| Age | Commit message (Collapse) | Author |
|---|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
|
|
Removes port key from accounting server merged config dictionary.
|
|
|
|
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
|
|
openconnect: T4955: Removed wrong authserver in radiusclient.conf
|
|
This sysctl has been removed from kernel 6.0.X onwards but its removal was skipped when upgrading the kernel.
See: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/netfilter?id=b118509076b39cc5e616c0680312b5caaca535fe
|
|
config.copy does not recursively create nodes of the path. On install
image, the path ['service'] is not present in config.boot.default, so
must be created before config.copy['service', 'ntp'].
|
|
After merging config dictionary with default values, radius port
the default value was merged not in a proper way.
It is added as a server.
After creating radiusclient.conf added and the illegal authserver
equal 'port'.
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
|
T1297: VRRP: add garp options to vrrp
|
|
|
|
make the file (generate_interfaces_debug_archive.py
) executable
|
|
Commit b5e90197 ("op mode: T4951: add InsufficientResources error") missed out
a comma when extending the op_mode_err_msg dictionary.
|
|
igmp-proxy: T4912: Rewrite show IGMP proxy commands in the new op-mode format
|
|
T4940: new interfaces debugging command
|
|
op mode: T4951: add InsufficientResources error
|
|
|
|
|
|
|
|
Some ISPs seem to use the host-uniq flag to authenticate client equipment.
Add CLI option in VyOS to allow specification of the host-uniq flag.
set interfaces pppoe pppoeN host-uniq <value>
|
|
One can not always ensure that "interface" is of type list, add safeguard.
E.G. Juniper Networks, Inc. ex2300-c-12t only has a dict, not a list of dicts
So this is actually an upstream lldpd bug where the output depends on the amount
of data transmitted.
|
|
Whenever a container is used and a folder is mounted, this happenes as
read-write which is the default in Docker/Podman - so is the default in VyOS.
A new option is added "set container name foo volume mode <ro|rw>" to specify
explicitly if rw (default) or ro should be used for this mounted folder.
|
|
|
|
One can not always ensure that "capability" is of type list, add a safeguard.
E.G. Unify US-24-250W only has a dict, not a list of dicts.
|
|
config-mgmt: T4942: rewrite vyatta-config-mgmt to Python/XML
|
|
|
|
|
|
The new command will allow you to get full detailed information on the system interfaces.
|
|
"show MFC" command
|
|
T4857: SNMP: Implement FRR SNMP Recomendations
|
|
warning message
|
|
|
|
|
|
firewall: T4864: Fixed show zone-policy command output
|
|
|
|
|
|
1. Fixed "show zone-policy" command output
2. Rewritten zone-policy op-mode to new style
|
|
opmode: T4837: add family and table arguments for ShowRoute
|
|
|
|
ntp: T3008: migrate from ntpd to chrony
|
|
This prevents any stale override files when the system is beeing rebooted,
but the actual configuration was not saved. /run is a tmpfs and thus
always fresh after boot.
|
|
* Move CLI from "system ntp" -> "service ntp"
* Drop NTP server option preempt as not supported by chrony
|
|
Commit 1fc7e30f ('T4935: ospfv3: "not-advertise" and "advertise" conflict')
added a check for not-advertive and advertise in the same area but lacked a
test if the key really exists in the dict which is to be validated.
|
|
T4911: op-mode: rewrite LLDP in standardised op-mode format
|
|
|
|
T4118: Add default value any for connection remote-id
|
|
|
|
If IPsec "peer <tag> authentication remote-id" is not set
it should be "%any" by default
https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html#_connections_conn_remote
Set XML default value in use it in the python vpn_ipsec.py script
|
|
They can't be set at the same time.
|
