| Age | Commit message (Collapse) | Author |
|---|
|
Previously old client configs for clients that were deleted from
the server stayed in the ccd directory, causing them to still be
used. As we can't know which clients were deleted, this deletes
all the client configs as they are recreated shortly later.
|
|
|
|
T2139: openvpn: allow unset dh-file when using EC keys
|
|
|
|
This function returned True even if no match in the certificate file
was found, causing all checks using it to erroneously pass.
|
|
os.environ['VYOS_TAGNODE_VALUE']
This has been only a theoretical problem but then the error condition was
triggered - only an error has been printed instead of raising an Exception.
|
|
Encrypt and authenticate all control channel packets with the key from keyfile.
Encrypting (and authenticating) control channel packets:
* provides more privacy by hiding the certificate used for the TLS connection
* makes it harder to identify OpenVPN traffic as such
* provides "poor-man's" post-quantum security, against attackers who will
never know the pre-shared key (i.e. no forward secrecy)
|
|
|
|
|
|
to be a bug in OpenVPN client when comparing pushed cipher with local ncp cipher list
|
|
|
|
[OpenVPN]: T1704: Changed config structure for OpenVPN encryption to support ncp-ciphers.
[OpenVPN]: T1704: Added migration scripts for interface 2-to-3
|
|
|
|
renamed: interface-bonding.py -> interfaces-bonding.py
renamed: interface-bridge.py -> interfaces-bridge.py
renamed: interface-dummy.py -> interfaces-dummy.py
renamed: interface-ethernet.py -> interfaces-ethernet.py
renamed: interface-loopback.py -> interfaces-loopback.py
renamed: interface-openvpn.py -> interfaces-openvpn.py
renamed: interface-vxlan.py -> interfaces-vxlan.py
renamed: interface-wireguard.py -> interfaces-wireguard.py
|
