0fa06ecbba
Add setting to disable NAT for a given destination IP set
2024-09-16 16:24:09 +02:00
8c9829b726
Fix default wg_dns setting
...
All settings are processed as strings so use empty string in place of
False for default.
2024-07-31 09:26:51 +02:00
d123db4e64
Consolidate NAT and VPN settings into IP sets
...
I have tried every possible permutation and I think this is the one.
NetBox-managed IP prefixes are pushed with ansible to firewall master.
The managed prefixes are added to custom IP sets defined in the app,
but only NAT addresses and VPN groups can be configured for them.
This way all NAT and VPN policy is (again) configured in the app. Also
both NetBox-managed and user-defined networks are treated the same.
Also improve^Wtweak config generation. Also templates.
2024-04-30 20:57:46 +02:00
ff2246df8c
vpn: configure IPv6 addresses for WG clients
2023-12-08 17:12:37 +01:00
32b182856d
Set blueprint paths in main app
...
Make blueprints more self-contained for no apparent reason.
2023-12-04 09:46:37 +01:00
d704202e6e
Parametrize wg.conf template
2023-09-15 14:24:22 +02:00
e5f86e72c2
Get OIDC end_session_endpoint from server metadata
2023-09-14 10:09:45 +02:00
02059e5043
Copy OIDC settings to app.config on init
...
So we avoid locking the settings file at runtime.
2023-09-13 13:21:23 +02:00
719bcf7c55
Improve LDAP lookup of user groups
2023-09-07 15:02:08 +02:00
9dc0fbb4fe
Switch to OIDC authentication
2023-09-07 11:46:57 +02:00
5add39a8a7
Add form for editing ipsets
2023-07-24 16:43:57 +02:00
a5df435931
Consolidate error handling
...
Do or do not; there is no try. With some exceptions.
2023-07-12 14:19:18 +02:00
dd607dbddd
Add a nicer response for TimeoutError
2023-07-07 10:15:02 +02:00
6b72316076
Add node status page
2023-07-07 10:13:55 +02:00
5262c64244
Add form for editing NAT addresses
2023-07-07 08:20:35 +02:00
5e65755ec0
Add error reporting over email and improve logging
2023-07-03 16:01:14 +02:00
e84cb26dc7
Fix up Flask settings
...
DEBUG is apparently strongly discouraged. Use --debug instead.
2023-05-29 13:37:16 +02:00
765d4a3ce7
Add support for managing forwarding rules
2023-05-29 12:24:21 +02:00
22cec64bef
Simplify database locking
...
Use a single lock for everything to ensure we don’t go inconsistent.
One exception is the firewall nodes table which is only accessed when
pushing updated config.
2023-05-19 09:30:28 +02:00
3cf207047e
Remove unimplemented DNAT settings
...
For now.
2023-01-26 16:28:32 +01:00
0ded9d3823
Initialize settings
2023-01-26 16:11:32 +01:00
113992f95b
Make a squash
2023-01-26 10:51:51 +01:00
