summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-04-23T6217: Conntrack-sync change the actual name of the scriptViacheslav Hletenko
The actual name of the script is `vyos-vrrp-conntracksync.sh` (cherry picked from commit 7efe245f59bbea9f12d0c7c5a8975380efc6f2d5)
2024-04-23Merge pull request #3352 from vyos/mergify/bp/sagitta/pr-3342Christian Breunig
T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy config (backport #3342)
2024-04-23T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy ↵Windom WU
config (cherry picked from commit 984c386d11ead8371b7ac381e6c0921473e557ed)
2024-04-23Merge pull request #3350 from vyos/mergify/bp/sagitta/pr-3346Christian Breunig
image-tools: T6260: remove persistence image directory if no space error (backport #3346)
2024-04-23Merge pull request #3348 from vyos/mergify/bp/sagitta/pr-3347Christian Breunig
connect_disconnect: T6261: correction to typo in check_ppp_running (backport #3347)
2024-04-23image-tools: T6260: remove persistence image directory if no space errorJohn Estabrook
(cherry picked from commit c2fc2dba32ba861684f5e34635f810c56d551d51)
2024-04-23connect_disconnect: T6261: correction to typo in check_ppp_running functionGinko
Connect_disconnect: T6261: correction to typo in check_ppp_running function Changes include: 1. Replaces "beeing" -> being in print statement for check_ppp_running 2. Replaces "can not" -> cannot in print statement on lines 61 and 93 (cherry picked from commit 19e0d3b74f66e082c3f131b9044e7ca2371b1d85)
2024-04-22Merge pull request #3344 from vyos/mergify/bp/sagitta/pr-3339Viacheslav Hletenko
xml: T5738: fix typo in radius-additions.xml.i (backport #3339)
2024-04-22xml: T5738: fix typo in radius-additions.xml.iAndré Luiz dos Santos
(cherry picked from commit 8d0aa7bfb83aecb989ab01b6d1975cf23f1c7dcb)
2024-04-22Merge pull request #3343 from vyos/mergify/bp/sagitta/pr-3336Christian Breunig
vyos.utils: T6244: add whitespace after time unit in uptime (backport #3336)
2024-04-22op-mode: T6244: add whitespace after time unit in "show system uptime"Christian Breunig
(cherry picked from commit 31b21d26751b7db7ab784486da5b8690ddd4a058)
2024-04-22vyos.utils: T6244: add support for year timebase in seconds_to_human()Christian Breunig
We only supported calculating seconds to weeks but not seconds to years. This has been added. Testcase: from vyos.utils.convert import seconds_to_human minute = 60 hour = minute * 60 day = hour * 24 week = day * 7 year = day * 365.25 for separator in ['', ' ', '-', '/']: print(f'----- Using separator "{separator}" -----') print(seconds_to_human(10, separator)) print(seconds_to_human(5* minute, separator)) print(seconds_to_human(3* hour, separator)) print(seconds_to_human(4* day, separator)) print(seconds_to_human(7 * week, separator)) print(seconds_to_human(10 * year, separator)) print(seconds_to_human(5*year + 4*week + 3*day + 2*hour + minute + 5, separator)) print() cpo@LR1.wue3:~$ ./foo.py ----- Using separator "" ----- 10s 5m 3h 4d 7w 10y 5y4w3d2h1m5s ----- Using separator " " ----- 10s 5m 3h 4d 7w 10y 5y 4w 3d 2h 1m 5s ----- Using separator "-" ----- 10s 5m 3h 4d 7w 10y 5y-4w-3d-2h-1m-5s ----- Using separator "/" ----- 10s 5m 3h 4d 7w 10y 5y/4w/3d/2h/1m/5s (cherry picked from commit 8d8f3137d174a43a259cbe50dd12730805f0200c)
2024-04-22vyos.utils: T6244: use list to build up result stringChristian Breunig
When handling optional separators rather build up a list and join the list with the requested delimiter to form the resulting human readable time string. (cherry picked from commit 6e9cd8821ca028b5bc05c14b0b4e3454036da6da)
2024-04-22Merge pull request #3341 from vyos/mergify/bp/sagitta/pr-3337Daniil Baturin
T6237: IPSec remote access VPN: ability to set EAP ID of clients (backport #3337)
