Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-02-17 | openvpn: T4230: globally enable ip_nonlocal_bind | Christian Poessinger | |
2022-02-17 | Merge pull request #1211 from sever-sever/T4230-cur | Christian Poessinger | |
openvpn: T4230: Delete checks if local-host address assigned | |||
2022-02-09 | openvpn: T3686: Fix for check local-address in script and tmpl | Viacheslav Hletenko | |
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template | |||
2022-02-09 | openvpn: T4230: Delete checks if local-host address assigned | Viacheslav Hletenko | |
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address | |||
2021-11-15 | openvpn: T3995: implement systemd reload support | Christian Poessinger | |
2021-11-06 | openvpn: T3966: fix KeyError when removing interfaces without TOTP | Christian Poessinger | |
2021-11-03 | openvpn: T3966: OpenVPN fix the smoketests | Kim Hagen | |
2021-11-01 | openvpn: T3958: OpenVPN breaks the smoketests | Kim Hagen | |
2021-11-01 | Merge branch 'current' into T3350-sagitta | zdc | |
2021-10-21 | use vyos read_file and write_file functions | Kim Hagen | |
2021-10-10 | do not use Path | Kim Hagen | |
2021-10-10 | update writer to nicer read write | Kim Hagen | |
2021-10-07 | Merge branch 'current' into 2fa | Kim | |
2021-10-07 | openvpn: T3642: Fix password_protected check | Nicolas Riebesel | |
2021-10-07 | openvpn: T3805: fix bool logic in verify_pki() for client mode | Christian Poessinger | |
Add support for OpenVPN client mode with only the CA certificate of the server installed. | |||
2021-10-07 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
2021-10-07 | openvpn: T3805: use vyos.util.makedir() to create system directories | Christian Poessinger | |
2021-10-07 | openvpn: T3805: use vyos.util.write_file() to store certificates | Christian Poessinger | |
2021-10-07 | pull request fixes | Kim Hagen | |
2021-10-04 | OpenVPN: T3350: Changed custom options for OpenVPN processing | zsdc | |
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing. | |||
2021-09-23 | openvpn: T3642: Fix password_protected check | Nicolas Riebesel | |
2021-09-08 | openvpn: T3805: fix bool logic in verify_pki() for client mode | Christian Poessinger | |
Add support for OpenVPN client mode with only the CA certificate of the server installed. | |||
2021-09-08 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
2021-09-08 | openvpn: T3805: use vyos.util.makedir() to create system directories | Christian Poessinger | |
2021-09-08 | openvpn: T3805: use vyos.util.write_file() to store certificates | Christian Poessinger | |
2021-09-03 | fix file location and use correct variable | Kim Hagen | |
2021-09-02 | remove secrets file if the tunnel is deleted and fix opmode commands | Kim Hagen | |
2021-09-02 | update 2fa qr generation and user creation procedure | Kim Hagen | |
2021-09-01 | more 2fa changes | Kim Hagen | |
2021-08-17 | add part 2fa | Kim Hagen | |
2021-08-13 | openvpn: T3738: Disable authentication option for server mode | Viacheslav | |
2021-07-21 | pki: openvpn: T3642: Migrate OpenVPN to PKI and refactor | sarthurdev | |
2021-07-17 | Revert "openvpn: T56: remove strict checks for tls cert-file and key-file" | Christian Poessinger | |
This reverts commit c414479fdf1d5ad77170f977481fb9197c9559ae. This commit broke the smoketests and also OpenVPN complains: Options error: You must define certificate file (--cert) or PKCS#12 file (--pkcs12) | |||
2021-07-13 | openvpn: T56: remove strict checks for tls cert-file and key-file | Yun Zheng Hu | |
This makes the tls cert-file and key-file optional and allows for more advanced configurations via "openvpn-option", such as pkcs11 or pkcs12 options. | |||
2021-06-25 | openvpn: T1704: drop deprecated disable-ncp option | Christian Poessinger | |
2021-02-28 | vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config() | Christian Poessinger | |
Interface.get_config() was always a pure helper which exposed a "per interface type" dictionary which was then fed by the caller to create interfaces by iproute2 which required additional options during creation time. Such interfaces had been: * tunnel * vxlan * geneve * macsec * wifi * macvlan / pseudo-ethernet The code was always duplicated to convert from the VyOS CLI based get_config_dict() to a dict which can be used to feed iproute2. This path has been removed and we now always feed in the entire dictionary retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper get_interface_dict() to the interface we wan't to create. This also adds the - personally long awaited - possibility to get rid of the derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on. | |||
2021-01-17 | openvpn: T2994: proper cleanup all files on interface deletion | Christian Poessinger | |
2020-12-31 | openvpn: T2994: fix ipv6 server mode | Christian Poessinger | |
2020-11-27 | vyos.template: T2720: always enable Jinja2 trim_blocks feature | Christian Poessinger | |
2020-11-23 | openvpn: T3074: fix site-2-site operation mode | Christian Poessinger | |
When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected. | |||
2020-11-21 | openvpn: T3060: fix client authentication username and password file | Christian Poessinger | |
2020-11-13 | openvpn: T3060: Remote-host is a required param for client | sever-sever | |
2020-11-13 | vyos.template: provide general is_ip(v4|v6) helpers | Christian Poessinger | |
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts. | |||
2020-11-06 | openvpn: T3051: fix multiple pushed routes to preconfigured clients | Christian Poessinger | |
2020-11-04 | openvpn: T3046: create client config dir on-demand | Christian Poessinger | |
This commit partially reverts commit eb1ed5e518 ("openvpn: T2994: re-add ifconfig-pool statement in server config"). | |||
2020-11-01 | openvpn: T2994: re-add ifconfig-pool statement in server config | Christian Poessinger | |
Re-organize the template code and add addtitional Jinja2 filters for processing the ifconfig-pool statement. This reverts the changes from commit 7e546be9 ("openvpn: T2994: temporary revert to 1.2 crux behavior for client pools"). | |||
2020-11-01 | openvpn: T2994: remove workarounds for individual ipv4 and ipv6 keys | Christian Poessinger | |
Remove workaround which split (local|remote)_address and also subnet keys into individual keys for the assigned IP address family (4/6). During template rendering check IP version by introducing new ipv4 and ipv6 Jinja2 filters {% if foo | ipv4 %} or {% if bar | ipv6 %} options. | |||
2020-10-30 | openvpn: T2994: verify DH key length | Christian Poessinger | |
2020-10-30 | openvpn: T2994: migrate to get_config_dict() | Christian Poessinger | |
2020-10-18 | openvpn: T2969: ensure interface is always removed | Christian Poessinger | |