summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-01-08ssh: T4922: extend verify() when both source-address and source-interface is ↵Christian Poessinger
used We need to ensure that source-address is assigned on source-interface before applying the configuration, else SSH client will have a hard time talking to someone. (cherry picked from commit d1ef90e1eb51334b99ad716969e17c7f257e1a39)
2023-01-08ssh: T4922: add source-interface support ssh-clientChristian Poessinger
(cherry picked from commit 87cc636bd2baf576a2a5ece7a4f8318eb4f69c2e)
2023-01-08ssh: T2651: use Debian style include directve for ssh_config.dChristian Poessinger
Commit 846e306700a ("ssh: T2651: add cli options for source address") added support for a basic SSH client option, but it grabbed the entire /etc/ssh/ssh_config file without the ability to make custom user adjustments via the /etc/ssh/ssh_config.d/ folder. This commit places the VyOS SSH options under /etc/ssh/ssh_config.d/ leaving the common override system alive. (cherry picked from commit 7763de6c4b93d3372ab3f4572d9fa6b7536102b3)
2023-01-02Merge pull request #1734 from c-po/equuleusViacheslav Hletenko
smoketest: container: T578: adjust to podman 3.0.1 JSON output
2023-01-02smoketest: container: T578: adjust to podman 3.0.1 JSON outputChristian Poessinger
The podman version used in VyOS 1.3 differs from the one used in VyOS 1.4 as it is currently not possible to build podman 4.2 for Debian Buster. Due to this restriction we need to adjust the handling of the JSON output when working with container networks.
2022-12-31Merge pull request #1732 from vyos/t578-skopeoChristian Poessinger
Debian: T578: add skopeo dependency on vyos-1x-smoketest
2022-12-31Debian: T578: add skopeo dependency on vyos-1x-smoketestChristian Poessinger
Dependency is required for the test Docker OCI image used within the smoketest framework
2022-12-31Merge pull request #1731 from c-po/t578-container-backportChristian Poessinger
container: T578: backport podman from 1.4 development branch (equuleus)
2022-12-30Merge pull request #1730 from c-po/t4898Daniil Baturin
T4898: add MTU config option for dummy interfaces (equuleus)
2022-12-30container: T578: backport podman from 1.4 development branchChristian Poessinger
2022-12-30dummy: T4898: add missing IPv6 options for smoketestsChristian Poessinger
(cherry picked from commit e5a5684eb4004772439b2dc33ec21b7546db3fe1)
2022-12-30smoketest: dummy: T4898: enable MTU testcaseChristian Poessinger
(cherry picked from commit 7923e7c57a7492111c7cec8b04228db0a6f00af3)
2022-12-30T4898: Add mtu config option for dummy interfacesYuxiang Zhu
I use dummy interfaces in a VRF as source-interfaces for VXLAN in order to force VXLAN send underlay UDP traffic through the VRF where the dummy interface resides. However dummy interface has no mtu option so it always gets an MTU of 1500. This will cause an error when the mtu of dummy is not large enough for the VXLAN traffic. Adding this option in the config template will solve this. (cherry picked from commit 1440ef93e13d15e2247cbfc2cb4ea2afb266fc9e)
2022-12-26Merge pull request #1717 from roedie/1.3-T4809Christian Poessinger
T4809: radvd: (Backport) Allow the use of AdvRASrcAddress
2022-12-26smoketest: radvd: T4809: add test case for RA source addressChristian Poessinger
(cherry picked from commit 65b104d6e0608e229aa36d948fabddaf3f4a0a8b)
2022-12-26radvd: T4809: fix AdvRASrcAddress missing semicolonChristian Poessinger
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new feature to set the RA source-address. Unfortunately it missed a semicolon. (cherry picked from commit 4e61fb1f0fd075c5b1a67165204e13f88a7d3015)
2022-12-22Merge pull request #1722 from aapostoliuk/webproxybackportChristian Poessinger
T3810: Fixed all issues in T3810
2022-12-22T3810: Fixed all issues in T3810aapostoliuk
1. Added in script update webproxy blacklists generation of all DBs 2. Fixed: if the blacklist category does not have generated db, the template generates an empty dest category in squidGuard.conf and a Warning message. 3. Added template generation for local's categories in the rule section. 4. Changed syntax in the generation dest section for blacklist's categories 5. Fixed generation dest local sections in squidGuard.conf 6. Fixed bug in syntax. The word 'allow' changed to the word 'any' in acl squidGuard.conf 7. Backported all changes from 1.4 to 1.3 which were made in T3810 8. Fixed webproxy smoketest
2022-12-17T4809: radvd: Allow the use of AdvRASrcAddressSander Klein
This add the AdvRASrcAddress configuration option to configure a source address for the router advertisements. The source address still must be configured on the system. This is useful for VRRP setups where you want fe80::1 on the VRRP interface for cleaner VRRP failovers.
2022-12-17Merge pull request #1716 from c-po/equuleusViacheslav Hletenko
GitHub: sync to author assign workflow changed from current
2022-12-17GitHub: sync to author assign workflow changed from currentChristian Poessinger
Use the vyos/reviewers team instead of individuals.
