summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-09-15typo: remove unnecessary 'i' from helpJavinator9889
(cherry picked from commit ec9503a9ec487ec7aa3524cb9847357f0631ca25)
2021-09-14dhcpv6-pd: T421: disable wide dhcpv6 client debug messagesChristian Poessinger
(cherry picked from commit 6b48900358ce9b01eaa78e3a086e95a26064f0df)
2021-09-14openvpn: T3822: fix certificate permissionsChristian Poessinger
Commit b8bb9f586 ("T3822: set the OpenVPN key file owner to openvpn:openvpn") changed the permissions only for file present in the "fix_permissions" list. The list did not contain all required certificates - this has been fixed.
2021-09-12Merge pull request #1003 from dmbaturin/T3822Christian Poessinger
T3822: set the OpenVPN key file owner to openvpn:openvpn
2021-09-12T3822: set the OpenVPN key file owner to openvpn:openvpnDaniil Baturin
2021-09-11Fix inconsistent capitalization in the show version outputDaniil Baturin
2021-09-11T3275: conntrack: Add missing conntrack templatesLulu Cathrinus Grimalkin
2021-09-11Merge pull request #1001 from erkin/equuleusDaniil Baturin
T3275: conntrack: Backport XML/Python implementation of conntrack CLI
2021-09-10frr: T1514: refactor restart script and drop duplicated codeChristian Poessinger
(cherry picked from commit d39567c977c84f1c16998947e16d397edbb015be)
2021-09-10T3275: conntrack: Backport XML/Python implementation of conntrack CLIerkin
2021-09-10ethtool: T3802: extend check_speed_duplex() implementation to support 'auto'Christian Poessinger
2021-09-10ethernet: T3802: not all NICs support reading speed/duplex settings in all ↵Christian Poessinger
states Turns out an AX88179 USB 3.0 NIC does not support reading back the speed and duplex settings in every operating state. While the NIC is beeing initialized, reading the speed setting will return: $ cat /sys/class/net/eth6/speed cat: /sys/class/net/eth6/speed: Invalid argument Thus if this happens, we simply tell the system that the current NIC speed matches the requested speed and nothing is changed at this point in time.
2021-09-10ethernet: T3802: use only one implementation for get_driver_name()Christian Poessinger
Move the two implementations to get the driver name of a NIC from ethernet.py and ethtool.py to only ethtool.py.
2021-09-10ethernet: T3802: check if driver supports changing flow-control settingsChristian Poessinger
2021-09-09vyos.configdict: T3814: use no_tag_node_value_mangle in get_interface_dict()Christian Poessinger
This change is required and currently only impacts WireGuards peer configuration, so that the peers name is not mangled. (cherry picked from commit 4d2201eed00ac4780d0196abf53dd9b7cb943a09)
2021-09-09openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
(cherry picked from commit 2647edc30f1e02840cae62fde8b44345d35ac720)
2021-09-09openvpn: T3805: use vyos.util.makedir() to create system directoriesChristian Poessinger
(cherry picked from commit 84e912ab2f583864e637c2df137f62f3d4cbeb14)
2021-09-07scripts: op-mode: T3807: bugfix node.def generatorChristian Poessinger
process_node() processes the XML tree in a fixed order, "node" before "tagNode" before "leafNode". If the generator created a "node.def" file, it can no longer be overwritten - else we would have some stale "node.def" files with an empty help string (T2555). Without the fixed order this would resulted in a case where we get a node and a tagNode with the same name, e.g. "show interfaces ethernet" and "show interfaces ethernet eth0" that the node implementation was not callable from the CLI, rendering this command useless (T3807). This can be fixed by forcing the "node", "tagNode", "leafNode" order by sorting the input XML file automatically (sorting from https://stackoverflow.com/a/46128043) thus adding no additional overhead to the user. (cherry picked from commit 7623e37c918c65418d8dfc521f976bb91f0594c0)
2021-09-07op-mode: xml: improve "show interfaces <type>" help textChristian Poessinger
(cherry picked from commit bd2c79ebb8abbd844f4b0568110c7bcea0d8f4f1)
2021-09-07login: T971 allow quoting in public-keys optionsPaul Lettington
This patch allows the use of `&quot;` in ssh public-key options which unlocks the ability to set the `from` option in a way that sshd will accept to limit what hosts a user can connect from. (cherry picked from commit 6b52387190f8213e7e02060e894c6ddd4fb7cb3d)
2021-09-06Merge pull request #999 from sever-sever/T2920-equChristian Poessinger
tunnel: T2920: Add checks tun with same source addr and keys
2021-09-06ifconfig: T3806: "ipv6 address no_default_link_local" required for MTU < 1280Christian Poessinger
This commit also extends the smoketest to verify that the exception for this error is raised. (cherry picked from commit 84a429b41175b95634ec9492e0cf3a564a47abdd)
2021-09-06tunnel: T2920: Add checks tun with same source addr and keysViacheslav
2 tunnels with the same local-address should has different keys Check existing tunnels (source-address key) with new tunnel.
