summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-02-28Merge pull request #1784 from Zen3515/current-add-container-command-argChristian Breunig
container: T4014: Add `command`, `arg` and `entrypoint` configuration options for containers
2023-02-28Merge pull request #1853 from sever-sever/T5033Christian Breunig
T5033: Ability to generate muliple keys from a file or link
2023-02-28Merge pull request #1858 from jestabro/typo-openvpnChristian Breunig
openvpn: T4770: fix tabulate output in _format_openvpn
2023-02-27openvpn: T4770: fix tabulate output in _format_openvpnJohn Estabrook
2023-02-27Merge pull request #1856 from jestabro/list-interfacesChristian Breunig
op-mode: T4952: use list_interfaces from vyos-utils
2023-02-27op-mode: T4952: use list_interfaces from vyos-utilsJohn Estabrook
2023-02-27Merge pull request #1855 from aapostoliuk/T4955-2-sagittaChristian Breunig
openconnect: T4955: Renamed function and changed error messages
2023-02-27openconnect: T4955: Renamed function and changed error messagesaapostoliuk
Renamed local function to be identical to 1.3 ver Changed error messages after commit to be identical to 1.3 ver
2023-02-27Merge pull request #1644 from aapostoliuk/T4790-sagittaViacheslav Hletenko
T4790: Added check of the sum of radius timeouts
2023-02-27T5033: Ability to generate muliple keys from a file or linkViacheslav Hletenko
We generate only one public key (string) from a file xxx.pub op-mode with 'generate public-key-command user vyos lik_to_key_file' Add ability to generate configuration (from op-mode) for multiple keys As github keys don't use identifiers, generate uuid4 id for them
2023-02-26graphql: T4979: add user info to token requestJohn Estabrook
2023-02-26T4997: add dhcp client user hooksbri
This commit adds a script to run user-defined hook scripts upon renewing a DHCP lease. This can be used to, for example, dynamically define a firewall address-group based on the dynamic IP address of an interface. For an example of its use (as well as the use case I had in mind while coding this), see https://vyos.dev/T2196#142394 Co-authored-by: br <git@ibeep.com>
2023-02-26smoketest: tunnel: T5034: adjust to new multicast CLI syntaxChristian Breunig
Commit 54c36e43 (tunnel: T5034: migrate "multicast enable" CLI node to enable-multicast) changed the syntax on the CLI. This commits changes the testcase to make use of the new syntax.
2023-02-25tunnel: T5034: migrate "multicast enable" CLI node to enable-multicastChristian Breunig
Tunnel interface multicast settings can be "enabled or disabled". As we prefer valueless nodes, and the linux kernel default is "disabled" we should add a set interfaces tunnel tunXX enable-multicast command
2023-02-25python: T5026: Replace deprecated Python modules crypt, spwdsarthurdev
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13 DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13
2023-02-24login: T1948: drop absolut path to /usr/libexec/vyos, re-use vyos.defaultsChristian Breunig
2023-02-24Merge pull request #1851 from zdc/T4943-sagittaChristian Breunig
login: T4943: Fixed 2FA + RADIUS compatibility
2023-02-24login: T4943: Fixed 2FA + RADIUS compatibilityzsdc
MFA requires KbdInteractiveAuthentication to ask a second factor, and the RADIUS module for PAM does not like it, which makes them incompatible. This commit: * disables KbdInteractiveAuthentication * changes order for PAM modules - make it first, before `pam_unix` or `pam_radius_auth` * enables the `forward_pass` option for `pam_google_authenticator` to accept both password and MFA in a single input As a result, local, RADIUS, and MFA work together. Important change: MFA should be entered together with a password. Before: ``` vyos login: <USERNAME> Password: <PASSWORD> Verification code: <MFA> ``` Now: ``` vyos login: <USERNAME> Password & verification code: <PASSWORD><MFA> ```
2023-02-24Merge pull request #1848 from sever-sever/T5029Christian Breunig
T5029: Change nginx default root directory
2023-02-24Merge pull request #1850 from jestabro/T5030Christian Breunig
http-api: T5030: fix missing check on delete keys id tag or key value
2023-02-24Merge pull request #1849 from sever-sever/T5029-regexChristian Breunig
T5029: Fix Regex for nginx to find a better match
2023-02-24T5029: Change nginx default root directoryViacheslav Hletenko
2023-02-24T5029: Fix Regex for nginx to find a better matchViacheslav Hletenko
2023-02-24http-api: T5030: fix missing check on delete keys id tag or key valueJohn Estabrook
2023-02-24Merge pull request #1847 from aapostoliuk/T4985-2-sagittaChristian Breunig
ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici library
2023-02-24ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici libraryaapostoliuk
