summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-10-20T4763: Use nat.py for show nat destination statisticsViacheslav Hletenko
Use nat.py instead of old op-mode script
2022-10-17login: 2fa: T874: fix PAM string during ISO buildChristian Poessinger
Turns out a local installation of a package using "dpkg -i" differs when assembling an ISO using live-build. The previous version worked when using "dpkg -i" but it failed hard (no login possible) during ISO build. This has been fixed by using double quotes.
2022-10-17Merge pull request #1600 from jestabro/gql-compositeJohn Estabrook
graphql: T4753: generalize system_status to composite_{query,mutation}
2022-10-17xdp: T4284: libbpf-dev/libbpf0 is only available for VyOS on amd64Christian Poessinger
2022-10-16graphql: T4753: generalize system_status to composite_{query,mutation}John Estabrook
2022-10-16xdp: T4284: migrate to Debian libbpfChristian Poessinger
In order to properly retrieve JSON information in the Smoketests for the new QoS implementation we need a recent (>6.0) version of iproute2. This requires the libbpf-dev package and this small source-code change.
2022-10-16login: 2fa: T874: fix PAM string generation on multiple package installationsChristian Poessinger
Commit da535ef5 ("login: 2fa: T874: fix Google authenticator issues") used different strings for grep and sed resulting in the same line beeing added on every installation of the package. This is only disturbing during development not during ISO build.
2022-10-14Merge pull request #1588 from dmbaturin/pr-title-checkJohn Estabrook
T4748: add a CI action to check pull request title format
2022-10-14Merge pull request #1597 from jestabro/http-api-config-dictJohn Estabrook
http-api: T4749: transition to config_dict for conf_mode http-api.py
2022-10-14Merge pull request #1598 from sever-sever/T4533Christian Poessinger
T4533: Allow basic permissions to unprivileged RADIUS users
2022-10-14login: 2fa: T874: remove unused code path for global 1fa settingsChristian Poessinger
2022-10-14login: 2fa: T874: fix Google authenticator issuesChristian Poessinger
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos'
2022-10-14T4533: Allow basic permissions to unprivileged RADIUS usersViacheslav Hletenko
Unprivileged RADIUS users cannot do simple diagnostics like ping or traceroute. Allow them such tools. Ability to execute op-mode commands for them. It is not new 'operator mode' feature but it allows RADIUS users execute op-mode commands
2022-10-14http-api: T4749: transition to config_dictJohn Estabrook
2022-10-14Merge pull request #1595 from Cheeze-It/currentChristian Poessinger
isis, ospf: T4739: ISIS and OSPF segment routing being refactored
2022-10-14Merge pull request #1596 from sever-sever/T4725Christian Poessinger
T4725: Fix Regex for correctly reset IPsec peers
2022-10-14T4725: Fix Regex for correctly reset IPsec peersViacheslav Hletenko
As IPsec site-so-site was rewritten we do not need replace ':' => '-' as ':' can not be in the connection name So connection name can not use IP(v6) address as peer name And current peers/connections not required prefix 'peer_' Fix template that search correctly connection name of the peers that allow to reset them again (reset ipsec peer was broken)
2022-10-13T4739: OSPF segment routing being refactoredCheeze_It
2022-10-13T4739: ISIS segment routing being refactoredCheeze_It
2022-10-13ci: T4748: add a CI action to check pull request titleDaniil Baturin
and commit messages format
2022-10-13Merge pull request #1592 from sever-sever/T4746Christian Poessinger
monitoring: T4746: Add exception if we do not have firewall rules
2022-10-13monitoring: T4746: Add exception if we do not have firewall rulesViacheslav Hletenko
Telegraf checks the firewall table 'vyos_filter' but it we don't have any firewall in the system we don't have this table by default It cause commit error for "service monitoring" Add exception if the table "vyos_filter" is not found
2022-10-13Merge pull request #1591 from sever-sever/T4312Christian Poessinger
monitoring: T4312: Ability to set IP address in the URL
2022-10-13monitoring: T4312: Ability to set IP address in the URLViacheslav Hletenko