2021-09-06T3803: add source-address option to the op mode ping CLI.Daniil Baturin
(cherry picked from commit e211cdbb375dba13af33d6ad6c3addab707f2870)
2021-09-06https: T2230: only support TLS1.2 and TLS1.3Christian Poessinger
(cherry picked from commit 7546e249708de3e0b4bf8f89912caf73265edd60)
2021-09-06Merge pull request #998 from sever-sever/T3396-equChristian Poessinger
syslog: T3396: Fix template for remote IPv6 host
2021-09-06syslog: T3396: Fix template for remote IPv6 hostViacheslav
2021-09-06vyos.util: T2755: rename dict_search() function args to match other ↵Christian Poessinger
implementations (cherry picked from commit 9d0c37fbbc91acc9f2c0f2abaab360479e451f0f)
2021-09-06wwan: T3620: op-mode: not all commands supported by all modems - add info ↵Christian Poessinger
message (cherry picked from commit 10814c4d3360598262e991e4b20768dfcde91d75)
2021-09-06smoketest: config: add DHCP name-server to dialup-router-medium-vpn configChristian Poessinger
T3804 changed how DHCP servers from DHCP interfaces are read in and passed to the system. The config migrator is tested with this addition. (cherry picked from commit 0a82936aff8bbfcc6253f4767ea82805525c47ec)
2021-09-05name-server: T3804: merge "system name-servers-dhcp" into "system name-server"Christian Poessinger
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP address we wan't to use. We also have "set system name-servers-dhcp <interface>" which does the same, but the name-server in question is retrieved via DHCP. Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>" to keep things as they are in real life - we need a name-server.
2021-09-04Merge pull request #992 from dmbaturin/ipsec-settings-fixJohn Estabrook
T3697: fix the deadlock in IPsec options script
2021-09-04T3697: do not try to restart charon if it's not requiredDaniil Baturin
The root cause is that the ipsec-settings.py script is run _twice_: first from "vpn ipsec options", then from the top level "vpn" node. The case when it's not required is when: * "vpn ipsec" configuration doesn't exist yet * user configured it with "vpn ipsec options" * the ipsec-settings.py script is run first time, from "vpn ipsec options" Trying to restart charon at that stage leads to a deadlock.