1. Changed reset IPSEC, IKE SAs to use vici library. 2. Created package vyos.ipsec to communicate with vici library.
2023-02-23Merge pull request #1842 from sever-sever/T5027Christian Breunig
T5027: Enable legacy provider to support current ciphers
2023-02-23Merge pull request #1829 from sever-sever/T5013Daniil Baturin
T5013: Extend accelppp op-mode script to get statistic
2023-02-23Merge pull request #1845 from sever-sever/T5017Daniil Baturin
T5017: Add interface ifbX to constraint interface-name
2023-02-23T5017: Add interface ifbX to constraint interface-nameViacheslav Hletenko
2023-02-23Update README.mdYuriy Andamasov
2023-02-23Update sonar-project.propertiesYuriy Andamasov
2023-02-23T5027: Enable legacy provider to support current ciphersViacheslav Hletenko
* We will need to remove insecure ciphers as a long-term solution (BF-CBC, DES...)
2023-02-23Update sonar-project.propertiesYuriy Andamasov
2023-02-23Update sonar-project.propertiesYuriy Andamasov
2023-02-23Create build.ymlYuriy Andamasov
2023-02-22Merge pull request #1841 from sever-sever/T5025Christian Breunig
T5025: Fix timezones and validator use timedatectl
2023-02-22T5025: Fix timezones and validator use timedatectlViacheslav Hletenko
Fix timezones completion help and validotor Use 'timedatectl' insted of find zoneinfo
2023-02-22Merge pull request #1840 from sarthurdev/T5023Christian Breunig
openconnect: T5023: Conf script missing optional config parameter
2023-02-22openconnect: T5023: Conf script missing optional config parametersarthurdev
2023-02-22Merge pull request #1839 from sarthurdev/ipsecChristian Breunig
ipsec: T4593: Remove references to deleted variables
2023-02-22ipsec: T4593: Remove references to deleted variablessarthurdev
2023-02-21Merge pull request #1835 from sever-sever/T5020Christian Breunig
T5020: Extend openvpn op-mode to get list of configured clients
2023-02-21Merge pull request #1834 from sever-sever/T5007Christian Breunig
T5007: Fix multicast implementation for the tunnel interfaces
2023-02-21Merge pull request #1837 from sever-sever/T4978Christian Breunig
T4978: Default values of port rewrite default container values
2023-02-21T4978: Default values of port rewrite default container valuesViacheslav Hletenko
As we have the same variable name 'default_values' for container name, port and volume, it rewrites default container parameters with default port parameters Fix it
2023-02-20T5020: Extend openvpn op-mode to get list of configured clientsViacheslav Hletenko
Extend openvpn.py op-mode script to get list of configured clients for the '--raw' output
2023-02-20T5007: Fix multicast implementation for the tunnel interfacesViacheslav Hletenko
Multicast has not been implemented for the tunnel interfaces. We have only configuration CLI commands that do anything. Fix it. ip link set dev <tag> multicast on ip link set dev <tag> multicast off
2023-02-18Merge pull request #1831 from nicolas-fort/T4886-add-cero-matcherChristian Breunig
T4886: allow connection-mark 0 value, which is acceptable
2023-02-18T4886: allow connection-mark 0 value, which is acceptableNicolas Fort