Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-09-14 | openvpn: T4679: Fix incorrect verify local and remote address | Viacheslav Hletenko | |
In the OpenVPN site-to-site config we can use IPv6 peers without IPv4 configurations but "verify()" checks also local and remote IPv4 addresses that in this case will be empty lists For example: set interfaces openvpn vtun2 local-address 2001:db8::1 set interfaces openvpn vtun2 remote-address 2001:db8::2 Check in the commit (v4loAddr == v4remAddr) <= both empty lists commit DEBUG: [] == [] or ['2001:db8::2'] == [] So we should also check v4loAddr, v4remAddr, v6loAddr, v6remAddr are not empty | |||
2022-07-15 | interfaces: T4525: interfaces can not be member of a bridge/bond and a VRF | Christian Poessinger | |
2022-06-29 | openvpn: T4485: Accept multiple `tls ca-certificate` values | sarthurdev | |
2022-04-25 | vyos.configdict: T4391: enable get_interface_dict() ti be used with ↵ | Christian Poessinger | |
ConfigTreeQuery() When VyOS is booting and an interface is brought up (PPPoE) which requires a user callback script that is executed asynchronously when the interface is up we can not use Config(). The problem is, Config() is not available when the system starts and the initial commit is still processed. We need to move to ConfigTreeQuery() which was build for this exact same purpose. TO reduce side effects and also dependencies on the entire vyos.configdict library the set_level()/get_level() calls got eliminated from within the library. All calls to functions like: * get_removed_vlans() * is_node_changed() * leaf_node_changed() * is_mirror_intf() * ... Now require that the full config path to the node is passed. | |||
2022-04-20 | openvpn: T4369: enforce daemon-restart on openvpn-option CLI change | Christian Poessinger | |
2022-04-18 | openvpn: T4353: fix Jinja2 linting errors | Christian Poessinger | |
2022-04-07 | qos: T4284: support mirror and redirect on all interface types | Christian Poessinger | |
2022-03-28 | Revert "openvpn: T4230: globally enable ip_nonlocal_bind" | Daniil Baturin | |
This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c. | |||
2022-03-24 | openvpn: T4294: force service restart on openvpn-option node change | Christian Poessinger | |
2022-02-17 | openvpn: T4230: globally enable ip_nonlocal_bind | Christian Poessinger | |
2022-02-17 | Merge pull request #1211 from sever-sever/T4230-cur | Christian Poessinger | |
openvpn: T4230: Delete checks if local-host address assigned | |||
2022-02-09 | openvpn: T3686: Fix for check local-address in script and tmpl | Viacheslav Hletenko | |
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template | |||
2022-02-09 | openvpn: T4230: Delete checks if local-host address assigned | Viacheslav Hletenko | |
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address | |||
2021-11-15 | openvpn: T3995: implement systemd reload support | Christian Poessinger | |
2021-11-06 | openvpn: T3966: fix KeyError when removing interfaces without TOTP | Christian Poessinger | |
2021-11-03 | openvpn: T3966: OpenVPN fix the smoketests | Kim Hagen | |
2021-11-01 | openvpn: T3958: OpenVPN breaks the smoketests | Kim Hagen | |
2021-11-01 | Merge branch 'current' into T3350-sagitta | zdc | |
2021-10-21 | use vyos read_file and write_file functions | Kim Hagen | |
2021-10-10 | do not use Path | Kim Hagen | |
2021-10-10 | update writer to nicer read write | Kim Hagen | |
2021-10-07 | Merge branch 'current' into 2fa | Kim | |
2021-10-07 | openvpn: T3642: Fix password_protected check | Nicolas Riebesel | |
2021-10-07 | openvpn: T3805: fix bool logic in verify_pki() for client mode | Christian Poessinger | |
Add support for OpenVPN client mode with only the CA certificate of the server installed. | |||
2021-10-07 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
2021-10-07 | openvpn: T3805: use vyos.util.makedir() to create system directories | Christian Poessinger | |
2021-10-07 | openvpn: T3805: use vyos.util.write_file() to store certificates | Christian Poessinger | |
2021-10-07 | pull request fixes | Kim Hagen | |
2021-10-04 | OpenVPN: T3350: Changed custom options for OpenVPN processing | zsdc | |
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing. | |||
2021-09-23 | openvpn: T3642: Fix password_protected check | Nicolas Riebesel | |
2021-09-08 | openvpn: T3805: fix bool logic in verify_pki() for client mode | Christian Poessinger | |
Add support for OpenVPN client mode with only the CA certificate of the server installed. | |||
2021-09-08 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
2021-09-08 | openvpn: T3805: use vyos.util.makedir() to create system directories | Christian Poessinger | |
2021-09-08 | openvpn: T3805: use vyos.util.write_file() to store certificates | Christian Poessinger | |
2021-09-03 | fix file location and use correct variable | Kim Hagen | |
2021-09-02 | remove secrets file if the tunnel is deleted and fix opmode commands | Kim Hagen | |
2021-09-02 | update 2fa qr generation and user creation procedure | Kim Hagen | |
2021-09-01 | more 2fa changes | Kim Hagen | |
2021-08-17 | add part 2fa | Kim Hagen | |
2021-08-13 | openvpn: T3738: Disable authentication option for server mode | Viacheslav | |
2021-07-21 | pki: openvpn: T3642: Migrate OpenVPN to PKI and refactor | sarthurdev | |
2021-07-17 | Revert "openvpn: T56: remove strict checks for tls cert-file and key-file" | Christian Poessinger | |
This reverts commit c414479fdf1d5ad77170f977481fb9197c9559ae. This commit broke the smoketests and also OpenVPN complains: Options error: You must define certificate file (--cert) or PKCS#12 file (--pkcs12) | |||
2021-07-13 | openvpn: T56: remove strict checks for tls cert-file and key-file | Yun Zheng Hu | |
This makes the tls cert-file and key-file optional and allows for more advanced configurations via "openvpn-option", such as pkcs11 or pkcs12 options. | |||
2021-06-25 | openvpn: T1704: drop deprecated disable-ncp option | Christian Poessinger | |
2021-02-28 | vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config() | Christian Poessinger | |
Interface.get_config() was always a pure helper which exposed a "per interface type" dictionary which was then fed by the caller to create interfaces by iproute2 which required additional options during creation time. Such interfaces had been: * tunnel * vxlan * geneve * macsec * wifi * macvlan / pseudo-ethernet The code was always duplicated to convert from the VyOS CLI based get_config_dict() to a dict which can be used to feed iproute2. This path has been removed and we now always feed in the entire dictionary retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper get_interface_dict() to the interface we wan't to create. This also adds the - personally long awaited - possibility to get rid of the derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on. | |||
2021-01-17 | openvpn: T2994: proper cleanup all files on interface deletion | Christian Poessinger | |
2020-12-31 | openvpn: T2994: fix ipv6 server mode | Christian Poessinger | |
2020-11-27 | vyos.template: T2720: always enable Jinja2 trim_blocks feature | Christian Poessinger | |
2020-11-23 | openvpn: T3074: fix site-2-site operation mode | Christian Poessinger | |
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected. | |||
2020-11-21 | openvpn: T3060: fix client authentication username and password file | Christian Poessinger | |