summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-08-25Merge pull request #1494 from c-po/equuleus-proxy-t4642Christian Poessinger
proxy: T4642: bugfix regex, add hyphen to allow list
2022-08-25proxy: T4642: allow https proxy transportsChristian Poessinger
(cherry picked from commit 73be77ec42d06a369974bfb1255839164f73c276)
2022-08-24proxy: T4642: bugfix regex, add hyphen to allow listChristian Poessinger
(cherry picked from commit bfa13e367d0b77105ba350a34da8212859f07f59)
2022-08-22Merge pull request #1479 from c-po/macsec-t4538-equuleusDaniil Baturin
ethernet: T4538: fix wrong systemd unit used for EAPoL (equuleus)
2022-08-22Merge pull request #1484 from c-po/bridge-fixesChristian Poessinger
bridge: T4632: vlan aware bridge lacks CPU forwarding
2022-08-22bridge: T4632: vlan aware bridge lacks CPU forwardingChristian Poessinger
The VLAN aware bridge was forwarding traffic between member ports, but traffic destined torwards the CPU was dropped. This resulted in a gateway not reachable or DHCP leases that could not be handed out. Tested via: VyOS set interfaces bridge br0 enable-vlan set interfaces bridge br0 member interface eth1 allowed-vlan '10' set interfaces bridge br0 member interface eth1 allowed-vlan '20' set interfaces bridge br0 member interface eth1 allowed-vlan '30' set interfaces bridge br0 member interface eth1 allowed-vlan '40' set interfaces bridge br0 member interface eth1 native-vlan '40' set interfaces bridge br0 member interface eth2 allowed-vlan '30' set interfaces bridge br0 member interface eth2 allowed-vlan '20' set interfaces bridge br0 member interface eth2 allowed-vlan '10' set interfaces bridge br0 member interface eth2 allowed-vlan '40' set interfaces bridge br0 vif 10 address '10.0.10.1/24' set interfaces bridge br0 vif 20 address '10.0.20.1/24' set interfaces bridge br0 vif 30 address '10.0.30.1/24' set interfaces bridge br0 vif 40 address '10.0.40.1/24' Arista vEOS vlan 10,20,30,40 interface Ethernet1 switchport trunk allowed vlan 10,20,30,40 interface Vlan10 ip address 10.0.10.2/24 interface Vlan20 ip address 10.0.20.2/24 interface Vlan30 ip address 10.0.30.2/24 interface Vlan40 ip address 10.0.40.2/24 interface Ethernet1 switchport trunk allowed vlan 10,20,30,40 switchport mode trunk spanning-tree portfast Cisco vIOS interface GigabitEthernet0/0 ip address 10.0.40.3 255.255.255.0 duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 10.0.10.3 255.255.255.0 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip address 10.0.20.3 255.255.255.0 ! interface GigabitEthernet0/0.30 encapsulation dot1Q 30 ip address 10.0.30.3 255.255.255.0 ! (cherry picked from commit f60d0e1ce029925b843f635b36154c90049b9577)
2022-08-22Merge pull request #1480 from c-po/t4629-equuleusDaniil Baturin
T4629: Raised ConfigErrors contain dict instead of only the dict key (equuleus)
2022-08-19vyos.config.configdict: T4592: T4629: only print interface name, not ↵Christian Poessinger
interface dict on error (cherry picked from commit 475fbb785dca76868715827833dc44115635c4a6)
2022-08-19ethernet: T4538: fix wrong systemd unit used for EAPoLChristian Poessinger
When MACsec was bound to an ethernet interface and the underlaying source-interface got changed (even description only) this terminated the MACsec session running on top of it. The root cause is when EAPoL was implemented in commit d59354e52a8a7f we re-used the same systemd unit which is responsible for MACsec. That indeed lead to the fact that wpa_supplicant was always stopped when anything happened on the underlaying source-interface that was not related to EAPoL. (cherry picked from commit f92a23ef9ab8be59681e5b7ba627e399d89bce53)
2022-08-18Merge pull request #1470 from c-po/openconnect-T4614Daniil Baturin
ocserv: openconnect: T4614: add support for split-dns (equuleus)
2022-08-16Merge pull request #1473 from dmbaturin/T4039-equViacheslav Hletenko
