summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-01-17Merge pull request #1762 from sever-sever/T4906-eqViacheslav Hletenko
T4906: Fix show vpn ipsec connections data
2023-01-17T4906: Fix show vpn ipsec connections dataViacheslav Hletenko
We get incorrect data when shows connections As we get list of all connections we should compare the connection name with entries in list and set correct data if they match
2023-01-16Merge pull request #1759 from sever-sever/T4575Christian Breunig
vyos.util: T4575: Add new wrapper "rc_cmd"
2023-01-16vyos.util: T4575: Add new wrapper "rc_cmd"Viacheslav Hletenko
It is useful to have both a return code and output of the command Add a new wrapper "rc_cmd" that returns both % rc_cmd('uname') (0, 'Linux') % rc_cmd('ip link show dev fake') (1, 'Device "fake" does not exist.') (cherry picked from commit 14418b6d80ef4652a44d9280baf369c8e3c429fd)
2023-01-15Merge pull request #1670 from vfreex/dhcp-v6-only-option-1.3Christian Breunig
[1.3] T4832: dhcp: Add dhcp option to signal IPv6-only support (RFC 8925)
2023-01-12Merge pull request #1750 from roedie/1.3-T4918Christian Breunig
Backport: T4918: op_mode interfaces: Fix show int
2023-01-11Backport: T4918: op_mode interfaces: Fix show intSander Klein
`show interfaces ethernet eth0` and `show interface bonding eth0` produces the same output. While this is not a big problem it does make usage a bit odd sometimes. This commit adds the --intf_type option to all instances of interfaces.py to make output consistent.
2023-01-11Merge pull request #1749 from aapostoliuk/T4927-equuleusDaniil Baturin
webproxy: T4927: Changed restart to reload-or-restart in commit
2023-01-11webproxy: T4927: Changed restart to reload-or-restart in commitaapostoliuk
Changed restart to reload-or-restart in the commit. It allows to reload the config and not restart webproxy service during the commit. Backported from 1.4
2023-01-08Merge pull request #1743 from c-po/t2651-ssh-clientChristian Breunig
T4922: T4922: ssh-client backports for equuleus
2023-01-08ssh: T4922: extend verify() when both source-address and source-interface is ↵Christian Poessinger
used We need to ensure that source-address is assigned on source-interface before applying the configuration, else SSH client will have a hard time talking to someone. (cherry picked from commit d1ef90e1eb51334b99ad716969e17c7f257e1a39)
2023-01-08ssh: T4922: add source-interface support ssh-clientChristian Poessinger
(cherry picked from commit 87cc636bd2baf576a2a5ece7a4f8318eb4f69c2e)
2023-01-08ssh: T2651: use Debian style include directve for ssh_config.dChristian Poessinger
Commit 846e306700a ("ssh: T2651: add cli options for source address") added support for a basic SSH client option, but it grabbed the entire /etc/ssh/ssh_config file without the ability to make custom user adjustments via the /etc/ssh/ssh_config.d/ folder. This commit places the VyOS SSH options under /etc/ssh/ssh_config.d/ leaving the common override system alive. (cherry picked from commit 7763de6c4b93d3372ab3f4572d9fa6b7536102b3)
2023-01-02Merge pull request #1734 from c-po/equuleusViacheslav Hletenko
smoketest: container: T578: adjust to podman 3.0.1 JSON output
2023-01-02smoketest: container: T578: adjust to podman 3.0.1 JSON outputChristian Poessinger
The podman version used in VyOS 1.3 differs from the one used in VyOS 1.4 as it is currently not possible to build podman 4.2 for Debian Buster. Due to this restriction we need to adjust the handling of the JSON output when working with container networks.
2022-12-31Merge pull request #1732 from vyos/t578-skopeoChristian Poessinger
Debian: T578: add skopeo dependency on vyos-1x-smoketest
2022-12-31Debian: T578: add skopeo dependency on vyos-1x-smoketestChristian Poessinger
Dependency is required for the test Docker OCI image used within the smoketest framework
2022-12-31Merge pull request #1731 from c-po/t578-container-backportChristian Poessinger
container: T578: backport podman from 1.4 development branch (equuleus)
2022-12-30Merge pull request #1730 from c-po/t4898Daniil Baturin
T4898: add MTU config option for dummy interfaces (equuleus)
2022-12-30container: T578: backport podman from 1.4 development branchChristian Poessinger
2022-12-30dummy: T4898: add missing IPv6 options for smoketestsChristian Poessinger
(cherry picked from commit e5a5684eb4004772439b2dc33ec21b7546db3fe1)
2022-12-30smoketest: dummy: T4898: enable MTU testcaseChristian Poessinger
(cherry picked from commit 7923e7c57a7492111c7cec8b04228db0a6f00af3)
2022-12-30T4898: Add mtu config option for dummy interfacesYuxiang Zhu
I use dummy interfaces in a VRF as source-interfaces for VXLAN in order to force VXLAN send underlay UDP traffic through the VRF where the dummy interface resides. However dummy interface has no mtu option so it always gets an MTU of 1500. This will cause an error when the mtu of dummy is not large enough for the VXLAN traffic. Adding this option in the config template will solve this. (cherry picked from commit 1440ef93e13d15e2247cbfc2cb4ea2afb266fc9e)
2022-12-26Merge pull request #1717 from roedie/1.3-T4809Christian Poessinger
T4809: radvd: (Backport) Allow the use of AdvRASrcAddress
2022-12-26smoketest: radvd: T4809: add test case for RA source addressChristian Poessinger
(cherry picked from commit 65b104d6e0608e229aa36d948fabddaf3f4a0a8b)
2022-12-26radvd: T4809: fix AdvRASrcAddress missing semicolonChristian Poessinger
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new feature to set the RA source-address. Unfortunately it missed a semicolon. (cherry picked from commit 4e61fb1f0fd075c5b1a67165204e13f88a7d3015)
2022-12-22Merge pull request #1722 from aapostoliuk/webproxybackportChristian Poessinger
T3810: Fixed all issues in T3810
2022-12-22T3810: Fixed all issues in T3810aapostoliuk
1. Added in script update webproxy blacklists generation of all DBs 2. Fixed: if the blacklist category does not have generated db, the template generates an empty dest category in squidGuard.conf and a Warning message. 3. Added template generation for local's categories in the rule section. 4. Changed syntax in the generation dest section for blacklist's categories 5. Fixed generation dest local sections in squidGuard.conf 6. Fixed bug in syntax. The word 'allow' changed to the word 'any' in acl squidGuard.conf 7. Backported all changes from 1.4 to 1.3 which were made in T3810 8. Fixed webproxy smoketest
2022-12-17T4809: radvd: Allow the use of AdvRASrcAddressSander Klein
This add the AdvRASrcAddress configuration option to configure a source address for the router advertisements. The source address still must be configured on the system. This is useful for VRRP setups where you want fe80::1 on the VRRP interface for cleaner VRRP failovers.