2024-04-22T6237: IPSec remote access VPN: ability to set EAP ID of clientsAlex W
(cherry picked from commit 78ea623df20b44309cc6ac9848ed18e97fc4ed03)
2024-04-21Merge pull request #3332 from vyos/mergify/bp/sagitta/pr-3325Christian Breunig
T6246: basic haproxy http-check configuration (backport #3325)
2024-04-21T6246: improve haproxy http check configurationNicolas Vollmar
(cherry picked from commit 050f24770aec7a74c1a07ba64cf2cb83afb72f1a)
2024-04-20Merge pull request #3335 from vyos/mergify/bp/sagitta/pr-3333Christian Breunig
GRE: T6252: fix issues when set mtu higher than 8024 (backport #3333)
2024-04-20gre: T6252: allow tunnel MTU to exceed 8024 bytesfett0
(cherry picked from commit 4cde677e9e128bc9b62fad720b1b6f6cac506954)
2024-04-20Merge pull request #3334 from vyos/mergify/bp/sagitta/pr-3035Christian Breunig
T5996: selectively escape and restore single backslashes in config (backport #3035)
2024-04-19T5996: add smoketest to check translation of backslash characterJohn Estabrook
(cherry picked from commit d2df08856ddc5a6132544d73e1beb3074a352508)
2024-04-19T5996: selectively escape and restore single backslashes in configJohn Estabrook
(cherry picked from commit b16c5fbbcb10b90341b97e25bcf51c440427ea42)
2024-04-19T6246: adds basic haproxy http-check configurationNicolas Vollmar
(cherry picked from commit 785616393557c4e3f616287de81b61a68ba177ac)
2024-04-18Merge pull request #3331 from vyos/mergify/bp/sagitta/pr-3330John Estabrook
openvpn: T6245: return 'n/a' if client info not available (backport #3330)
2024-04-18openvpn: T6245: return 'n/a' if client info not availableJohn Estabrook
(cherry picked from commit a43f1c00bdc5047eb20840ebb274418362612526)
2024-04-18Merge pull request #3329 from vyos/mergify/bp/sagitta/pr-3326Daniil Baturin
T6221: Return default ip rule values after deleting VRF (backport #3326)
2024-04-18T6221: Return default ip rule values after deleting VRFViacheslav Hletenko
Fix for restoring default ip rule values after deleting VRF Defult values: ``` $ ip rule 0: from all lookup local 32766: from all lookup main 32767: from all lookup default ``` After adding and deleting a VRF we get unexpected values: ``` $ ip rule 1000: from all lookup [l3mdev-table] 2000: from all lookup [l3mdev-table] unreachable 32765: from all lookup local 32766: from all lookup main 32767: from all lookup default ``` (cherry picked from commit ce0bc35f8b5ff80a7b8fbfdf1b9ccc10c5c254fd)
2024-04-18Merge pull request #3328 from vyos/mergify/bp/sagitta/pr-3327John Estabrook
pki: T6241: do not call dependency before its initialization (backport #3327)
2024-04-18pki: T6241: do not call dependency before its initializationJohn Estabrook
(cherry picked from commit a88b3bd344cc4a682d16681ef536c1d20e2c2c42)
2024-04-17Merge pull request #3323 from vyos/mergify/bp/sagitta/pr-3192Daniil Baturin
image-tools: T6168: compat mode update should preserve console type (backport #3192)
2024-04-17Merge pull request #3324 from vyos/mergify/bp/sagitta/pr-3320Daniil Baturin
T6191: do not append action policy route|route6 when its not specified (backport #3320)
2024-04-17T6191: do not append action to firewall and policy route|route6 when its not ↵Nicolas Fort
specified, in order to ensure same behavior as in Equuleus (cherry picked from commit 5ab8f9ac47d9d8d198f5ace0ffc4a0b26af098df)
2024-04-17image-tools: T6168: compat mode update should preserve console typeJohn Estabrook
Add system image in compatibility mode would set the default boot without reference to console_type; fix the translation of default to the correct index in compat grub.cfg. (cherry picked from commit 1cb05f47ec7e2af265fa6795653f27481dacc37f)
2024-04-16Merge pull request #3322 from vyos/mergify/bp/sagitta/pr-3321John Estabrook