syslog: T4039: Add protocol23format logging for UDP
2022-08-16syslog: T4039: Add protocol23format logging for UDPViacheslav
Add protocol23format for rsyslog protocol UDP Add ability to use IPv6 addresses (bracketize_ipv6) for protocol TCP and UDP, when protocol is configured explicity
2022-08-16Merge pull request #1472 from c-po/debian-t4584-equuleusDaniil Baturin
Debian: T4584: remove version number from hostap package requirement
2022-08-16Debian: T4584: remove version number from hostap package requirementChristian Poessinger
(cherry picked from commit 681bdf2946d1d10f3b432f70452a8d018b7a98ae)
2022-08-15openconnect: T4616: bugfix KeyError: 'local_users'Christian Poessinger
To reproduce: set vpn openconnect authentication mode local commit Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 147, in <module> verify(c) File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 64, in verify if not ocserv["authentication"]["local_users"] or not ocserv["authentication"]["local_users"]["username"]: KeyError: 'local_users'
2022-08-15ocserv: openconnect: T4614: add support for split-dnsChristian Poessinger
set vpn openconnect network-settings split-dns <domain> (cherry picked from commit e41685a2f56cca0a53b4f8c084f61a85cf561c80)
2022-08-15smoketest: ocserv: implement config file validationChristian Poessinger
(cherry picked from commit bd102eac6d0c97a5f75324d1248814ebdad42da5)
2022-08-15Merge pull request #1469 from c-po/macsec-equuleusChristian Poessinger
MACsec: T4537: fix AES-GCM-256 support
2022-08-15macsec: T4537: macsec_csindex can be set even without encryptionChristian Poessinger
(cherry picked from commit 0943ac00412b0049b7a20a54e27e7b8025726598)
2022-08-15smoketest: macsec: T4537: validate macsec_csindex for both AES-GCM-128 and ↵Christian Poessinger
AES-GCM-256 (cherry picked from commit e19889adf8cef101d85a279055271a68b078ec73)
2022-08-15macsec: T4592: can not create two interfaces using the same source-interfaceChristian Poessinger
(cherry picked from commit 993961f60ead2a18912eb577b1152463d4eb8b4e)
2022-08-15smoketest: macsec: T4537: verify macsec_csindexChristian Poessinger
(cherry picked from commit 17e76dc77801ac58b2587f664c884c0d671a55c0)
2022-08-15macsec: T4537: add missing macsec_csindex option to support GCM-AES-256Christian Poessinger
(cherry picked from commit 258e6873b60531fe70d868d2e53ce2f921fe7f13)
2022-08-15macsec: T4537: remove debug falg "-d" from systemd service fileChristian Poessinger
(cherry picked from commit fa25d349aebc86e43957f37db765787fb7e431db)
2022-08-15macsec: T4537: supply PID path via systemd service file to daemonChristian Poessinger
(cherry picked from commit 5e919d3f91bccaf64878a94756c21766896db132)
2022-08-15macsec: T4537: restart wpa_supplicant on errorChristian Poessinger
(cherry picked from commit b2ff1407330e383a9fff688376377efc534bcfbc)
2022-08-15macsec: T2023: fixup systemd unit descriptionChristian Poessinger
(cherry picked from commit bc70c1f502bc587627b1bd15f6803c6c09d20a66)
2022-08-15macsec: T4537: support online ciper and source-interface re-configurationChristian Poessinger
(cherry picked from commit 82d8494d349edd7707c3811a71ca0e9c0648204e)
2022-08-15macsec: T4537: allow 32-byte keys for gcm-aes-256Christian Poessinger
(cherry picked from commit 393355f7feaa921eba46b83d4f15ad4a5c37adab)
2022-08-15Merge pull request #1467 from dmbaturin/macsec-fixChristian Poessinger
Fix missing dict_search import in interfaces-macsec.py
2022-08-13Fix missing dict_search import in interfaces-macsec.pyDaniil Baturin
2022-08-04Merge pull request #1453 from sever-sever/T4572-eqDaniil Baturin
mtu: T4572: Add DHCP-option MTU to get values from DHCP-server
2022-08-04Merge pull request #1450 from c-po/bridge-fixes-equuleusChristian Poessinger
bridge: bugfixes for equuleus
2022-08-01Merge pull request #1448 from initramfs/fix-t4582-equuleusChristian Poessinger
backport: router-advert: T4582: fix preferred cannot equal valid lifetime
