summaryrefslogtreecommitdiff
path: root/src/conf_mode/interfaces-openvpn.py
AgeCommit message (Collapse)Author
2020-09-22openvpn: T2907: add 'none' encryption option to not encrypt any dataMarcus Hoff
2020-09-22ifconfig: T2653: move is_member() from vyos.vylidate to vyos.configdictChristian Poessinger
2020-08-31configd: T2582: add scripts to include list for daemonJohn Estabrook
2020-06-04openvpn: T2550: fix for IPv4 remote-host addressesMikhail Rozentsvayg
Commit bb9f998 added IPv6 support for OpenVPN, but IPv4 only configurations stopped working (Address family for hostname not supported) Commit fc467519 fixed some scenarios by using IPv4 protocols if 'local-host' is IPv4 address, but the client mode is using 'remote-host' instead and was still broken. This commit in addition to 'local-host' also checks all the 'remote-host' addresses.
2020-05-31openvpn: T2532: add VRF supportChristian Poessinger
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-05-11openvpn: T2449: set accept_ra=2 if ipv6 address autoconf or dhcpv6 is setJernej Jakob
To make SLAAC and DHCPv6 work when forwarding=1, accept_ra must be 2 (default for accept_ra is 1).
2020-05-07openvpn: T2241: fix wrong indent caused by 66e15005Jernej Jakob
2020-05-04openvpn: T2241: remove redundant bridge_member variableJernej Jakob
2020-05-04validate: T2241: rewrite is_bridge_member to generic is_memberJernej Jakob
- rewrite the function to support both bridge and bonding interface types, if the type is passed it searches only that type, otherwise it searches both - move is_member check out of the deleted condition - move is_member check to intf_from_dict for interfaces that use it
2020-04-23interfaces: T2362: add node to delete the default IPv6 link-local addressJernej Jakob
2020-04-23interfaces: T2362: allow setting multiple 'ipv6 address eui64'Jernej Jakob
2020-04-23interfaces: T2362: add default IPv6 link-local address to make IPv6 workJernej Jakob
2020-04-23interfaces: T2362: split set_ipv6_eui64_address into add and del functionsJernej Jakob
2020-04-20openvpn: T2339: fix for IPv4 local-host addressesJernej Jakob
Commit bb9f998 introduced a bug where openvpn fails to start if 'local-host' is an IPv4 address due to 'proto' wanting a IPv6 socket. This adds a conditional check and uses normal proto if it's IPv4.
2020-04-19openvpn: T2336: delete auth-user-pass file when interface is unused #2Christian Poessinger
2020-04-19Revert "openvpn: T2336: delete auth-user-pass file when interface is unused"Christian Poessinger
This reverts commit 26adfd6d0d03af44a03f327478199f3009f2ad3c.
2020-04-19openvpn: T2336: delete auth-user-pass file when interface is unusedChristian Poessinger
Unused means disabled or even deleted - there should be no secrets left-over.
2020-04-19openvpn: T2336: fix auth-user-pass file generationChristian Poessinger
Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to systemd") as not all relevant configuration files have been re-rendered into /run/openvpn
2020-04-19bridge: T2232: move helper to vyos.validateChristian Poessinger
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-15openvpn: T2335: allow disabling client-ip-poolJernej Jakob
2020-04-15openvpn: T2293: fix UnboundLocalError if server subnet is unsetJernej Jakob
2nd part of this fix, first commit 9b6a369 didn't fix it.
2020-04-14openvpn: T2293: fix UnboundLocalError if server subnet is unsetJernej Jakob
Commit bb36bde introduced a bug when server subnet is unset, this fixes it.
2020-04-13Merge pull request #325 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2235: add custom server pool handling
2020-04-13openvpn: T2235: add custom server pool handlingjjakob
- add config options and logic for server client-ip-pool - add function for determining default IPs for the server in different configurations - verify for pool IPs and maximum subnet prefix length - move remote netmask logic for client ifconfig-push to use new function - add topology 'net30' , set it as default (as it already was) - replace generic ip_* with IPv4* where necessary - print warning to console when server client IP is in server pool - fix server subnet help field
2020-04-13openvpn: T2235: use IPv4Network where input is already validatedjjakob
2020-04-13openvpn: T2283: move ccd to /run/openvpnjjakob
Commit a457c9d2 moved the config directory to /run/openvpn but didn't move the client-config-dir in the template.
2020-04-12template: T2230: use render to generate templatesThomas Mangin
convert all call to jinja to use template.render
2020-04-12openvpn: T2273: cleanup client config generationChristian Poessinger
2020-04-12openvpn: T2273: cleanup config dir generationChristian Poessinger
2020-04-12vyos.util: openvpn: migrate to chmod_600()Christian Poessinger
2020-04-12vyos.util: rename chmod_x() -> chmod_755()Christian Poessinger
2020-04-11openvpn: T2273: re-use vyos.util library functionsChristian Poessinger
2020-04-11openvpn: T2273: migrate from SysVinit to systemdChristian Poessinger
2020-04-10openvpn: T2266: fix verify for client-server bridged modejjakob
2020-04-08openvpn: T2234: clean up and rework openvpn templatejjakob
- rearranged options to put them in logical groups separated by blank lines - removed unnecessary blank lines (whitespace) - fixed encryption if-else comparison logic that caused 3des to be ignored - set tls if tls-version-min is set
2020-04-07bridge: T2232: prevent deletion of enslaved interfacesChristian Poessinger
Interfaces enslaved to a bridge are not allowed to be deleted. If an interface is deleted from the config but it is still enslaved to a bridge will cause a configuration error on the subsequent boot.
2020-04-06util: T2226: rewrite openvpn to use cmdThomas Mangin
2020-04-05openvpn: improve value help on ipfixChristian Poessinger
2020-04-04openvpn: T2222: set 'multihome' option when local-host is unsetjjakob
If configured with protocol udp and no local-host, openvpn needs the 'multihome' option to correctly work on all addresses.
2020-03-29vyos.util: increase usage of process_running() and remove duplicated codeChristian Poessinger
OpenVPN, WIFI, SSTP all had the same boiler plate copied about checking if a process associated with a pidfile is running or not. This has been migrated to the common library function vyos.util.process_running().
2020-03-28ipv6: T1831: migrate eui64 addressing to XML and pythonChristian Poessinger
2020-03-28ipv6: T1831: migrate autoconf nodeChristian Poessinger
Autoconfigure addresses using Prefix Information in Router Advertisements.
2020-03-28ipv6: T1831: use integers over bool in interface configurationChristian Poessinger
2020-03-28ipv6: T1831: migrate forwarding and dup-addr-detect-transmits nodesChristian Poessinger
... to new XML and Python based frontend/backend.
2020-03-28ifconfig: T2057: explicity name state functionsThomas Mangin
The Interface get_state/set_state were not clear about if they edited the admin or operational state. functions are now using admin_state and oper_state for clarity.
2020-03-25openvpn: T2148: fix setting "server client" without "ip"Jernej Jakob
2020-03-25Merge pull request #265 from thomas-mangin/2057-dhcp-vlanChristian Poessinger
ifconfig: T2057: break down DHCP, add register, STP and VLAN as adapters
2020-03-24openvpn: T2146: remove user/pass auth file when not neededJernej Jakob
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 23:16:25 +0000