image-tools: T6154: installer prompts to confirm password (backport #3321)
2024-04-17image-tools: T6154: installer prompts to confirm a non-default passwdJohn Estabrook
(cherry picked from commit f43edbd7cd36f52a0cd9c475b53f317882f4a6f9)
2024-04-16Merge pull request #3318 from vyos/mergify/bp/sagitta/pr-3315Christian Breunig
T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify server certificates (backport #3315)
2024-04-16Merge pull request #3319 from vyos/mergify/bp/sagitta/pr-3313Christian Breunig
T5722: Failover route add option onlink (backport #3313)
2024-04-16T5722: Failover route add option onlinkViacheslav Hletenko
onlink pretend that the nexthop is directly attached to this link, even if it does not match any interface prefix. Useful when gateway not in the same interface network set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10 set protocols failover route 192.0.2.11/32 next-hop 10.20.30.0 onlink ``` vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 metric 1 proto failover Error: Nexthop has invalid gateway. [edit] vyos@r4# [edit] vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 onlink metric 1 proto failover [edit] vyos@r4# ``` (cherry picked from commit bb832acb97881d747a57da2728eab3ad138b8129)
2024-04-16T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵Alex W
server certificates (cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)
2024-04-15Merge pull request #3310 from vyos/mergify/bp/sagitta/pr-3309Christian Breunig
T5535: firewall: migrate command <set system ip disable-directed-broadcast> to firewall global-optinos (backport #3309)
2024-04-15Merge pull request #3314 from vyos/mergify/bp/sagitta/pr-3311Christian Breunig
pki: T6241: Fix dependency updates on PKI changes (backport #3311)
2024-04-15pki: T6241: Fix dependency updates on PKI changessarthurdev
(cherry picked from commit 9f9891a209957403dfa3ae9ec2cd56d8d9eedb86)
2024-04-15Merge pull request #3312 from vyos/mergify/bp/sagitta/pr-3308Daniil Baturin
T5734: OpenVPN check PKI DH name exists if DH configured (backport #3308)
2024-04-15T5734: OpenVPN check PKI DH name exists if DH configuredViacheslav Hletenko
Check if DH is configured for OpenVPN but does not exist in the PKI section ``` set pki dh dh-correct parameters 'xxxx' set interfaces openvpn vtun10 tls dh-params 'dh-fake' File "/usr/libexec/vyos/conf_mode/interfaces_openvpn.py", line 208, in verify_pki pki_dh = pki['dh'][tls['dh_params']] ~~~~~~~~~^^^^^^^^^^^^^^^^^^ KeyError: 'dh-fake' ``` (cherry picked from commit 95cd743c24c6f7720af87450312fc111649db849)
2024-04-15T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵Nicolas Fort
to firewall global-optinos (cherry picked from commit 76dcecafca977b640dd16d8e68c4a050ca1af4fb)
2024-04-13Merge pull request #3305 from vyos/mergify/bp/sagitta/pr-3297Christian Breunig
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt (backport #3297)
2024-04-13qos: T6035: QoS policy shaper queue-type random-detect requires limit avpktkhramshinr
Added params for configuration red on the shaper policy (cherry picked from commit 31cd75aec6d035b36537046ae0d034c03009a3fc)
2024-04-13Merge pull request #3303 from vyos/mergify/bp/sagitta/pr-3302Daniil Baturin
T5872: fix ipsec dhclient hook uses "exit" instead of "return" (backport #3302)
2024-04-12Merge pull request #3304 from vyos/mergify/bp/sagitta/pr-3291Christian Breunig
T6100: Added NAT migration from IP/Netmask to Network/Netmask (backport #3291)
2024-04-12T6100: Added NAT migration from IP/Netmask to Network/Netmaskaapostoliuk
Added NAT migration from IP/Netmask to Network/Netmask. In 1.3 allowed using IP/Netmask in Nat rules. In 1.4 and 1.5 it is prohibited. Allowed Network/Netmask. (cherry picked from commit 52c02ade031f165da18e6fd0542f3952f2cc9bb6)