2022-08-01mtu: T4572: Add DHCP-option MTU to get values from DHCP-serverViacheslav Hletenko
Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured (cherry picked from commit 29b0ee30bf2622a40ca3d17e3f6b9e94e5b62072)
2022-08-01macsec: T3368: check key length for gcm-aes-128/gcm-aes-256Christian Poessinger
(cherry picked from commit a09359828e38c5b51a4579af16b5ea263a98233f)
2022-08-01bridge: T4565: bugfix error message when member interface contains an addressChristian Poessinger
We should not print the entire dictionary - we only need the bridge interface name: Bug: Cannot assign address to interface "eth1" as it is a member of bridge "{'br0': {'allowed_vlan': ['5-50', '101'], 'native_vlan': '101'}}"! Fixed: Cannot assign address to interface "eth1" as it is a member of bridge "br0"! (cherry picked from commit 71f2f2d789bd3452ca7b5306f39df5f6537bfef0)
2022-08-01router-advert: T4582: fix preferred cannot equal valid lifetimeinitramfs
Allows preferred lifetime for prefix advertisements to equal the configured valid lifetime as per RFC 4861. (cherry picked from commit f6efe3035d352970dc492450c3c9ddf710dda5fe)
2022-07-31smoketest: bridge: T4565: changes to lower interfaces must not destroy VLAN ↵Christian Poessinger
aware bridge (cherry picked from commit dbc8e243e13b370e74c6ab20b642c881b6377bd5)
2022-07-31bridge: T4565: is_member() must return the dict of the member interfaceChristian Poessinger
... otherwise functionality like bridge VLANs will loose configuration on membe rinterface update (e.g. description) (cherry picked from commit a295ec1fc4cb9cdbb0bd5efd7c8e72060ce036f5)
2022-07-31bridge: T4579: cleanup interface dict (remove empty keys)Christian Poessinger
(cherry picked from commit 54227591a0eb3c7aa8c896c6ec8b1826ce070ddf)
2022-07-31bridge: T4579: remove duplicate code path already handled by base classChristian Poessinger
Interface() base class already takes care about VLAN creation/removal of newly added or no longer required interfaces. No need to code this logic again. (cherry picked from commit 41477cc85208507be55f8db4e412ad78eae764eb)
2022-07-31Revert "vyos.configdict(): T4228: is_member() must split VLAN interfaces"Christian Poessinger
(cherry picked from commit 99ff0ac7d29a65466a0fe4a12ef1a42cce90ece0)
2022-07-24Merge pull request #1416 from sever-sever/T2763-eqDaniil Baturin
snmp: T2763: Add protocol TCP for service SNMP
2022-07-18Merge pull request #1406 from c-po/equuleus-interface-fixesDaniil Baturin
equuleus: Bond and Bridge interface fixes + new smoketests
2022-07-18Merge pull request #1415 from sever-sever/T4532-eq-smoketestDaniil Baturin
smoketest: T4532: Fix for smoketest flow-accounting
2022-07-18interfaces: T4525: interfaces can not be member of a bridge/bond and a VRFChristian Poessinger
(cherry picked from commit 81e0f4a8dece85da7169ba05448e870206aaf57b)
2022-07-18bond: T4525: fix adding member interface to bond after removing VRFChristian Poessinger
When removing a VRF from an ethernet interface and adding the interface to a bond in the same commit led to an OSError: [Errno 16] Device or resource busy! (cherry picked from commit 3592f56a8deb6c44dcdd7a44ef54fc2c39eb1a3b)
2022-07-18vyos.configdict(): T4228: is_member() must return member interface config dictChristian Poessinger
This extends commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real" hardware interface") and returns the config dict of the used member interfaces. (cherry picked from commit 5b4f76429989a6ab8ca64aeed5a1fae09fe7c6ca)
2022-07-18bond: bridge: T4534: error out if member interface is assigned to a VRF instanceChristian Poessinger
It makes no sense to enslave an interface to a bond or a bridge device if it is bound to a given VRF. If VRFs should be used - the encapuslating/master interface should be part of the VRF. Error out if the member interface is part of a VRF. (cherry picked from commit 87d2dff241d9ab4de9f3a2c7fbf9852934557aef)