Age | Commit message (Collapse) | Author |
|
Use nat.py instead of old op-mode script
|
|
Turns out a local installation of a package using "dpkg -i" differs when
assembling an ISO using live-build. The previous version worked when using
"dpkg -i" but it failed hard (no login possible) during ISO build.
This has been fixed by using double quotes.
|
|
graphql: T4753: generalize system_status to composite_{query,mutation}
|
|
|
|
|
|
In order to properly retrieve JSON information in the Smoketests for the new
QoS implementation we need a recent (>6.0) version of iproute2. This requires
the libbpf-dev package and this small source-code change.
|
|
Commit da535ef5 ("login: 2fa: T874: fix Google authenticator issues") used
different strings for grep and sed resulting in the same line beeing added on
every installation of the package.
This is only disturbing during development not during ISO build.
|
|
T4748: add a CI action to check pull request title format
|
|
http-api: T4749: transition to config_dict for conf_mode http-api.py
|
|
T4533: Allow basic permissions to unprivileged RADIUS users
|
|
|
|
Move default values of TOTP configuration from a global to a per user setting.
This makes the entire code easier as no global configuration must be blended
into the per user config dict.
Also it should be possible to set the authentication window "multiple concurrent
keys" individual per user.
set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq'
set system login user vyos authentication plaintext-password 'vyos'
|
|
Unprivileged RADIUS users cannot do simple diagnostics like ping
or traceroute. Allow them such tools.
Ability to execute op-mode commands for them.
It is not new 'operator mode' feature but it allows RADIUS users
execute op-mode commands
|
|
|
|
isis, ospf: T4739: ISIS and OSPF segment routing being refactored
|
|
T4725: Fix Regex for correctly reset IPsec peers
|
|
As IPsec site-so-site was rewritten we do not need replace
':' => '-' as ':' can not be in the connection name
So connection name can not use IP(v6) address as peer name
And current peers/connections not required prefix 'peer_'
Fix template that search correctly connection name of the peers
that allow to reset them again (reset ipsec peer was broken)
|
|
|
|
|
|
and commit messages format
|
|
monitoring: T4746: Add exception if we do not have firewall rules
|
|
Telegraf checks the firewall table 'vyos_filter' but it we don't
have any firewall in the system we don't have this table by default
It cause commit error for "service monitoring"
Add exception if the table "vyos_filter" is not found
|
|
monitoring: T4312: Ability to set IP address in the URL
|
|
Use common "url.xml" which allow URL as domain name or IP
entrie
|
|
system login: T874: add 2FA support for local and ssh authentication.…
|
|
bgp: T4744: Directly connected neighbors and ebgp-multihop check
|
|
BGP directly connected neighbors (interface neighbors) do not
compatible with ebgp-multihop option
|
|
|
|
no-php-flag
The nested if statement was not properly evaluated during smoketests making
them fail. There is no need to nest the if's - as a simple string can be
appended by {{ 'foo' if bar is vyos_defined }}
|
|
system login: T874: add 2FA support for local and ssh authentication
|
|
|
|
monitoring: T4747: Fix template check influxdb config
|
|
Due to monitoring telegraf was rewritten - fix template for
inputs.exec plugin
We do not use 'influxdb_configured' in the dictionary anymore and
use just 'influxdb'
|
|
|
|
isis: T4739: ISIS segment routing being refactored
|
|
qos: T4688: add xml template for limiter actions
|
|
bgp: T4492: Fixed output list in "show bgp vrf VRF neighbors"
|
|
conntrack: T4740: Set correct error msg if enrties not found
|
|
This is to refactor ISIS segment routing to match up with OSPF segment routing.
|
|
Set correct error message if conntrack entries not found
If we get XML raw data with len 0 it means there are no entries
in the conntrack table
|
|
See https://github.com/FRRouting/frr/issues/12007
|
|
build: T3664: Add missing divert for /usr/share/pam-configs/radius
|
|
|
|
firewall: policy: T4741: T4742: Verify zone `from` is defined, autocomplete policy route tables
|
|
ssh: T4716: Ability to configure RekeyLimit data and time
|
|
conntrack-sync: T4730: Fix listen-address jinja2 template
|
|
|
|
|
|
Listen address has option 'multi'
As resulte we have incorrect template value for listen address
- conntrack-sync listen-address '192.0.2.11' in template
It looks like "IPv4_address ['192.0.2.11']" in the conntrackd.conf
but the correct string expected without brackets
Fix it
|
|
Ability to configure SSH RekeyLimit data (in Megabytes) and
time (in Minutes)
set service ssh rekey data 1024
set service ssh rekey time 60
|