2022-12-17Merge pull request #1259 from hensur/equuleus-ipv6-local-routeChristian Poessinger
backport: T4515: T4219: policy local-route6 and inbound-interface support
2022-12-17Merge pull request #1557 from initramfs/equuleus-fix-tcp-mssChristian Poessinger
firewall: T4709: fix firewall MSS clamping issues
2022-12-13Merge pull request #1704 from aapostoliuk/T4874-equuleusViacheslav Hletenko
T4874: Added Warning message
2022-12-10T4874: Added Warning messageaapostoliuk
Added the ability to call Warning messages
2022-11-21Merge pull request #1672 from sever-sever/T4812-eqChristian Poessinger
T4812: Add op-mode Show vpn ipsec connections
2022-11-21T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states.
2022-11-15Merge pull request #1659 from vfreex/fix-ns-config-equuleusChristian Poessinger
backport: T4815: Fix various name server config issues
2022-11-15backport: T4815: Fix various name server config issuesYuxiang Zhu
This is a backport of https://github.com/vyos/vyos-1x/pull/1656. Note I also changed `ip-down.script.tmpl` to not wait for `systemctl stop dhcp6c@$iface.service`, because that command is slow and pppd will kill the ip-down script if it times out. I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch. Not sure if there is another mechanism to handle that functionality or it is missed.
2022-11-05Merge pull request #1640 from initramfs/equuleus-fix-pdns-reloadChristian Poessinger
backport: dns: T4799: fixed powerdns not being reloaded by vyos-hostsd
2022-11-05dns: T4799: fix bug with not reloading powerdns configinitramfs
PowerDNS version 4.7 and above has changed the main process name from 'pdns-r/worker' to 'pdns_recursor'. This commit updates the process name check to use the new name. (cherry picked from commit ff09d4f47e5f54fad8258cd27fb0adfaa4c552b3)
2022-11-01Merge pull request #1634 from c-po/t4177-equuleusChristian Poessinger
strip-private: T4177: Fix for hiding private data token/url/bucket
2022-11-01strip-private: T4177: Fix for hiding private data token/url/bucketViacheslav
Add URL, token and bucket hidind data when is used function "strip-private" (cherry picked from commit f12d8b5a575f4b454426fe11f65b5add966ca53c)
2022-10-31Merge pull request #1630 from roedie/1.3-T4526Christian Poessinger
keepalived: T4526: keepalived-fifo.py unable to load config
2022-10-31Merge pull request #1629 from c-po/t4785-snmp-equuleusChristian Poessinger
snmp: T4785: allow !, @, * and # in SNMP community name (equuleus)
2022-10-30keepalived: T4526: keepalived-fifo.py unable to load configSander Klein
keepalived-fifo.py cannot load the VyOS config because the script is started before the commit is completely finished. This change makes sure the script waits for the commit to be completed. It retries every 0.5 seconds. If the commit is still not completed it will continue as did the original implementation.
2022-10-30snmp: T4785: allow @, * and # in SNMP community nameChristian Poessinger
(cherry picked from commit 3f91033927d80748b70e1ef58b2941643d1aca33)
2022-10-29snmp: T4785: allow ! in community nameChristian Poessinger
(cherry picked from commit dda62226353ebc198b4dbbd319412bb5d1d1ece2)
2022-10-15Merge pull request #1579 from sever-sever/T4743Viacheslav Hletenko
ddclient: T4743: Add option for IPv6 Dynamic DNS
2022-10-13Merge pull request #1593 from sever-sever/T4312-eqViacheslav Hletenko
monitoring: T4312: Ability to set IP address in the URL
2022-10-13monitoring: T4312: Ability to set IP address in the URLViacheslav Hletenko
Use common "url.xml" which allow URL as domain name or IP entrie
2022-10-12Merge pull request #1582 from sever-sever/T4730-eqViacheslav Hletenko
conntrack-sync: T4730: Fix listen-address jinja2 template
2022-10-11Merge pull request #1583 from sever-sever/T4680-eqChristian Poessinger
monitoring: T4680: Bracketize prometheus listen-address
2022-10-11monitoring: T4680: Bracketize prometheus listen-addressViacheslav Hletenko
Fix correct format for prometheus listen-address when we use IPv6 address, we must use square 'brackets' http://[2001:db8::11e]:9273
2022-10-11conntrack-sync: T4730: Fix listen-address jinja2 templateViacheslav Hletenko
Listen address has option 'multi' As result we have an incorrect template value for listen-address - conntrack-sync listen-address '192.0.2.11' in template It looks like "IPv4_address ['192.0.2.11']" in the conntrackd.conf but the correct string expected without brackets Fix it
2022-10-10ddclient: T4743: Add option for IPv6 Dynamic DNSViacheslav Hletenko
Allow to set IPv6 address for Dynamic DNS set service dns dynamic interface eth2 ipv6-enable
2022-10-03Merge pull request #1548 from c-po/t4702-equuleus-wireguardChristian Poessinger
wireguard: T4702: actively revoke peer if it gets disabled
2022-10-03Merge pull request #1520 from c-po/t4652-equuleus-pdns-47Christian Poessinger
smoketest: T4652: upgrade PowerDNS recursor to 4.7 series
2022-10-03Merge pull request #1556 from c-po/equules-t3171Daniil Baturin
ethernet: T3171: enable RPS (Receive Packet Steering) for all RX queues
2022-09-26firewall: T4709: adjust TCP MSS clamping ranges and optionsinitramfs
This commit fixes MSS clamping ranges as well as reintroduces the clamp-mss-to-pmtu option value to clamp to PMTU instead.