Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-09-25 | ipsec: T2816: ipsec-dhclient-hook should only run if swanctl.conf exists | Christian Poessinger | |
2021-09-25 | ipsec: T2816: ipsec-dhclient-hook should use exit(0) | Christian Poessinger | |
2021-09-25 | ipsec: T2816: ipsec-dhclient-hook should use vyos.util.read_file() / ↵ | Christian Poessinger | |
write_file() | |||
2021-09-25 | vyos.ifconfig: dhcpv6: re-use systemd_service definition variable | Christian Poessinger | |
2021-09-25 | vyos.ifconfig: dhcp: T3300: always re-start dhcp client instead of start | Christian Poessinger | |
Commit dd2eb5e5686655 ("dhcp: T3300: add DHCP default route distance") changed the logic on how the DHCP process is going to be started. The systemd unit was always "started" even if it was already running. It should rather be re-started to track changes in e.g. the DHCP hostname setting. | |||
2021-09-23 | smoketest: T3850: use as complicated as possible public-key name | Christian Poessinger | |
2021-09-23 | T3850: Revert "login: T1948: add missing ssh-public key name regex" | Christian Poessinger | |
This reverts commit 514da738173696c70440c959b9d7ec9afd77fbae. | |||
2021-09-23 | smoketest: ospf: debug output only syslog and FRR | Christian Poessinger | |
The Kernel output seemed to be not that helpful and only polluted the log. Now we only gather the syslog and FRRs configuration | |||
2021-09-23 | Merge pull request #1014 from nagua/fix_smaller_openvpn_issues | Christian Poessinger | |
T3642: Fix smaller OpenVpn issues | |||
2021-09-23 | openvpn: T3642: Openvpn does not work without dh parameter in EC mode | Nicolas Riebesel | |
2021-09-23 | openvpn: T3642: Fix password_protected check | Nicolas Riebesel | |
2021-09-23 | openvpn: T3642: Add option for TLS 1.3 | Nicolas Riebesel | |
2021-09-22 | smoketest: vrrp: delete interface vifs after test | Christian Poessinger | |
2021-09-22 | vrrp: keepalived: T3847: enable no_tag_node_value_mangle for get_config_dict() | Christian Poessinger | |
Commit 761631d6 ("vrrp: keepalived: T3847: migrate to get_config_dict()") switched to the new python function get_config_dict(), when we deal with tag nodes that can contain a hyphen, we should also set no_tag_node_value_mangle in order to preserve it. This caused a dict lookup error as the hyphens in the test scripts got replaced by an _. | |||
2021-09-21 | vrrp: keepalived: T3847: migrate/streamline CLI options | Christian Poessinger | |
Rename virtual-address -> address as we always talk about an IP address. | |||
2021-09-21 | vrrp: keepalived: T3847: add common transition-script building block | Christian Poessinger | |
This is used for both VRRP groups and sync-groups. | |||
2021-09-21 | vrrp: keepalived: T3847: remove "transition-script mode-force" option | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T616: use common description building block | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T3847: migrate to get_config_dict() | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T616: enable script security | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T616: move configuration to volatile /run directory | Christian Poessinger | |
Move keepalived configuration from /etc/keepalived to /run/keepalived. | |||
2021-09-21 | smoketest: vrrp: T616: add basic smoketest to verify keepalived configuration | Christian Poessinger | |
2021-09-21 | xml: vrrp: T616: add missing valueHelp for "authentication type" | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks feature | Christian Poessinger | |
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file. | |||
2021-09-21 | dhcp-server: T3839: support domain-search and ntp-server config per ↵ | Christian Poessinger | |
shared-network | |||
2021-09-21 | xml: ospf: fix routing-passive-interface-xml.i include | Christian Poessinger | |
Commit a8b2e52148d ("xml: Update routing-passive-interface-xml.i file extension to standard .xml.i") only altered the RIP include statement but did not alter the OSPF include. | |||
2021-09-21 | Merge pull request #1013 from sarthurdev/current | Christian Poessinger | |
github: Add .gitattributes to correct language detection | |||
2021-09-21 | smoketest: ipsec: T1441: adjust to latest VTI/XFRM interface changes | Christian Poessinger | |
Commit d768aee9 ("ipsec: T1441: Clean up vti-up-down script for XFRM interfaces") removed a parameter from the updown scripts which is no longer necessary as XFRM interfaces are superior to VTI interfaces b/c they use dynamic endpoints by default. | |||
