| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-04-23 | interfaces: T2362: add node to delete the default IPv6 link-local address | Jernej Jakob | |
| 2020-04-23 | interfaces: T2362: allow setting multiple 'ipv6 address eui64' | Jernej Jakob | |
| 2020-04-23 | interfaces: T2362: add default IPv6 link-local address to make IPv6 work | Jernej Jakob | |
| 2020-04-23 | interfaces: T2362: split set_ipv6_eui64_address into add and del functions | Jernej Jakob | |
| 2020-04-20 | openvpn: T2339: fix for IPv4 local-host addresses | Jernej Jakob | |
| Commit bb9f998 introduced a bug where openvpn fails to start if 'local-host' is an IPv4 address due to 'proto' wanting a IPv6 socket. This adds a conditional check and uses normal proto if it's IPv4. | |||
| 2020-04-19 | openvpn: T2336: delete auth-user-pass file when interface is unused #2 | Christian Poessinger | |
| 2020-04-19 | Revert "openvpn: T2336: delete auth-user-pass file when interface is unused" | Christian Poessinger | |
| This reverts commit 26adfd6d0d03af44a03f327478199f3009f2ad3c. | |||
| 2020-04-19 | openvpn: T2336: delete auth-user-pass file when interface is unused | Christian Poessinger | |
| Unused means disabled or even deleted - there should be no secrets left-over. | |||
| 2020-04-19 | openvpn: T2336: fix auth-user-pass file generation | Christian Poessinger | |
| Bug introduced in commit b36e6e6 ("openvpn: T2273: migrate from SysVinit to systemd") as not all relevant configuration files have been re-rendered into /run/openvpn | |||
| 2020-04-19 | bridge: T2232: move helper to vyos.validate | Christian Poessinger | |
| 2020-04-16 | openvpn: T149: IPv6 support | Jernej Jakob | |
| - allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool) | |||
| 2020-04-15 | openvpn: T2335: allow disabling client-ip-pool | Jernej Jakob | |
| 2020-04-15 | openvpn: T2293: fix UnboundLocalError if server subnet is unset | Jernej Jakob | |
| 2nd part of this fix, first commit 9b6a369 didn't fix it. | |||
| 2020-04-14 | openvpn: T2293: fix UnboundLocalError if server subnet is unset | Jernej Jakob | |
| Commit bb36bde introduced a bug when server subnet is unset, this fixes it. | |||
| 2020-04-13 | Merge pull request #325 from jjakob/openvpn-pool | Christian Poessinger | |
| openvpn: T2235: add custom server pool handling | |||
| 2020-04-13 | openvpn: T2235: add custom server pool handling | jjakob | |
| - add config options and logic for server client-ip-pool - add function for determining default IPs for the server in different configurations - verify for pool IPs and maximum subnet prefix length - move remote netmask logic for client ifconfig-push to use new function - add topology 'net30' , set it as default (as it already was) - replace generic ip_* with IPv4* where necessary - print warning to console when server client IP is in server pool - fix server subnet help field | |||
| 2020-04-13 | openvpn: T2235: use IPv4Network where input is already validated | jjakob | |
| 2020-04-13 | openvpn: T2283: move ccd to /run/openvpn | jjakob | |
| Commit a457c9d2 moved the config directory to /run/openvpn but didn't move the client-config-dir in the template. | |||
| 2020-04-12 | template: T2230: use render to generate templates | Thomas Mangin | |
| convert all call to jinja to use template.render | |||
| 2020-04-12 | openvpn: T2273: cleanup client config generation | Christian Poessinger | |
| 2020-04-12 | openvpn: T2273: cleanup config dir generation | Christian Poessinger | |
| 2020-04-12 | vyos.util: openvpn: migrate to chmod_600() | Christian Poessinger | |
| 2020-04-12 | vyos.util: rename chmod_x() -> chmod_755() | Christian Poessinger | |
| 2020-04-11 | openvpn: T2273: re-use vyos.util library functions | Christian Poessinger | |
| 2020-04-11 | openvpn: T2273: migrate from SysVinit to systemd | Christian Poessinger | |
| 2020-04-10 | openvpn: T2266: fix verify for client-server bridged mode | jjakob | |
| 2020-04-08 | openvpn: T2234: clean up and rework openvpn template | jjakob | |
| - rearranged options to put them in logical groups separated by blank lines - removed unnecessary blank lines (whitespace) - fixed encryption if-else comparison logic that caused 3des to be ignored - set tls if tls-version-min is set | |||
