Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-09-18 | ipsec: vti: T3831: avoid usinf xfrm if_id 0 - implement shift by one | Christian Poessinger | |
The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. This means that a vti0 named interface will pull in all traffic and others will stop working. Thus we simply shift the key by one to also support a vti0 interface. | |||
2021-09-18 | validator: T2417: bugfix on Python3 f'ormat strings | Christian Poessinger | |
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword. | |||
2021-09-17 | Merge pull request #1007 from erkin/current | Christian Poessinger | |
T3823: Stop strip-private regexp from swallowing quotes | |||
2021-09-17 | T3823: Stop strip-private regexp from swallowing quotes | erkin | |
2021-09-15 | ipsec: T3830: "authentication id|use-x509-id" are mutually exclusive | Christian Poessinger | |
Manually set peer id and use-x509-id are mutually exclusive! | |||
2021-09-15 | ipsec: T3830: set connections.<conn>.remote<suffix>.id to "peer" if undefined | Christian Poessinger | |
Restore "default" behavior from ipsec.conf | |||
2021-09-15 | xml: remove unnecessary "i" from help in source-address-ipv4 building block | Christian Poessinger | |
2021-09-15 | typo: remove unnecessary 'i' from help | Javinator9889 | |
2021-09-14 | dhcpv6-pd: T421: disable wide dhcpv6 client debug messages | Christian Poessinger | |
2021-09-14 | Merge pull request #1005 from sarthurdev/T3828 | Christian Poessinger | |
ipsec: T3828: Update interface definitions for new behaviour | |||
2021-09-14 | ipsec: T3828: Update interface definitions for new behaviour | sarthurdev | |
2021-09-13 | Merge pull request #1004 from sarthurdev/T3828 | Christian Poessinger | |
ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable` | |||
2021-09-13 | ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable` | sarthurdev | |
2021-09-12 | pki: T3642: listing all CRLs show be doen using a leafNode | Christian Poessinger | |
2021-09-12 | pki: T3642: show only requested certificate in op-mode | Christian Poessinger | |
2021-09-12 | pki: T3642: show only requested certificate in op-mode | Christian Poessinger | |
2021-09-12 | pki: T3642: show only requested CA in op-mode | Christian Poessinger | |
2021-09-11 | Fix inconsistent capitalization in the show version output | Daniil Baturin | |
2021-09-10 | wireguard: T3642: directly import keys to CLI when run in config mode | Christian Poessinger | |
vyos@vyos# run generate pki wireguard key-pair install interface wg10 "generate" CLI command executed from config session. Generated private-key was imported to CLI! Use the following command to verify: show interfaces wireguard wg10 Corresponding public-key to use on peer system is: 'hGaWcoG7f+5sPAUY/MNQH1JFhsYdsGTecYA9S2J8xGs=' vyos@vyos# run generate pki wireguard preshared-key install interface wg10 peer vyos "generate" CLI command executed from config session. Generated preshared-key was imported to CLI! Use the following command to verify: show interfaces wireguard wg10 vyos@vyos# show interfaces wireguard wg10 +peer vyos { + preshared-key OwTALZy8w6VIBMxUwbOv6Ys7QMyhrtY4aw+0cUjmmCw= +} +private-key 0Pu95CejvCUCCwrTW39TCYnitESWAdIIFTVJb7UgxVU= [edit] | |||
2021-09-10 | frr: T1514: refactor restart script and drop duplicated code | Christian Poessinger | |
2021-09-10 | Merge pull request #1000 from sever-sever/T3810 | Christian Poessinger | |
squid: squidguard: T3810: Fix template for sourcre-group and rule | |||
2021-09-10 | squid: squidguard: T3810: Fix template for sourcre-group and rule | Viacheslav | |
Modify template for squid Replace old directives to actual | |||
2021-09-10 | squidguard: T3810: Set DB directory rigths 755 | Viacheslav | |
2021-09-10 | squid: T3810: Node source-group address should be multi | Viacheslav | |
2021-09-10 | squid: T3810: Remove build in acl vars localost and to_localhost | Viacheslav | |
2021-09-10 | ethtool: T3802: extend check_speed_duplex() implementation to support 'auto' | Christian Poessinger | |
(cherry picked from commit 3037661951d0e5d1f6264f886781b7ddc019329e) | |||
2021-09-10 | ethernet: T3802: not all NICs support reading speed/duplex settings in all ↵ | Christian Poessinger | |
states Turns out an AX88179 USB 3.0 NIC does not support reading back the speed and duplex settings in every operating state. While the NIC is beeing initialized, reading the speed setting will return: $ cat /sys/class/net/eth6/speed cat: /sys/class/net/eth6/speed: Invalid argument Thus if this happens, we simply tell the system that the current NIC speed matches the requested speed and nothing is changed at this point in time. (cherry picked from commit e2b7e1766cc22c5cd718a5001be6336bdca92eec) | |||
