Age | Commit message (Collapse) | Author |
|
Removed dhcp-interface option (l2tp)
Added wins-server (sstp)
Added description (ipoe, pppoe, sstp, pptp)
Added exteded-script (l2tp, sstp, pptp)
Added shaper (ipoe, pptp, sstp, l2tp)
Added limits (ipoe, pptp, sstp, l2tp)
Added snmp ( ipoe, pptp,sstp, l2tp)
Refactoring and reformated code.
(cherry picked from commit ac6a16f6c5ad7700789759e1ec093236c2e182a2)
|
|
Rewritten authentication node in accel-ppp services
to a single view. In particular - PPTP authentication.
(cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
|
|
vpn: T5926: IPSEC does not apply after l2tp configuration was changed
added dependency between l2tp and ipsec conf
added test for apply config to swanctl
(cherry picked from commit e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5)
|
|
Rewritten 'ppp-options' to the same view in all accel-ppp services.
Adding IPv6 support to PPTP.
(cherry picked from commit d9e57fe65dd538c6ea80637f4f6f23cf11dc583d)
|
|
Moved ipv6 pools to named ipv6 pools in accel-ppp services
(cherry picked from commit d187803c31175e471397dd4f77040ab56d2e1073)
|
|
Changed node 'range' to multi in 'client-ip-pool' for accell-ppp
services.
Added completionHelp to default-pool and next-pool.
Fixed verification in vpn l2tp config script.
(cherry picked from commit 4ffec67d04670192d9b722353cbaef04cb0ba129)
|
|
Rewritten L2TP to get_config_dict
Rewritten L2TP xml to accel-ppp patterns
Migrated 'idle' to 'ppp-options.lcp-echo-timeout'
Migrated 'authentication.mppe' to 'ppp-options.mppe'
Migrated 'authentication.radius.dae-server' to
'authentication.radius.dynamic-author'
Migrated 'authentication.require' to 'authentication.protocol'
Added 'authentication.radius.acct-interim-jitter'
Added 'authentication.radius.preallocate-vif'
Added 'authentication.radius.server.<IP>.acct-port'
Added 'ppp-options.ipv4'
Added smoke-tests
Fixed 'preallocate-vif' in SSTP
(cherry picked from commit 09e0a2ca035ee39a68a510b28cc74560669d0420)
|
|
Standardized pool configuration for all accel-ppp services.
1. Only named pools are used now.
2. Allows all services to use range in x.x.x.x/mask
and x.x.x.x-x.x.x.y format
3. next-pool can be used in all services
2. Allows to use in ipoe gw-ip-address without pool configuration
which allows to use Fraimed-IP-Address attribute by radius.
3. Default pool name should be explicidly configured
with default-pool.
4. In ipoe netmask and range subnet can be different.
(cherry picked from commit 422eb463d413da812eabc28706e507a9910d7b53)
|
|
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
Add RADIUS accounting-interim-interval option for L2TP-server
Specifies interval in seconds to send accounting information
(may be overridden by radius Acct-Interim-Interval attribute)
set vpn l2tp remote-access authentication radius accounting-interim-interval '120'
|
|
Add ppp-options IPv6 interface id for vpn L2TP
- fixed or random interface identifier for IPv6
- peer interface identifier for IPv6
- whether to accept peer’s interface identifier
set vpn l2tp remote-access ppp-options ipv6-accept-peer-intf-id
set vpn l2tp remote-access ppp-options ipv6-intf-id 'random'
set vpn l2tp remote-access ppp-options ipv6-peer-intf-id 'calling-sid'
|
|
L2TP 'ppp-options ipv6 x' can work without declaring IPv6 pool
As we can get addresses via RADIUS attributes:
- Framed-IPv6-Prefix
- Delegated-IPv6-Prefix
|
|
Fix l2tp dae server template and python config dict for correctlly
handling Dynamic Authorization Extension server configuration
|
|
|
|
|
|
|
|
|
|
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined.
All places now have been converged into vyos.template as they are used both
in the Jinja2 templates and also in our scripts.
|
|
accel: T2631: Add option for radius disable-accounting
|
|
|
|
The CLI node was read in incorrect (wrong path). In addtition the list was not
reset to [] when authentication was specified on the CLI.
|
|
|
|
|
|
Make the port used for RADIUS accounting user configurable. This is now
valid for the following services which are based on Accel-PPP:
* ipoe-server
* pppoe-server
* l2tp
* pptp
* sstp
|
|
|
|
|
|
airbag must now be explicitly installed.
the patch also allow to fully disables the installation of the logging
code at setup (and not just installing and doing nothing)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
convert all call to jinja to use template.render
|
|
|
|
|
|
Combining multiple options into a single CLI node is considered bad practice.
IPv6 prefixes consited of the prefix itself and a mask send to the client in
one node only.
The following CLI parts have been migrated from
client-ipv6-pool {
delegate-prefix fc00:0:1::/48,64
prefix 2001:db8::/64,64
}
to
client-ipv6-pool {
delegate fc00:0:1::/48 {
delegation-prefix 48
}
prefix 2001:db8::/48 {
mask 64
}
}
Thus regular validation steps from the VyOS CLI can be used when a prefix is
configured.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
There is no reason to distinguish between WINS servers in terms of priority.
This is solely a task which can be done in the underlaying Python scripts.
|
|
There is no reason to distinguish between an IPv4 and IPv6 name-server node
on the CLI - this can be done in the underlaying Python scripts.
|
|
|