2021-09-04op-mode: T3619: bugfix "show interfaces X detail"Christian Poessinger
Commit 27e53fbc ("op-mode: T3619: bugfix "show interfaces" for VLANs") fixed the op-mode command for the "show interfaces" operation, but if a user was interested in all the ethernet or bridge interfaces, the command "show interfaces <type> detail" did not yield any output. The filtered_interfaces() function was further generalized to only operate on base components and call itself recusively if required. (cherry picked from commit 5e1f76d16332a917bfd99c6f2bffcd73e61d934d)
2021-09-04op-mode: T3619: bugfix "show interfaces" for VLANsChristian Poessinger
Commit 31169fa8a7 ("vyos.ifconfig: T3619: only set offloading options if supported by NIC") always instantiated an object of the Ethtool class for an ethernet object - this is right as a real ethernet interface is managed by Ethtool. Unfortunately the script used for "show interface" determindes the "base class" for an interface by its name, so eth0 -> Ethernet, eth0.10 -> Ethernet. This assumption is incorrect as a VLAN interface can not have the physical parameters changed of its underlaying interface. This can only be done for eth0. There is no need for the op-mode script to determine the implementation class for an interface at this level, as we are only interested in the state of the interface and it's IP addresses - which is a common operation valid for every interface on VyOS. (cherry picked from commit 27e53fbcd843c3aad27db9e97f9060ae6dfcc5ee)
2021-09-04op-mode: import cleanup in "show interfaces" scriptChristian Poessinger
(cherry picked from commit 5bde11aceffd3d7fca99e582b16555fc0c584410)
2021-09-03Merge pull request #994 from sever-sever/T690-equChristian Poessinger
openvpn: T690: Add metric for pushed routes
2021-09-03openvpn: T690: Add metric for pushed routesViacheslav
2021-09-02tunnel: T3788: Add check keys for ipip and sitViacheslav
Keys are not allowed with ipip and sit tunnels (cherry picked from commit 7e84566dedfdc532ffe05b404005daa6f21df567)
2021-09-02configd: T3694: always set script.argvBrandon Stepler
Several scripts imported by vyos-configd (including src/conf_mode/protocols_static.py) rely on argv for operating on VRFs. Always setting script.argv in src/services/vyos-configd ensures those scripts will operate on the default VRF when called with no arguments. Otherwise, a stale argv might cause those scripts to operate on the last modified VRF instead of the default VRF. (cherry picked from commit 3341c591ad1190f39ff3ffd475eddf5d95aef763)
2021-09-02Makefile: remove vpn/ipsec/node.def file as it's emptyChristian Poessinger
Commit 8d47a10b ("nipsec: T3093: Delete temporarily generated code") removed the new IPSec implementation, but it also dropped a required file from the Makefile. The node.def file is already shipped in vyatta-cfg-vpn and thus must be removed.
2021-09-02Merge pull request #990 from sever-sever/T3093Christian Poessinger
nipsec: T3093: Delete temporarily generated code
2021-09-02nipsec: T3093: Delete temporarily generated codeViacheslav
This code was generated before to rewrite IPSec to XML style And this was rewriten/fixed and used in the next 1.4 releases So we realy don't need it in 1.3 as we use old nodes for it.
2021-09-02login: T3792: bugfix for usernames containing a hyphenChristian Poessinger
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius: T3192: migrate to get_config_dict()") the user-name was not excluded from mangling (no_tag_node_value_mangle=True). This resulted in a username "vyos-user" from CLI to be actually created as "vyos_user" on the system. This commit also adds respective Smoketests to prevent this in the future. (cherry picked from commit 658de9ea0fbe91e593f9cf0a8c434791282af100)
2021-09-02Merge pull request #989 from DmitriyEshenko/1x-equuleus-02092021-03Christian Poessinger
sstp-server: T2661: Delete CA certificate redundancy check
2021-09-02op-mode: T1376: speed up tab-completion for DHCP pool listingChristian Poessinger
Commit 9f20bee81c ("T1376: improve show_dhcp and show_dhcpv6") added the tab completion helper to list the availbale IP pools to query. This was done by calling a python script which then called cli-shell-api which resulted in a penalty by the Python interpreter startup. This can be solved by directly using the cli-shell-api wrapper available as <path> in op-mode - as also seen for DHCPv6. (cherry picked from commit b1ff7baaf3c52c8c364955632fcece2da7033b10)
2021-09-02sstp-server: T2661: Delete CA certificate redundancy checkDmitriyEshenko
2021-09-01Merge pull request #987 from DmitriyEshenko/fix01092021-01Christian Poessinger
pptp-server: T3790: Change ippool priority and define gw-ip-address
2021-09-01login: T1948: add missing ssh-public key name regexChristian Poessinger
(cherry picked from commit 514da738173696c70440c959b9d7ec9afd77fbae)
2021-09-01login: T1948: fix username regex - add missing start ^ and end $Christian Poessinger
(cherry picked from commit bbe0deda9bfcfd4116c44b42156a628de8400b48)