summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2020-04-18ipsec: T2317: Fix adding params to ipsec configuration filesDmitriyEshenko
2020-04-17wireless: T2306: Add new cipher suites to the WiFi configurationAlain Lamar
Yet, VyOS knows these two encryption schemes for WiFi: 1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128) 2. TKIP = Temporal Key Integrity Protocol These encryption schemes are new and especially the Galois counter mode cipher suites are very desirable! 1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key 2. GCMP = Galois/counter mode protocol (GCMP-128) 3. GCMP-256 = Galois/counter mode protocol with 256-bit key CCMP is supported by all WPA2 compatible NICs, so this remains the default cipher for bidirectional and group packets while using WPA2. Use 'iw list' to figure out which cipher suites your cards support prior to configuring other cipher suites than CCMP. AP NICs and STA NICs must both support at least one common cipher in a given list in order to associate successfully.
2020-04-17flow-accounting: T2275: fix NameError: name 'stdout' is not definedChristian Poessinger
2020-04-17flow-accounting: T2275: import render template from correct libraryChristian Poessinger
2020-04-17Merge pull request #341 from thomas-mangin/T2223Christian Poessinger
op_mode: T2223: convert vyatta-show-interfaces.pl to show_interfaces.py
2020-04-16Merge pull request #342 from jjakob/openvpn-ipv6Christian Poessinger
openvpn: T149: IPv6 support
2020-04-16Merge pull request #347 from DmitriyEshenko/fix-ipoeChristian Poessinger
ipoe: T2294: Fix templates and migrate to systemd
2020-04-16ipoe: T2294: Migrate to systemdDmitriyEshenko
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-15Merge pull request #349 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2335: allow disabling client-ip-pool
2020-04-15login: T2295: move from calling an os binary to Python crypt() functionChristian Poessinger
2020-04-15dns-forwarding: T2298: remove wrongly added numberChristian Poessinger
Commit 16b2fc8 ("dns-forwarding: T2298: fix path to control file") added a wrong prefix to the line before executing 'systemctl restart snmpd.service'.
2020-04-15dns-forwarding: T2298: fix path to control fileChristian Poessinger
After migrating PowerDNS to systemd and also its configuration files to a volatile directory in commit 77d725f ("dns-forwarding: T2185: move configuration files to volatile /run directory") the path for the control file has not been altered and pushed to the client rec_control binary"
2020-04-15openvpn: T2335: allow disabling client-ip-poolJernej Jakob
2020-04-15Merge pull request #346 from thomas-mangin/T31-vrf-existsChristian Poessinger
tunnel: T31: check that the assigned VRF exists
2020-04-15openvpn: T2293: fix UnboundLocalError if server subnet is unsetJernej Jakob
2nd part of this fix, first commit 9b6a369 didn't fix it.
2020-04-15tunnel: T31: check that the assigned VRF existsThomas Mangin
2020-04-14openvpn: T2293: fix UnboundLocalError if server subnet is unsetJernej Jakob
Commit bb36bde introduced a bug when server subnet is unset, this fixes it.
2020-04-14vrrp: T2223: move VRRP within ifconfigThomas Mangin
Tidied up the code and moved it under VRRP in view to use with show-interface (which has VRRP filtering) No change in functionality
2020-04-13service https: T1585: call to sudo can be omittedChristian Poessinger
2020-04-13service https: T1585: bugfix typo in systemd nameChristian Poessinger
2020-04-13syslog: T2185: explicitly specify systemd serviceChristian Poessinger
2020-04-13tftp-server: T2185: explicitly specify systemd serviceChristian Poessinger
2020-04-13broadcast-relay: T2185: explicitly specify systemd serviceChristian Poessinger
2020-04-13mdns-repeater: T2185: explicitly specify systemd serviceChristian Poessinger
2020-04-13flow-accounting: T2185: explicitly specify systemd serviceChristian Poessinger
2020-04-13dns-forwarding: T2185: move configuration files to volatile /run directoryChristian Poessinger
2020-04-13dns-forwarding: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-13ddclient: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-13Merge pull request #325 from jjakob/openvpn-poolChristian Poessinger
openvpn: T2235: add custom server pool handling
2020-04-13openvpn: T2235: add custom server pool handlingjjakob
- add config options and logic for server client-ip-pool - add function for determining default IPs for the server in different configurations - verify for pool IPs and maximum subnet prefix length - move remote netmask logic for client ifconfig-push to use new function - add topology 'net30' , set it as default (as it already was) - replace generic ip_* with IPv4* where necessary - print warning to console when server client IP is in server pool - fix server subnet help field
2020-04-13openvpn: T2235: use IPv4Network where input is already validatedjjakob
2020-04-13Merge pull request #339 from jjakob/openvpn-dir-fixChristian Poessinger
openvpn: T2283: move ccd to /run/openvpn
2020-04-13dhcp-relay: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-13openvpn: T2283: move ccd to /run/openvpnjjakob
Commit a457c9d2 moved the config directory to /run/openvpn but didn't move the client-config-dir in the template.
2020-04-13dhcpv6-relay: T2185: fix wrong call to os libraryChristian Poessinger
Commit 5892d51 ("dhcpv6-relay: T2185: migrate from SysVinit to systemd") accidently called the non existent function os.file.exists instead of os.path.exists.
2020-04-13dhcpv6-relay: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-13wireless: T2185: add wrongly removed argument to get_conf_file()Christian Poessinger
Commit c0629296bb ("wireless: T2185: migrate from SysVinit to systemd") remove a required argument to get_conf_file()
2020-04-13Merge pull request #338 from thomas-mangin/T2028-bootChristian Poessinger
tunnel: T2028: fix issue when booting without gre remote
2020-04-12tunnel: T2028: fix issue when booting without gre remoteThomas Mangin
2020-04-12dhcp-server: T2185: add comment on config dir generationChristian Poessinger
2020-04-12dhcpv6-server: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-12dhcp-server: T2185: create directories in /run on-demandChristian Poessinger
Commit bc68244 ("dhcp-server: T2185: migrate from SysVinit to systemd") migrated the DHCP subsystem to systemd, necessary directories in the volatile /run directory have not been created.
2020-04-12dhcp-server: T2185: fixup ConditionPathExists variableChristian Poessinger
Commit bc68244 ("dhcp-server: T2185: migrate from SysVinit to systemd") migrated the DHCP subsystem to systemd, but on the test-system there was still the old configuration file present not triggering this condition.
2020-04-12dhcp-server: T2185: migrate from SysVinit to systemdChristian Poessinger
2020-04-12ntp: T2230: fix wrong import after template migrationChristian Poessinger
Commit 1fbaa2c ("template: T2230: use render to generate templates") did try to import render from the wrong module.
2020-04-12template: T2230: use render to generate templatesThomas Mangin
convert all call to jinja to use template.render
2020-04-12vpn: l2tp: T2185: move generated files to volatile /run/accel-ppp directoryChristian Poessinger
2020-04-12vpn: sstp: T2185: move generated files to volatile /run/accel-ppp directoryChristian Poessinger
2020-04-12vpn: sstp: T2008: bugfix chap-secrets generationChristian Poessinger
Commit 13510cac5a4a ("vpn: sstp: T2008: migrate from SysVinit -> systemd") unfortunately wrote the filename into the chap-secrets file instead of the rendered secrets.