| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici library
|
|
1. Changed reset IPSEC, IKE SAs to use vici library.
2. Created package vyos.ipsec to communicate with vici library.
|
|
T5013: Extend accelppp op-mode script to get statistic
|
|
Fix timezones completion help and validotor
Use 'timedatectl' insted of find zoneinfo
|
|
|
|
ipsec: T4593: Remove references to deleted variables
|
|
|
|
T5020: Extend openvpn op-mode to get list of configured clients
|
|
As we have the same variable name 'default_values' for container
name, port and volume, it rewrites default container parameters
with default port parameters
Fix it
|
|
Extend openvpn.py op-mode script to get list of configured clients
for the '--raw' output
|
|
Extend accelppp.py op-mode script to get
subnet/start/stop/gateway/client_ip_pool/ etc
info from the configuration
|
|
debian: T5003: Upgrade base system to Debian 12 "Bookworm"
|
|
ipsec: T4593: Migrate and remove legacy `include-ipsec` nodes
|
|
Not supported with swanctl
|
|
|
|
|
|
Fixed 'reset vpn ipsec-peer {peer}' command.
The op-mode script uses value 'None' in the 'tunnel' parameter
to clear all CHILD SAs.
|
|
|
|
|
|
* DH params of 256 length no longer supported
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
tc acccepts the bandwidth value/unit pairs as lowercase - so does the VyOS CLI
validator work, too.
|
|
T4857: snmp: Fix error when not defining client|network under community
|
|
After the RESTRICTED view was introduced snmpd requires a network to be
specified. Before adding the RESTRICTED view snmpd always assumed the default
network 0.0.0.0/0.
This commit re-adds the build in default networks for IPv4 and IPv6 and
exposes it as a proper default to the CLI so the user is informed about it:
vyos@vyos# set service snmp community foooo
Possible completions:
authorization Authorization type (default: ro)
+ client IP address of SNMP client allowed to contact system
+ network Subnet of SNMP client(s) allowed to contact system (default:
0.0.0.0/0, ::/0)
|
|
sstp-client
|
|
nhrp: T4905: Rewritten nhrp op-mode in new style
|
|
containers"
This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
|
|
container: T4959: Add container registry authentication config for containers
|
|
|
|
|
|
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
|
|
When shaper is bound to a dialup (e.g. PPPoE) interface it is possible, that
it is yet not availbale when to QoS code runs. Skip the configuration and
inform the user.
|
|
bgp: T4817: add support for RFC9234
|
|
This reverts commit 3a6e77d479da4321b851163490a9b79ef2cef7b8.
A general solution is implemented in Commit 29a44a73 ("T4975: always sync()
filesystem after commit").
|
|
|
|
|
|
User profile files are not saved to disk after configuration is fully applied.
Because of this, after a fast system reset, profile files can be empty, and CLI
is broken.
This fix adds a `sync()` call after the user's configuration, which should
protect from data loss and fix the problem with profiles.
|
|
1. Formatted output of 'show nhrp' commands to table view
2. Rewritten nhrp op-mode in new style
|
|
|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
|
|
Removes port key from accounting server merged config dictionary.
|
|
|
|
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
|
|
openconnect: T4955: Removed wrong authserver in radiusclient.conf
|
|
This sysctl has been removed from kernel 6.0.X onwards but its removal was skipped when upgrading the kernel.
See: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/netfilter?id=b118509076b39cc5e616c0680312b5caaca535fe
|
|
config.copy does not recursively create nodes of the path. On install
image, the path ['service'] is not present in config.boot.default, so
must be created before config.copy['service', 'ntp'].
|
|
After merging config dictionary with default values, radius port
the default value was merged not in a proper way.
It is added as a server.
After creating radiusclient.conf added and the illegal authserver
equal 'port'.
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