2021-09-10 | ethernet: T3802: use only one implementation for get_driver_name() | Christian Poessinger | |
Move the two implementations to get the driver name of a NIC from ethernet.py and ethtool.py to only ethtool.py. (cherry picked from commit 07840977834816b69fa3b366817d90f44b5dc7a7) | |||
2021-09-10 | ethernet: T3802: check if driver supports changing flow-control settings | Christian Poessinger | |
(cherry picked from commit 1572edd2cef355710d1129907d3e49451a6c31d4) | |||
2021-09-09 | wireguard: T3642: improve "set" commands for generated key-pairs | Christian Poessinger | |
2021-09-09 | wireguard: T3642: add deprecation notice to old commands for key generation | Christian Poessinger | |
2021-09-09 | pki: T3642: use f'ormated strings in print() | Christian Poessinger | |
2021-09-09 | policy: T3812: FRR bgpd also knows about route-maps because of rpki | Christian Poessinger | |
In order to alter rpki configuration we must also process the route-map nodes with/for bgpd. | |||
2021-09-09 | pki: wireguard: T3815: do not bail out early so keys can be written to file | Christian Poessinger | |
2021-09-09 | vyos.configdict: T3814: use no_tag_node_value_mangle in get_interface_dict() | Christian Poessinger | |
This change is required and currently only impacts WireGuards peer configuration, so that the peers name is not mangled. | |||
2021-09-08 | openvpn: T3805: fix bool logic in verify_pki() for client mode | Christian Poessinger | |
Add support for OpenVPN client mode with only the CA certificate of the server installed. | |||
2021-09-08 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
2021-09-08 | openvpn: T3805: use vyos.util.makedir() to create system directories | Christian Poessinger | |
2021-09-08 | openvpn: T3805: use vyos.util.write_file() to store certificates | Christian Poessinger | |
2021-09-07 | scripts: op-mode: T3807: bugfix node.def generator | Christian Poessinger | |
process_node() processes the XML tree in a fixed order, "node" before "tagNode" before "leafNode". If the generator created a "node.def" file, it can no longer be overwritten - else we would have some stale "node.def" files with an empty help string (T2555). Without the fixed order this would resulted in a case where we get a node and a tagNode with the same name, e.g. "show interfaces ethernet" and "show interfaces ethernet eth0" that the node implementation was not callable from the CLI, rendering this command useless (T3807). This can be fixed by forcing the "node", "tagNode", "leafNode" order by sorting the input XML file automatically (sorting from https://stackoverflow.com/a/46128043) thus adding no additional overhead to the user. | |||
2021-09-07 | op-mode: xml: improve "show interfaces <type>" help text | Christian Poessinger | |
2021-09-06 | pki: eapol: T3642: only add "pki" key to interface dict if pki is configured | Christian Poessinger | |
2021-09-06 | pki: eapol: T3642: use write_file() to store certificates | Christian Poessinger | |
2021-09-06 | ifconfig: T3806: "ipv6 address no_default_link_local" required for MTU < 1280 | Christian Poessinger | |
This commit also extends the smoketest to verify that the exception for this error is raised. | |||
2021-09-06 | Merge pull request #997 from c-po/nginx-tls-12-13 | John Estabrook | |
https: T2230: only support TLS1.2 and TLS1.3 | |||
2021-09-06 | pki: T3642: verify() that we can not delete certificates still referenced in CLI | Christian Poessinger | |
2021-09-06 | vyos.util: add function to search a key recursively in a dictionary | Christian Poessinger | |
data = { 'interfaces': {'dummy': {'dum0': {'address': ['192.0.2.17/29']}}, 'ethernet': {'eth0': {'address': ['2001:db8::1/64', '192.0.2.1/29'], 'description': 'Test123', 'duplex': 'auto', 'hw_id': '00:00:00:00:00:01', 'speed': 'auto'}, 'eth1': {'address': ['192.0.2.9/29'], 'description': 'Test456', 'duplex': 'auto', 'hw_id': '00:00:00:00:00:02', 'speed': 'auto'}}} } dict_search_recursive(data, 'hw_id') will yield both '00:00:00:00:00:01' and '00:00:00:00:00:02' as generator object. | |||
2021-09-06 | vyos.util: T2755: rename dict_search() function args to match other ↵ | Christian Poessinger | |
implementations | |||
2021-09-06 | pki: xml: T3642: use "txt" as format identifier | Christian Poessinger | |
2021-09-06 | https: T2230: only support TLS1.2 and TLS1.3 | Christian Poessinger | |