summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-02-24ipsec: T4985: Changed 'reset vpn ipsec-peer' to use vici libraryaapostoliuk
1. Changed reset IPSEC, IKE SAs to use vici library. 2. Created package vyos.ipsec to communicate with vici library.
2023-02-18Merge pull request #1831 from nicolas-fort/T4886-add-cero-matcherChristian Breunig
T4886: allow connection-mark 0 value, which is acceptable
2023-02-18T4886: allow connection-mark 0 value, which is acceptableNicolas Fort
2023-02-18Merge pull request #1830 from sever-sever/T5011Christian Breunig
T5011: Set default values for min_mtu max_mtu
2023-02-18T5011: Set default values for min_mtu max_mtuViacheslav Hletenko
Some interface drivers don't support/provide min_mtu and max_mtu values For example VyOS in docker container with 'veth' driver on some platforms As a workarund add default values for min/max MTU for calculations and pass function "verify_mtu(config)"
2023-02-17Merge pull request #1828 from rayzilt/fix-qos-classes-printf-helpChristian Breunig
qos: classes: helptext: T5015: Escape % in printf
2023-02-17qos: classes: helptext: T5015: Escape % in printfSilvan Raijer
2023-02-17Merge pull request #1826 from aapostoliuk/T5008-sagittaChristian Breunig
macsec: T5008: Changed length of CKN to (2..64 hex-digits)
2023-02-17Merge pull request #1827 from sever-sever/T5005Christian Breunig
T5005: PPPoE server allow any login with option noauth
2023-02-17T5005: PPPoE server allow any login with option noauthViacheslav Hletenko
Disabling authentication is useful in emergency situations (e.g. RADIUS server is down) or testing purposes. Clients can connect with any login and username. set service pppoe-server authentication mode 'noauth'
2023-02-17macsec: T5008: Changed length of CKN to (2..64 hex-digits)aapostoliuk
Based on wpa_supplicant documentation. mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit) hex-string (2..64 hex-digits) Changed allowable length of CKN from strong 64 hex-digits to the range (2..64 hex-digits)
2023-02-16Merge pull request #1825 from sever-sever/T5002Christian Breunig
T5002: Add uk United Kindom keymap
2023-02-16T5002: Add uk United Kindom keymapViacheslav Hletenko
set system option keyboard-layout uk
2023-02-15Merge pull request #1817 from sarthurdev/bookwormChristian Breunig
debian: T5003: Upgrade base system to Debian 12 "Bookworm"
2023-02-15Merge pull request #1811 from jestabro/udiffChristian Breunig
config_mgmt: T4991: use configtree.show_diff instead of Python difflib
2023-02-15Merge pull request #1821 from sarthurdev/ipsecChristian Breunig
ipsec: T4593: Migrate and remove legacy `include-ipsec` nodes
2023-02-15Merge pull request #1822 from sever-sever/T4971Christian Breunig
T4971: Accel-ppp verify if client_ip_pool key exists in config
2023-02-15Merge pull request #1823 from jestabro/api-asyncViacheslav Hletenko
http-api: T5006: add explicit async to retrieve/configure methods for REST
2023-02-15T4971: Accel-ppp verify if client_ip_pool key exists in configViacheslav Hletenko
If 'client_ip_pool' not exists in config we cannot search it in the dictionary dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name']) Add check
2023-02-15ipsec: T4593: Migrate and remove legacy `include-ipsec` nodessarthurdev
Not supported with swanctl
2023-02-14http-api: T5006: add explicit async to retrieve/configure methodsJohn Estabrook
2023-02-14strongSwan: T4593: move to charon-systemdChristian Breunig
2023-02-14Merge pull request #1819 from aapostoliuk/T4985-sagittaChristian Breunig
ipsec: T4985: Fixed 'reset vpn ipsec-peer {peer}' command
2023-02-14ipsec: T4985: Fixed 'reset vpn ipsec-peer {peer}' commandaapostoliuk
Fixed 'reset vpn ipsec-peer {peer}' command. The op-mode script uses value 'None' in the 'tunnel' parameter to clear all CHILD SAs.
