2021-07-04 | vyos.util: T3663: move inotify-based imports to function level | Christian Poessinger | |
Keep the vyos.util function clean and not pull in the rest of the world when importing it. | |||
2021-07-04 | T3663: prerequisites for inotify-based watching implementations. | Daniil Baturin | |
2021-07-03 | ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string | Christian Poessinger | |
2021-07-02 | ipsec: T3656: T3659: Fix pass-through with ipv6. Fix op-mode ipsec commands. ↵ | sarthurdev | |
Remove python3-crypto dependency. | |||
2021-07-01 | vyos.util: remove no longer needed copy_file helper method | Christian Poessinger | |
The IPSec ceritifcate handling is now done by storing the CA key inside the running configuration. | |||
2021-07-01 | Merge branch 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x into pki-cli | Christian Poessinger | |
* 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x: pki: ipsec: T3642: Update migration script to account for file permission issues pki: ipsec: T3642: Migrate IPSec to use PKI configuration pki: T3642: New PKI config and management | |||
2021-07-01 | vyos.util: fix IsADirectoryError and SameFileError for copy_file | Christian Poessinger | |
Commit 5303ec39 ("vyos.util: add new helper copy_file()") added a new helper function to copy a file from A -> B and create the destination directory if required. It did also throw an excpetion if the destination file already existed and consisted of the same file - this is now ignored and we always copy the source to the destination. | |||
2021-06-29 | pki: T3642: New PKI config and management | sarthurdev | |
2021-06-28 | ipsec: T1441: switch from vti to xfrm interfaces | Christian Poessinger | |
XFRM interfaces are similar to VTI devices in their basic functionality but offer several advantages: * No tunnel endpoint addresses have to be configured on the interfaces. Compared to VTIs, which are layer 3 tunnel devices with mandatory endpoints, this resolves issues with wildcard addresses (only one VTI with wildcard endpoints is supported), avoids a 1:1 mapping between SAs and interfaces, and easily allows SAs with multiple peers to share the same interface. * Because there are no endpoint addresses, IPv4 and IPv6 SAs are supported on the same interface (VTI devices only support one address family). * IPsec modes other than tunnel are supported (VTI devices only support tunnel mode). * No awkward configuration via GRE keys and XFRM marks. Instead, a new identifier (XFRM interface ID) links policies and SAs with XFRM interfaces. | |||
2021-06-27 | op-mode: bond: T2546: implement "show interface bond * slaves" command | Christian Poessinger | |
Add implementation with XML and Python. | |||
2021-06-26 | vyos.util: add new helper copy_file() | Christian Poessinger | |
Copy a file from A -> B but also support adjusting Bs file permissions and creation of Bs base directory if required. | |||
2021-06-23 | T3574: do not add constraintGroup property to xml cache | John Estabrook | |
2021-06-22 | vyos.ethtool: T3645: fix compatibility with latest ethtool version | Christian Poessinger | |
Ethtool version used on Debian Bullseye changed the output format from 0 -> n/a. As we are only interested in the tx/rx keys we do not care about RX Mini/Jumbo. | |||
2021-06-21 | vyos.certbot: T3641: adjust to new python3-certbot-nginx API | Christian Poessinger | |
2021-06-21 | Python: T3641: adjust to changes in latest vesion of netifaces library | Christian Poessinger | |
2021-06-20 | Merge pull request #893 from erkin/T3628 | Christian Poessinger | |
T3268: remote: Determine source address from given network interface | |||
2021-06-20 | T3268: remote: Determine source address from given network interface | erkin | |
2021-06-20 | Merge pull request #892 from erkin/T3563 | Christian Poessinger | |
T3563: remote: Allow `paramiko.transport.Transport().close()` to automatically close the socket | |||
2021-06-20 | T3563: remote: Allow `paramiko.transport.Transport().close()` to ↵ | erkin | |
automatically close the socket | |||
2021-06-18 | Merge pull request #883 from sever-sever/T3633 | Christian Poessinger | |
ethernet: T3633: Add LRO offload | |||
2021-06-18 | Merge pull request #882 from erkin/current | Christian Poessinger | |
T3356: remote: Use the local filename if the destination is a directory in SFTP transfers | |||
2021-06-17 | ethernet: T3633: Add LRO offload | Viacheslav | |
2021-06-17 | T3356: remote: Use the local filename if the destination is a directory in ↵ | erkin | |
SFTP transfers. | |||
2021-06-13 | pppoe: T3621: validate that both username and password are set | Christian Poessinger | |
A validator is missing checking that if authentication is used on a PPPoE interface, both username and password are set. (cherry picked from commit 0361c3ac449f183476f7aee31439417d9f7f8012) | |||
2021-06-13 | Merge pull request #879 from erkin/current | Christian Poessinger | |
T3563: Call `socket.shutdown()` with appropriate argument | |||
2021-06-13 | T3563: Call `socket.shutdown()` with appropriate argument | erkin | |
2021-06-13 | wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface tree | Christian Poessinger | |
2021-06-09 | remote, util: Move general helper routines from `remote.py` to `util.py` | erkin | |
2021-06-08 | remote: import is_ipv6 from vyos.template | Christian Poessinger | |
2021-06-08 | Merge pull request #867 from erkin/current | Christian Poessinger | |
T3563: Add support for IPv6 source addresses in SSH connections | |||
2021-06-08 | remote: Use `is_ipv6()` instead of ad hoc IPv6 check | erkin | |
2021-06-06 | T3563: Add support for IPv6 source addresses in SSH connections | erkin | |
2021-06-06 | Merge pull request #846 from erkin/current | Christian Poessinger | |
T3508, T3356: remote: Friendly download procedure for user-facing scripts | |||
2021-05-30 | T3356: Add progressbars to SFTP and HTTP transfers | erkin | |
2021-05-29 | T3356: Add progressbars to FTP transfers | erkin | |
Allow ports to be specified in URL strings | |||
2021-05-28 | vti: ipsec: T2816: interfaces must be created using the vyos.ifconfig library | Christian Poessinger | |
2021-05-28 | ipsec: T2816: IPSec python rework, includes DMVPN and VTI support | Simon | |
2021-05-24 | tunnel: T3555: add "ignore-df" support for GRE tunnels | Christian Poessinger | |
2021-05-24 | pseudo-ethernet: T3575: verify parent interface MTU | Christian Poessinger | |
2021-05-23 | vyos.configverify: T3570: sub interface MTU must be less or equal to parent MTU | Simon | |
2021-05-21 | vlan: T3551: support runtime changing of ingress and egress QoS settings | JACK | |
2021-05-18 | revert: "util: T2467: add autosudo as an option to command" | Christian Poessinger | |
Implementing a wrapper which will - based on the command - add a sudo prefix to the execution string seemed to be a nice idea but unfortunately it did not only not get momentum but also the codebase somethis added an implicit "sudo" call a second time. This resulted in a call: "sudo sudo systemctl" The entire functionality was removed again and if an op-mode script requires root priviledges it must be explicitly called with them - no black magic. | |||
2021-05-18 | T3356: remote: Read username and password from environment variables | erkin | |
2021-05-18 | T3356: remote: Add friendly download procedure for user-facing scripts | erkin | |
2021-05-15 | vyos.ifconfig: T3532: re-create Q-in-Q interface on protocol change | Christian Poessinger | |
It is not possible to change the VLAN encapsulation protocol "on-the-fly". For this "quirk" we need to actively delete and re-create the VIF-S interface. |