summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-openvpn.py
AgeCommit message (Collapse)Author
2022-02-17openvpn: T4230: globally enable ip_nonlocal_bindChristian Poessinger
2022-02-17Merge pull request #1211 from sever-sever/T4230-curChristian Poessinger
openvpn: T4230: Delete checks if local-host address assigned
2022-02-09openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template
2022-02-09openvpn: T4230: Delete checks if local-host address assignedViacheslav Hletenko
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address
2021-11-15openvpn: T3995: implement systemd reload supportChristian Poessinger
2021-11-06openvpn: T3966: fix KeyError when removing interfaces without TOTPChristian Poessinger
2021-11-03openvpn: T3966: OpenVPN fix the smoketestsKim Hagen
2021-11-01openvpn: T3958: OpenVPN breaks the smoketestsKim Hagen
2021-11-01Merge branch 'current' into T3350-sagittazdc
2021-10-21use vyos read_file and write_file functionsKim Hagen
2021-10-10do not use PathKim Hagen
2021-10-10update writer to nicer read writeKim Hagen
2021-10-07Merge branch 'current' into 2faKim
2021-10-07openvpn: T3642: Fix password_protected checkNicolas Riebesel
2021-10-07openvpn: T3805: fix bool logic in verify_pki() for client modeChristian Poessinger
Add support for OpenVPN client mode with only the CA certificate of the server installed.
2021-10-07openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-10-07openvpn: T3805: use vyos.util.makedir() to create system directoriesChristian Poessinger
2021-10-07openvpn: T3805: use vyos.util.write_file() to store certificatesChristian Poessinger
2021-10-07pull request fixesKim Hagen
2021-10-04OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing.
2021-09-23openvpn: T3642: Fix password_protected checkNicolas Riebesel
2021-09-08openvpn: T3805: fix bool logic in verify_pki() for client modeChristian Poessinger
Add support for OpenVPN client mode with only the CA certificate of the server installed.
2021-09-08openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-09-08openvpn: T3805: use vyos.util.makedir() to create system directoriesChristian Poessinger
2021-09-08openvpn: T3805: use vyos.util.write_file() to store certificatesChristian Poessinger
2021-09-03fix file location and use correct variableKim Hagen
2021-09-02remove secrets file if the tunnel is deleted and fix opmode commandsKim Hagen
2021-09-02update 2fa qr generation and user creation procedureKim Hagen
2021-09-01more 2fa changesKim Hagen
2021-08-17add part 2faKim Hagen
2021-08-13openvpn: T3738: Disable authentication option for server modeViacheslav
2021-07-21pki: openvpn: T3642: Migrate OpenVPN to PKI and refactorsarthurdev
2021-07-17Revert "openvpn: T56: remove strict checks for tls cert-file and key-file"Christian Poessinger
This reverts commit c414479fdf1d5ad77170f977481fb9197c9559ae. This commit broke the smoketests and also OpenVPN complains: Options error: You must define certificate file (--cert) or PKCS#12 file (--pkcs12)
2021-07-13openvpn: T56: remove strict checks for tls cert-file and key-fileYun Zheng Hu
This makes the tls cert-file and key-file optional and allows for more advanced configurations via "openvpn-option", such as pkcs11 or pkcs12 options.
2021-06-25openvpn: T1704: drop deprecated disable-ncp optionChristian Poessinger
2021-02-28vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config()Christian Poessinger
Interface.get_config() was always a pure helper which exposed a "per interface type" dictionary which was then fed by the caller to create interfaces by iproute2 which required additional options during creation time. Such interfaces had been: * tunnel * vxlan * geneve * macsec * wifi * macvlan / pseudo-ethernet The code was always duplicated to convert from the VyOS CLI based get_config_dict() to a dict which can be used to feed iproute2. This path has been removed and we now always feed in the entire dictionary retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper get_interface_dict() to the interface we wan't to create. This also adds the - personally long awaited - possibility to get rid of the derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on.
2021-01-17openvpn: T2994: proper cleanup all files on interface deletionChristian Poessinger
2020-12-31openvpn: T2994: fix ipv6 server modeChristian Poessinger
2020-11-27vyos.template: T2720: always enable Jinja2 trim_blocks featureChristian Poessinger
2020-11-23openvpn: T3074: fix site-2-site operation modeChristian Poessinger
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected.
2020-11-21openvpn: T3060: fix client authentication username and password fileChristian Poessinger
2020-11-13openvpn: T3060: Remote-host is a required param for clientsever-sever
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-11-06openvpn: T3051: fix multiple pushed routes to preconfigured clientsChristian Poessinger
2020-11-04openvpn: T3046: create client config dir on-demandChristian Poessinger
This commit partially reverts commit eb1ed5e518 ("openvpn: T2994: re-add ifconfig-pool statement in server config").
2020-11-01openvpn: T2994: re-add ifconfig-pool statement in server configChristian Poessinger
Re-organize the template code and add addtitional Jinja2 filters for processing the ifconfig-pool statement. This reverts the changes from commit 7e546be9 ("openvpn: T2994: temporary revert to 1.2 crux behavior for client pools").
2020-11-01openvpn: T2994: remove workarounds for individual ipv4 and ipv6 keysChristian Poessinger
Remove workaround which split (local|remote)_address and also subnet keys into individual keys for the assigned IP address family (4/6). During template rendering check IP version by introducing new ipv4 and ipv6 Jinja2 filters {% if foo | ipv4 %} or {% if bar | ipv6 %} options.
2020-10-30openvpn: T2994: verify DH key lengthChristian Poessinger
2020-10-30openvpn: T2994: migrate to get_config_dict()Christian Poessinger
2020-10-18openvpn: T2969: ensure interface is always removedChristian Poessinger