2023-02-13debian: T5003: Fix chronyd start errorsarthurdev
Fixes "chronyd: Fatal error : Not superuser" Fixes "ip[6394]: Failed to open mounts file: No such file or directory" when in VRF
2023-02-13debian: T5003: Fixes dynamic DNS for Bookwormsarthurdev
2023-02-13debian: T5003: Update WLB smoketest for Bookwormsarthurdev
2023-02-13debian: T5003: Build tests require iproute2sarthurdev
2023-02-13debian: T5003: Temp fix for smoketest runningsarthurdev
2023-02-13debian: T5003: Remove obsolete crda packagesarthurdev
Kernel now performs this function internally
2023-02-13Merge pull request #1816 from aapostoliuk/T4968-sagittaChristian Breunig
ipsec: T4968: Added default values to dpd and close action
2023-02-13ipsec: T4968: Added default values to dpd and close actionaapostoliuk
Based on https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html Added default value to dpd_action - clear Added default value to close_action - none
2023-02-13debian: T5003: Update XDP for latest libbpfsarthurdev
2023-02-13debian: T5003: Fixes for Debian Bookwormsarthurdev
* DH params of 256 length no longer supported
2023-02-12pppoe: wwan: T4998: fix typo in constraintErrorMessageChristian Breunig
2023-02-12pppoe: wwan: T4998: fix username not accepting dot (.)Christian Breunig
This fixes a regressin introduced in commit e22e9c9210cb5 ("wwan: T3622: add constraint for username/password CLI nodes").
2023-02-12T5001: Replace links to the phabricator siteChristian Breunig
Replace links to the phabricator site from https://phabricator.vyos.net to https://vyos.dev
2023-02-11config_mgmt: T4991: use configtree.show_diff instead of Python difflibJohn Estabrook
2023-02-11qos: T4284: migration script must ensure bandwidth is converted to lower caseChristian Breunig
tc acccepts the bandwidth value/unit pairs as lowercase - so does the VyOS CLI validator work, too.
2023-02-10Merge pull request #1805 from nicolas-fort/T4857-frr-fixChristian Breunig
T4857: snmp: Fix error when not defining client|network under community
2023-02-10snmp: T4857: explicitly define default community networks 0.0.0.0/0 and ::/0Christian Breunig
After the RESTRICTED view was introduced snmpd requires a network to be specified. Before adding the RESTRICTED view snmpd always assumed the default network 0.0.0.0/0. This commit re-adds the build in default networks for IPv4 and IPv6 and exposes it as a proper default to the CLI so the user is informed about it: vyos@vyos# set service snmp community foooo Possible completions: authorization Authorization type (default: ro) + client IP address of SNMP client allowed to contact system + network Subnet of SNMP client(s) allowed to contact system (default: 0.0.0.0/0, ::/0)
2023-02-10interfaces: T4995: rename user -> username CLI node for pppoe, wwan and ↵Christian Breunig
sstp-client
2023-02-10Merge pull request #1808 from sever-sever/T1993Christian Breunig
T1993: PPPoE-server add section shaper and fwmark option
2023-02-09Merge pull request #1793 from aapostoliuk/T4905-sagittaDaniil Baturin
nhrp: T4905: Rewritten nhrp op-mode in new style
2023-02-09T1993: Extend smoketest for fwmark shaper checkViacheslav Hletenko
2023-02-09vyos.ifconfig: T1579: improve source-validation warningChristian Breunig
Inform user about the interface where the warning occured.
2023-02-09wwan: T3622: add constraint for username/password CLI nodesChristian Breunig
- Username is up to 128 alphanumerical characters, -, _, #, and @ - Password is limited to ASCII characters only, with a total lenght of 128
2023-02-09Revert "container: T4959: Add container registry authentication config for ↵Christian Breunig
containers" This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
2023-02-09Merge pull request #1790 from Zen3515/current-add-container-loginChristian Breunig
container: T4959: Add container registry authentication config for containers
2023-02-09Merge pull request #1803 from sever-sever/T4971Christian Breunig
T4971: PPPoE server add named ip pool and attr Framed-Pool