vyos-1x.git - VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)

Age	Commit message (Collapse)	Author
2022-03-28	Revert "openvpn: T4230: globally enable ip_nonlocal_bind"	Daniil Baturin
	This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c.
2022-03-24	openvpn: T4294: force service restart on openvpn-option node change	Christian Poessinger

2022-02-17	openvpn: T4230: globally enable ip_nonlocal_bind	Christian Poessinger

2022-02-17	Merge pull request #1211 from sever-sever/T4230-cur	Christian Poessinger
	openvpn: T4230: Delete checks if local-host address assigned
2022-02-09	openvpn: T3686: Fix for check local-address in script and tmpl	Viacheslav Hletenko
	Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template
2022-02-09	openvpn: T4230: Delete checks if local-host address assigned	Viacheslav Hletenko
	OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address
2021-11-15	openvpn: T3995: implement systemd reload support	Christian Poessinger

2021-11-06	openvpn: T3966: fix KeyError when removing interfaces without TOTP	Christian Poessinger

2021-11-03	openvpn: T3966: OpenVPN fix the smoketests	Kim Hagen

2021-11-01	openvpn: T3958: OpenVPN breaks the smoketests	Kim Hagen

2021-11-01	Merge branch 'current' into T3350-sagitta	zdc

2021-10-21	use vyos read_file and write_file functions	Kim Hagen

2021-10-10	do not use Path	Kim Hagen

2021-10-10	update writer to nicer read write	Kim Hagen

2021-10-07	Merge branch 'current' into 2fa	Kim

2021-10-07	openvpn: T3642: Fix password_protected check	Nicolas Riebesel

2021-10-07	openvpn: T3805: fix bool logic in verify_pki() for client mode	Christian Poessinger
	Add support for OpenVPN client mode with only the CA certificate of the server installed.
2021-10-07	openvpn: T3805: drop privileges using systemd - required for rtnetlink	Christian Poessinger

2021-10-07	openvpn: T3805: use vyos.util.makedir() to create system directories	Christian Poessinger

2021-10-07	openvpn: T3805: use vyos.util.write_file() to store certificates	Christian Poessinger

2021-10-07	pull request fixes	Kim Hagen

2021-10-04	OpenVPN: T3350: Changed custom options for OpenVPN processing	zsdc
	Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing.
2021-09-23	openvpn: T3642: Fix password_protected check	Nicolas Riebesel

2021-09-08	openvpn: T3805: fix bool logic in verify_pki() for client mode	Christian Poessinger
	Add support for OpenVPN client mode with only the CA certificate of the server installed.
2021-09-08	openvpn: T3805: drop privileges using systemd - required for rtnetlink	Christian Poessinger

2021-09-08	openvpn: T3805: use vyos.util.makedir() to create system directories	Christian Poessinger

2021-09-08	openvpn: T3805: use vyos.util.write_file() to store certificates	Christian Poessinger

2021-09-03	fix file location and use correct variable	Kim Hagen

2021-09-02	remove secrets file if the tunnel is deleted and fix opmode commands	Kim Hagen

2021-09-02	update 2fa qr generation and user creation procedure	Kim Hagen

2021-09-01	more 2fa changes	Kim Hagen

2021-08-17	add part 2fa	Kim Hagen

2021-08-13	openvpn: T3738: Disable authentication option for server mode	Viacheslav

2021-07-21	pki: openvpn: T3642: Migrate OpenVPN to PKI and refactor	sarthurdev

2021-07-17	Revert "openvpn: T56: remove strict checks for tls cert-file and key-file"	Christian Poessinger
	This reverts commit c414479fdf1d5ad77170f977481fb9197c9559ae. This commit broke the smoketests and also OpenVPN complains: Options error: You must define certificate file (--cert) or PKCS#12 file (--pkcs12)
2021-07-13	openvpn: T56: remove strict checks for tls cert-file and key-file	Yun Zheng Hu
	This makes the tls cert-file and key-file optional and allows for more advanced configurations via "openvpn-option", such as pkcs11 or pkcs12 options.
2021-06-25	openvpn: T1704: drop deprecated disable-ncp option	Christian Poessinger

2021-02-28	vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config()	Christian Poessinger
	Interface.get_config() was always a pure helper which exposed a "per interface type" dictionary which was then fed by the caller to create interfaces by iproute2 which required additional options during creation time. Such interfaces had been: * tunnel * vxlan * geneve * macsec * wifi * macvlan / pseudo-ethernet The code was always duplicated to convert from the VyOS CLI based get_config_dict() to a dict which can be used to feed iproute2. This path has been removed and we now always feed in the entire dictionary retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper get_interface_dict() to the interface we wan't to create. This also adds the - personally long awaited - possibility to get rid of the derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on.
2021-01-17	openvpn: T2994: proper cleanup all files on interface deletion	Christian Poessinger

2020-12-31	openvpn: T2994: fix ipv6 server mode	Christian Poessinger

2020-11-27	vyos.template: T2720: always enable Jinja2 trim_blocks feature	Christian Poessinger

2020-11-23	openvpn: T3074: fix site-2-site operation mode	Christian Poessinger
	When rendering the configs "ifconfig" statement wrong IP addresses have been used for the "tun" operating mode. This has been corrected.
2020-11-21	openvpn: T3060: fix client authentication username and password file	Christian Poessinger

2020-11-13	openvpn: T3060: Remote-host is a required param for client	sever-sever

2020-11-13	vyos.template: provide general is_ip(v4\|v6) helpers	Christian Poessinger
	We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-11-06	openvpn: T3051: fix multiple pushed routes to preconfigured clients	Christian Poessinger

2020-11-04	openvpn: T3046: create client config dir on-demand	Christian Poessinger
	This commit partially reverts commit eb1ed5e518 ("openvpn: T2994: re-add ifconfig-pool statement in server config").
2020-11-01	openvpn: T2994: re-add ifconfig-pool statement in server config	Christian Poessinger
	Re-organize the template code and add addtitional Jinja2 filters for processing the ifconfig-pool statement. This reverts the changes from commit 7e546be9 ("openvpn: T2994: temporary revert to 1.2 crux behavior for client pools").
2020-11-01	openvpn: T2994: remove workarounds for individual ipv4 and ipv6 keys	Christian Poessinger
	Remove workaround which split (local\|remote)_address and also subnet keys into individual keys for the assigned IP address family (4/6). During template rendering check IP version by introducing new ipv4 and ipv6 Jinja2 filters {% if foo \| ipv4 %} or {% if bar \| ipv6 %} options.
2020-10-30	openvpn: T2994: verify DH key length	Christian Poessinger