2021-09-20 | smoketest: use assertNotIn() in base interface test | Christian Poessinger | |
2021-09-20 | ifconfig: T2104: cleanup IPv6 EUI-64 handling in update() | Christian Poessinger | |
2021-09-20 | vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC" | Christian Poessinger | |
Commit b7d30137b1 ("vyos.ifconfig: provide generic get_mac_synthetic() method") provided a common helper to generate MAC addresses used by EUI64 addresses for interfaces not having a layer2 interface (WireGuard or ip tunnel). The problem is that every call to the helper always yielded a new MAC address. This becomes problematic when IPv6 link-local addresses are generated and modified on the interface as multiple link-local (fe80::/64) addresses can easily be added to the interface leaving ... a mess. This commit changes the way how the "synthetic" MAC is generated, we generate a UUID which is stable as it is based on the interface name. We take out the last 48 bits of the UUID and form the "MAC" address. | |||
2021-09-20 | xml: Update routing-passive-interface-xml.i file extension to standard .xml.i | sarthurdev | |
2021-09-20 | github: Add .gitattributes to override language detection | sarthurdev | |
2021-09-20 | vyos.ifconfig: T2738: can only read from a file when it exists | Christian Poessinger | |
When IPv6 is disbaled on an interface also the sysfs files related to IPv6 for this interface vanish. We need to check if the file exists before we read it. | |||
2021-09-20 | Merge pull request #1012 from lucasec/vti-enhancements | Christian Poessinger | |
ipsec: T1441: Clean up vti-up-down script for XFRM interfaces | |||
2021-09-19 | ipsec: T1441: Clean up vti-up-down script for XFRM interfaces | Lucas Christian | |
2021-09-19 | vyos.ifconfig: T2738: do not remove OS assigned IP addresses from interface | Christian Poessinger | |
When using VRRP on any given interface and performing an action against that interface - be it even only changing the alias - will trigger a removal of the VRRP IP address. The issue is caused by: # determine IP addresses which are assigned to the interface and build a # list of addresses which are no longer in the dict so they can be removed cur_addr = self.get_addr() for addr in list_diff(cur_addr, new_addr): When the script calls into the library - we will drop all IP addresses set on the adapter but not available in the config dict. We should only remove the IP addresses marked by the CLI to be deleted! | |||
2021-09-19 | vyos.configdict: bugfix: leaf_node_changed() must return empty dict when ↵ | Christian Poessinger | |
node is added Commit f476e456 ("vyos.configdict: leaf_node_changed() must return empty dict when node is added") returned [''] as "empty" dict - but this is not empty. >>> if ['']: ... print('foo') ... foo It should rather be: [] | |||
2021-09-19 | vyos.ifconfig: T2738: add delta check when changing interface parameters | Christian Poessinger | |
There is no need to alter interface parameters if they have not changed at all. | |||
2021-09-19 | dhcp-server: T3672: migrate failover name option | Christian Poessinger | |
Commit 2985035b (dhcp-server: T3672: re-add missing "name" CLI option) unfortunately did not add the name option to the migration script. | |||
2021-09-19 | smoketest: dhcp: T3841: validate ping-check option | Christian Poessinger | |
2021-09-19 | smoketest: dhcp: T3672: adjust to new CLI syntax | Christian Poessinger | |
2021-09-19 | dhcp-server: T3672: bugfix Jinja2 template | Christian Poessinger | |
The DHCP servers pool {} option can only be used when there follows a range statement. This is invalid for a network with only "static" leases. | |||
2021-09-19 | dhcp-server: T3672: re-add missing "name" CLI option | Christian Poessinger | |
This option is mandatory and must be user configurable as it needs to match on both sides. | |||
2021-09-19 | xml: dhcp-server: move building blocks to dhcp subdirectory | Christian Poessinger | |
2021-09-19 | dhcp-server: T3841: add option to perform ICMP check before address assignment | Christian Poessinger | |
2021-09-19 | dhcp-server: T3672: only one failover peer is supported | Christian Poessinger | |
2021-09-19 | dhcpv6: op-mode: xml: error out if DHCPv6 service not configured | Christian Poessinger | |
Restarting DHCPv6 server should not be possible when service is not configured on the CLI. | |||
2021-09-19 | dhcpv6: op-mode: xml: fix duplicate help strings | Christian Poessinger | |
2021-09-19 | dhcp: op-mode: xml: error out if DHCP service not configured | Christian Poessinger | |