| 2020-04-07 | bridge: T2232: prevent deletion of enslaved interfaces | Christian Poessinger | |
| Interfaces enslaved to a bridge are not allowed to be deleted. If an interface is deleted from the config but it is still enslaved to a bridge will cause a configuration error on the subsequent boot. | |||
| 2020-04-06 | util: T2226: rewrite openvpn to use cmd | Thomas Mangin | |
| 2020-04-05 | openvpn: improve value help on ipfix | Christian Poessinger | |
| 2020-04-04 | openvpn: T2222: set 'multihome' option when local-host is unset | jjakob | |
| If configured with protocol udp and no local-host, openvpn needs the 'multihome' option to correctly work on all addresses. | |||
| 2020-03-29 | vyos.util: increase usage of process_running() and remove duplicated code | Christian Poessinger | |
| OpenVPN, WIFI, SSTP all had the same boiler plate copied about checking if a process associated with a pidfile is running or not. This has been migrated to the common library function vyos.util.process_running(). | |||
| 2020-03-28 | ipv6: T1831: migrate eui64 addressing to XML and python | Christian Poessinger | |
| 2020-03-28 | ipv6: T1831: migrate autoconf node | Christian Poessinger | |
| Autoconfigure addresses using Prefix Information in Router Advertisements. | |||
| 2020-03-28 | ipv6: T1831: use integers over bool in interface configuration | Christian Poessinger | |
| 2020-03-28 | ipv6: T1831: migrate forwarding and dup-addr-detect-transmits nodes | Christian Poessinger | |
| ... to new XML and Python based frontend/backend. | |||
| 2020-03-28 | ifconfig: T2057: explicity name state functions | Thomas Mangin | |
| The Interface get_state/set_state were not clear about if they edited the admin or operational state. functions are now using admin_state and oper_state for clarity. | |||
| 2020-03-25 | openvpn: T2148: fix setting "server client" without "ip" | Jernej Jakob | |
| 2020-03-25 | Merge pull request #265 from thomas-mangin/2057-dhcp-vlan | Christian Poessinger | |
| ifconfig: T2057: break down DHCP, add register, STP and VLAN as adapters | |||
| 2020-03-24 | openvpn: T2146: remove user/pass auth file when not needed | Jernej Jakob | |
| 2020-03-24 | openvpn: T2146: delete old client configs | Jernej Jakob | |
| Previously old client configs for clients that were deleted from the server stayed in the ccd directory, causing them to still be used. As we can't know which clients were deleted, this deletes all the client configs as they are recreated shortly later. | |||
| 2020-03-24 | ifconfig: T2057: add VTunIf class | Thomas Mangin | |
| 2020-03-23 | ifconfig: T2154: fixing failure to start-stop-daemon | Thomas Mangin | |
| 2020-03-20 | Merge pull request #248 from jjakob/openvpn-dh-none | Christian Poessinger | |
| T2139: openvpn: allow unset dh-file when using EC keys | |||
| 2020-03-20 | T2139: openvpn: allow unset dh-file when using EC keys | Jernej Jakob | |
| 2020-03-19 | T2140: openvpn: fix checkCertHeader function return value | Jernej Jakob | |
| This function returned True even if no match in the certificate file was found, causing all checks using it to erroneously pass. | |||
| 2020-03-03 | interfaces: T1579: fix c/p error when evaluating ↵ | Christian Poessinger | |
| os.environ['VYOS_TAGNODE_VALUE'] This has been only a theoretical problem but then the error condition was triggered - only an error has been printed instead of raising an Exception. | |||
| 2020-02-27 | openvpn: T2075: add support for OpenVPN tls-crypt file option | Christian Poessinger | |
| Encrypt and authenticate all control channel packets with the key from keyfile. Encrypting (and authenticating) control channel packets: * provides more privacy by hiding the certificate used for the TLS connection * makes it harder to identify OpenVPN traffic as such * provides "poor-man's" post-quantum security, against attackers who will never know the pre-shared key (i.e. no forward secrecy) | |||
| 2020-02-23 | openvpn: T2065: move daemon parameter to start-stop-daemon command-line | Christian Poessinger | |
| 2020-01-23 | openvpn: T1975: ta devices need to be explicitly brought up | Christian Poessinger | |
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) |
| summaryrefslogtreecommitdiff |