Use common "url.xml" which allow URL as domain name or IP entrie
2022-10-12Merge pull request #1585 from goodNETnick/ssh_login_bugfixJohn Estabrook
system login: T874: add 2FA support for local and ssh authentication.…
2022-10-12Merge pull request #1586 from sever-sever/T4744Christian Poessinger
bgp: T4744: Directly connected neighbors and ebgp-multihop check
2022-10-12bgp: T4744: Directly connected neighbors and ebgp-multihop checkViacheslav Hletenko
BGP directly connected neighbors (interface neighbors) do not compatible with ebgp-multihop option
2022-10-12system login: T874: add 2FA support for local and ssh authentication. BugfixgoodNETnick
2022-10-12ospf: T4707: fix segment-routing Jinja2 template for explicit-null and ↵Christian Poessinger
no-php-flag The nested if statement was not properly evaluated during smoketests making them fail. There is no need to nest the if's - as a simple string can be appended by {{ 'foo' if bar is vyos_defined }}
2022-10-12Merge pull request #1555 from goodNETnick/ssh_otpChristian Poessinger
system login: T874: add 2FA support for local and ssh authentication
2022-10-11system login: T874: add 2FA support for local and ssh authenticationgoodNETnick
2022-10-11Merge pull request #1584 from sever-sever/T4747Christian Poessinger
monitoring: T4747: Fix template check influxdb config
2022-10-11monitoring: T4747: Fix template check influxdb configViacheslav Hletenko
Due to monitoring telegraf was rewritten - fix template for inputs.exec plugin We do not use 'influxdb_configured' in the dictionary anymore and use just 'influxdb'
2022-10-11xml: ospf: isis: T4739: merge include files for MPLS segment-routingChristian Poessinger
2022-10-11Merge pull request #1574 from Cheeze-It/currentChristian Poessinger
isis: T4739: ISIS segment routing being refactored
2022-10-11Merge pull request #1547 from initramfs/current-limiter-actionsChristian Poessinger
qos: T4688: add xml template for limiter actions
2022-10-11Merge pull request #1580 from aapostoliuk/T4492-sagittaChristian Poessinger
bgp: T4492: Fixed output list in "show bgp vrf VRF neighbors"
2022-10-11Merge pull request #1581 from sever-sever/T4740Christian Poessinger
conntrack: T4740: Set correct error msg if enrties not found
2022-10-11isis: T4739: ISIS segment routing being refactoredCheeze_It
This is to refactor ISIS segment routing to match up with OSPF segment routing.
2022-10-11conntrack: T4740: Set correct error msg if enrties not foundViacheslav Hletenko
Set correct error message if conntrack entries not found If we get XML raw data with len 0 it means there are no entries in the conntrack table
2022-10-11smoketest: ospf: skip segment-routing test as of FRR issueChristian Poessinger
See https://github.com/FRRouting/frr/issues/12007
2022-10-11Merge pull request #1578 from sarthurdev/build_testChristian Poessinger
build: T3664: Add missing divert for /usr/share/pam-configs/radius
2022-10-10build: T3664: Add missing divert for /usr/share/pam-configs/radiussarthurdev
2022-10-10Merge pull request #1577 from sarthurdev/T4741Christian Poessinger
firewall: policy: T4741: T4742: Verify zone `from` is defined, autocomplete policy route tables
2022-10-10Merge pull request #1563 from sever-sever/T4716Christian Poessinger
ssh: T4716: Ability to configure RekeyLimit data and time
2022-10-10Merge pull request #1576 from sever-sever/T4730Christian Poessinger
conntrack-sync: T4730: Fix listen-address jinja2 template
2022-10-10policy: T4742: Add policy route table auto-completesarthurdev
2022-10-10firewall: T4741: Verify zone `from` is defined before usesarthurdev
2022-10-10conntrack-sync: T4730: Fix listen-address jinja2 templateViacheslav Hletenko
Listen address has option 'multi' As resulte we have incorrect template value for listen address - conntrack-sync listen-address '192.0.2.11' in template It looks like "IPv4_address ['192.0.2.11']" in the conntrackd.conf but the correct string expected without brackets Fix it
2022-10-10ssh: T4716: Ablity to configure RekeyLimit data and timeViacheslav Hletenko
Ability to configure SSH RekeyLimit data (in Megabytes) and time (in Minutes) set service ssh rekey data 1024 set service ssh rekey time 60