2022-12-17Merge pull request #1716 from c-po/equuleusViacheslav Hletenko
GitHub: sync to author assign workflow changed from current
2022-12-17GitHub: sync to author assign workflow changed from currentChristian Poessinger
Use the vyos/reviewers team instead of individuals.
2022-12-17Merge pull request #1259 from hensur/equuleus-ipv6-local-routeChristian Poessinger
backport: T4515: T4219: policy local-route6 and inbound-interface support
2022-12-17Merge pull request #1557 from initramfs/equuleus-fix-tcp-mssChristian Poessinger
firewall: T4709: fix firewall MSS clamping issues
2022-12-13Merge pull request #1704 from aapostoliuk/T4874-equuleusViacheslav Hletenko
T4874: Added Warning message
2022-12-10T4874: Added Warning messageaapostoliuk
Added the ability to call Warning messages
2022-11-21Merge pull request #1672 from sever-sever/T4812-eqChristian Poessinger
T4812: Add op-mode Show vpn ipsec connections
2022-11-21T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states.
2022-11-21T4832: dhcp: Add dhcp option to signal IPv6-only supportYuxiang Zhu
Clients supporting this DHCP option (DHCP option 108, per RFC 8925) will disable its IPv4 network stack for configured number of seconds and operate in IPv6-only mode. Example clients supporting this option including iOS 15+ and macOS 12.0.1+.
2022-11-15Merge pull request #1659 from vfreex/fix-ns-config-equuleusChristian Poessinger
backport: T4815: Fix various name server config issues
2022-11-15backport: T4815: Fix various name server config issuesYuxiang Zhu
This is a backport of https://github.com/vyos/vyos-1x/pull/1656. Note I also changed `ip-down.script.tmpl` to not wait for `systemctl stop dhcp6c@$iface.service`, because that command is slow and pppd will kill the ip-down script if it times out. I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch. Not sure if there is another mechanism to handle that functionality or it is missed.
2022-11-05Merge pull request #1640 from initramfs/equuleus-fix-pdns-reloadChristian Poessinger
backport: dns: T4799: fixed powerdns not being reloaded by vyos-hostsd
2022-11-05dns: T4799: fix bug with not reloading powerdns configinitramfs
PowerDNS version 4.7 and above has changed the main process name from 'pdns-r/worker' to 'pdns_recursor'. This commit updates the process name check to use the new name. (cherry picked from commit ff09d4f47e5f54fad8258cd27fb0adfaa4c552b3)
2022-11-01Merge pull request #1634 from c-po/t4177-equuleusChristian Poessinger
strip-private: T4177: Fix for hiding private data token/url/bucket
2022-11-01strip-private: T4177: Fix for hiding private data token/url/bucketViacheslav
Add URL, token and bucket hidind data when is used function "strip-private" (cherry picked from commit f12d8b5a575f4b454426fe11f65b5add966ca53c)
2022-10-31Merge pull request #1630 from roedie/1.3-T4526Christian Poessinger
keepalived: T4526: keepalived-fifo.py unable to load config
2022-10-31Merge pull request #1629 from c-po/t4785-snmp-equuleusChristian Poessinger
snmp: T4785: allow !, @, * and # in SNMP community name (equuleus)
2022-10-30keepalived: T4526: keepalived-fifo.py unable to load configSander Klein
keepalived-fifo.py cannot load the VyOS config because the script is started before the commit is completely finished. This change makes sure the script waits for the commit to be completed. It retries every 0.5 seconds. If the commit is still not completed it will continue as did the original implementation.
2022-10-30snmp: T4785: allow @, * and # in SNMP community nameChristian Poessinger
(cherry picked from commit 3f91033927d80748b70e1ef58b2941643d1aca33)
2022-10-29snmp: T4785: allow ! in community nameChristian Poessinger
(cherry picked from commit dda62226353ebc198b4dbbd319412bb5d1d1ece2)
2022-10-15Merge pull request #1579 from sever-sever/T4743Viacheslav Hletenko
ddclient: T4743: Add option for IPv6 Dynamic DNS