diff options
| m--------- | docs/_include/vyos-1x | 0 | ||||
| -rw-r--r-- | docs/changelog/1.3.rst | 16 | ||||
| -rw-r--r-- | docs/changelog/1.4.rst | 49 | ||||
| -rw-r--r-- | docs/configuration/vpn/openconnect.rst | 31 |
4 files changed, 96 insertions, 0 deletions
diff --git a/docs/_include/vyos-1x b/docs/_include/vyos-1x -Subproject 1bd69a81dc32fdaa62be27e4f5ae3cfe333f2a2 +Subproject 6eea12512e59cc28f5c2e5ca5ec7e9e7b21731d diff --git a/docs/changelog/1.3.rst b/docs/changelog/1.3.rst index 7b06cdee..dfb4917e 100644 --- a/docs/changelog/1.3.rst +++ b/docs/changelog/1.3.rst @@ -8,6 +8,22 @@ _ext/releasenotes.py +2023-01-24 +========== + +* :vytask:`T4949` (feature): Backport "monitor log" and "show log" op-mode definitions from current to equuleus +* :vytask:`T4947` (feature): Support mounting container volumes as ro or rw + + +2023-01-23 +========== + +* :vytask:`T4798` (default): Migrate the file-exists validator away from Python +* :vytask:`T4683` (enhancment): Add kitty-terminfo package to build +* :vytask:`T4875` (default): Replace Python validator 'interface-name' to avoid Python startup cost +* :vytask:`T4664` (bug): Add validation to reject whitespace in tag node value names + + 2023-01-22 ========== diff --git a/docs/changelog/1.4.rst b/docs/changelog/1.4.rst index 2f302fd7..a1687f87 100644 --- a/docs/changelog/1.4.rst +++ b/docs/changelog/1.4.rst @@ -8,6 +8,55 @@ _ext/releasenotes.py +2023-01-29 +========== + +* :vytask:`T4965` (default): empty description in firewall group causes configuration error on migration + + +2023-01-28 +========== + +* :vytask:`T4961` (bug): Uncaught configtree error allows ntp migration 1-to-2 to fail silentlly on config.boot.default + + +2023-01-27 +========== + +* :vytask:`T4960` (bug): Bugs in `cc_vyos.py` code (Cloud-Init) + + +2023-01-26 +========== + +* :vytask:`T4886` (feature): Firewall and Policy - Add connection mark +* :vytask:`T4957` (bug): config-mgmt should not attempt to archive config at boot +* :vytask:`T4962` (bug): Fix typo in regex in vyos.config_mgmt compare function +* :vytask:`T4912` (default): Rewrite the IGMP op mode in the new style + + +2023-01-25 +========== + +* :vytask:`T4941` (bug): Accel-ppp IPoE incompatibility with kernel 6.1 + + +2023-01-24 +========== + +* :vytask:`T4947` (feature): Support mounting container volumes as ro or rw + + +2023-01-23 +========== + +* :vytask:`T4798` (default): Migrate the file-exists validator away from Python +* :vytask:`T4683` (enhancment): Add kitty-terminfo package to build +* :vytask:`T4953` (bug): Remove convert_kwargs_to_snake_case decorator in dynamic generation of GraphQL resolvers +* :vytask:`T4875` (default): Replace Python validator 'interface-name' to avoid Python startup cost +* :vytask:`T4664` (bug): Add validation to reject whitespace in tag node value names + + 2023-01-22 ========== diff --git a/docs/configuration/vpn/openconnect.rst b/docs/configuration/vpn/openconnect.rst index 1b48571d..112da58f 100644 --- a/docs/configuration/vpn/openconnect.rst +++ b/docs/configuration/vpn/openconnect.rst @@ -221,3 +221,34 @@ To display the configured OTP user settings, use the command: .. code-block:: none show openconnect-server user <username> otp <full|key-b32|key-hex|qrcode|uri> + +Configuring RADIUS accounting +=========================== + +OpenConnect can be configured to send accounting information to a +RADIUS server to capture user session data such as time of +connect/disconnect, data transferred, and so on. + +Configure an accounting server and enable accounting with: + +.. code-block:: none + + set vpn openconnect accounting mode radius + set vpn openconnect accounting radius server 172.20.20.10 + set vpn openconnect accounting radius server 172.20.20.10 port 1813 + set vpn openconnect accounting radius server 172.20.20.10 key your_radius_secret + +.. warning:: The RADIUS accounting feature must be used with the OpenConnect + authentication mode RADIUS. It cannot be used with local authentication. + You must configure the OpenConnect authentication mode to "radius". + +An example of the data captured by a FREERADIUS server with sql accounting: + +.. code-block:: none + + mysql> SELECT username, nasipaddress, acctstarttime, acctstoptime, acctinputoctets, acctoutputoctets, callingstationid, framedipaddress, connectinfo_start FROM radacct; + +----------+---------------+---------------------+---------------------+-----------------+------------------+-------------------+-----------------+-----------------------------------+ + | username | nasipaddress | acctstarttime | acctstoptime | acctinputoctets | acctoutputoctets | callingstationid | framedipaddress | connectinfo_start | + +----------+---------------+---------------------+---------------------+-----------------+------------------+-------------------+-----------------+-----------------------------------+ + | test | 198.51.100.15 | 2023-01-13 00:59:15 | 2023-01-13 00:59:21 | 10606 | 152 | 192.168.6.1 | 172.20.20.198 | Open AnyConnect VPN Agent v8.05-1 | + +----------+---------------+---------------------+---------------------+-----------------+------------------+-------------------+-----------------+-----------------------------------+ |