summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-openvpn.py
AgeCommit message (Collapse)Author
2022-09-14openvpn: T4679: Fix incorrect verify local and remote addressViacheslav Hletenko
In the OpenVPN site-to-site config we can use IPv6 peers without IPv4 configurations but "verify()" checks also local and remote IPv4 addresses that in this case will be empty lists For example: set interfaces openvpn vtun2 local-address 2001:db8::1 set interfaces openvpn vtun2 remote-address 2001:db8::2 Check in the commit (v4loAddr == v4remAddr) <= both empty lists commit DEBUG: [] == [] or ['2001:db8::2'] == [] So we should also check v4loAddr, v4remAddr, v6loAddr, v6remAddr are not empty
2022-07-15interfaces: T4525: interfaces can not be member of a bridge/bond and a VRFChristian Poessinger
2022-06-29openvpn: T4485: Accept multiple `tls ca-certificate` valuessarthurdev
2022-04-25vyos.configdict: T4391: enable get_interface_dict() ti be used with ↵Christian Poessinger
ConfigTreeQuery() When VyOS is booting and an interface is brought up (PPPoE) which requires a user callback script that is executed asynchronously when the interface is up we can not use Config(). The problem is, Config() is not available when the system starts and the initial commit is still processed. We need to move to ConfigTreeQuery() which was build for this exact same purpose. TO reduce side effects and also dependencies on the entire vyos.configdict library the set_level()/get_level() calls got eliminated from within the library. All calls to functions like: * get_removed_vlans() * is_node_changed() * leaf_node_changed() * is_mirror_intf() * ... Now require that the full config path to the node is passed.
2022-04-20openvpn: T4369: enforce daemon-restart on openvpn-option CLI changeChristian Poessinger
2022-04-18openvpn: T4353: fix Jinja2 linting errorsChristian Poessinger
2022-04-07qos: T4284: support mirror and redirect on all interface typesChristian Poessinger
2022-03-28Revert "openvpn: T4230: globally enable ip_nonlocal_bind"Daniil Baturin
This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c.
2022-03-24openvpn: T4294: force service restart on openvpn-option node changeChristian Poessinger
2022-02-17openvpn: T4230: globally enable ip_nonlocal_bindChristian Poessinger
2022-02-17Merge pull request #1211 from sever-sever/T4230-curChristian Poessinger
openvpn: T4230: Delete checks if local-host address assigned
2022-02-09openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template
2022-02-09openvpn: T4230: Delete checks if local-host address assignedViacheslav Hletenko
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address
2021-11-15openvpn: T3995: implement systemd reload supportChristian Poessinger
2021-11-06openvpn: T3966: fix KeyError when removing interfaces without TOTPChristian Poessinger
2021-11-03openvpn: T3966: OpenVPN fix the smoketestsKim Hagen
2021-11-01openvpn: T3958: OpenVPN breaks the smoketestsKim Hagen
2021-11-01Merge branch 'current' into T3350-sagittazdc
2021-10-21use vyos read_file and write_file functionsKim Hagen
2021-10-10do not use PathKim Hagen
2021-10-10update writer to nicer read writeKim Hagen
2021-10-07Merge branch 'current' into 2faKim
2021-10-07openvpn: T3642: Fix password_protected checkNicolas Riebesel
2021-10-07openvpn: T3805: fix bool logic in verify_pki() for client modeChristian Poessinger
Add support for OpenVPN client mode with only the CA certificate of the server installed.
2021-10-07openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-10-07openvpn: T3805: use vyos.util.makedir() to create system directoriesChristian Poessinger
2021-10-07openvpn: T3805: use vyos.util.write_file() to store certificatesChristian Poessinger
2021-10-07pull request fixesKim Hagen
2021-10-04OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing.
2021-09-23openvpn: T3642: Fix password_protected checkNicolas Riebesel
2021-09-08openvpn: T3805: fix bool logic in verify_pki() for client modeChristian Poessinger
Add support for OpenVPN client mode with only the CA certificate of the server installed.
2021-09-08openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-09-08openvpn: T3805: use vyos.util.makedir() to create system directoriesChristian Poessinger
2021-09-08openvpn: T3805: use vyos.util.write_file() to store certificatesChristian Poessinger
2021-09-03fix file location and use correct variableKim Hagen
2021-09-02remove secrets file if the tunnel is deleted and fix opmode commandsKim Hagen
2021-09-02update 2fa qr generation and user creation procedureKim Hagen
2021-09-01more 2fa changesKim Hagen
2021-08-17add part 2faKim Hagen
2021-08-13openvpn: T3738: Disable authentication option for server modeViacheslav
2021-07-21pki: openvpn: T3642: Migrate OpenVPN to PKI and refactorsarthurdev
2021-07-17Revert "openvpn: T56: remove strict checks for tls cert-file and key-file"Christian Poessinger
This reverts commit c414479fdf1d5ad77170f977481fb9197c9559ae. This commit broke the smoketests and also OpenVPN complains: Options error: You must define certificate file (--cert) or PKCS#12 file (--pkcs12)
2021-07-13openvpn: T56: remove strict checks for tls cert-file and key-fileYun Zheng Hu
This makes the tls cert-file and key-file optional and allows for more advanced configurations via "openvpn-option", such as pkcs11 or pkcs12 options.
2021-06-25openvpn: T1704: drop deprecated disable-ncp optionChristian Poessinger
2021-02-28vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config()Christian Poessinger
Interface.get_config() was always a pure helper which exposed a "per interface type" dictionary which was then fed by the caller to create interfaces by iproute2 which required additional options during creation time. Such interfaces had been: * tunnel * vxlan * geneve * macsec * wifi * macvlan / pseudo-ethernet The code was always duplicated to convert from the VyOS CLI based get_config_dict() to a dict which can be used to feed iproute2. This path has been removed and we now always feed in the entire dictionary retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper get_interface_dict() to the interface we wan't to create. This also adds the - personally long awaited - possibility to get rid of the derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on.
2021-01-17openvpn: T2994: proper cleanup all files on interface deletionChristian Poessinger
2020-12-31openvpn: T2994: fix ipv6 server modeChristian Poessinger
2020-11-27vyos.template: T2720: always enable Jinja2 trim_blocks featureChristian Poessinger
2020-11-23openvpn: T3074: fix site-2-site operation modeChristian Poessinger
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected.
2020-11-21openvpn: T3060: fix client authentication username and password fileChristian Poessinger