Age | Commit message (Collapse) | Author |
|
VyOS has several services relaying on the PKI CLI tree to retrieve certificates.
Consuming services like ethernet, openvpn or ipsec all re-implemented the same
code to retrieve the certificates from the CLI.
This commit extends the signature of get_config_dict() with a new option with_pki
that defaults to false. If this option is set, the PKI CLI tree will be blended
into the resulting dictionary.
(cherry picked from commit b152b52023ba0cf0d4919eae39e92de28a458917)
|
|
This extends commit 4ee406470 ("configdict: T5837: add support to return added
nodes when calling node_changed()") so no duplicate list elements get returned.
(cherry picked from commit 301312b293238d3041c8912af6fdb86b506d7ab4)
|
|
underscore and dot
(cherry picked from commit 82b4b2db8fda51df172210f470e5825b91e81de4)
|
|
Backports for Accel-PPP based serviced T5801, T5842 and T5688
|
|
op-mode: T5884: correct "generate wireguard" help string (backport)
|
|
T5880: verify_source_interface() should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces (backport #2728)
|
|
op-mode: T5890: Fix arguments passed to generate_system_login_user.py (backport #2746)
|
|
(cherry picked from commit 51bb6d0487c5a0918276f142f41ea5bca7b380fc)
|
|
T5888: fix migration script in order to fit new type-names for icmp and icmpv6 (backport #2743)
|
|
T5474: remove "aws glb" XML definitions as feature is not available in VyOS 1.4
|
|
(cherry picked from commit e2c9ffd8bc2d6119b78ec166fe5b90764fb38563)
|
|
(cherry picked from commit 1ccb3e634d45d0d1a8e190297cc0a310cb0069d6)
|
|
Files got added by accident in commit c9eaafd9f ("T5474: establish common file
name pattern for XML conf mode commands")
|
|
T3642: add missing base64 CLI validators (backport #2739)
|
|
vyos-configd: extend list of included scripts (backport #2736)
|
|
(cherry picked from commit ad4958ff7b1a25564fcc6931d604288d7ff0a1d2)
|
|
(cherry picked from commit dd2a1955d66926dc4a987bad0acc52dcc6f5d433)
|
|
(cherry picked from commit c2dfba97446e9411b182f07c6227cc9427f247a8)
|
|
(cherry picked from commit 3bd1a8eac54d6d4610e239088d91c145f748d12c)
|
|
(cherry picked from commit 679be4c9742ffd5c317742c6c20a268a5e044f0c)
|
|
(cherry picked from commit a232b83601f4f8b2fe6964239a568acad3fa764a)
|
|
image-tools: T5885: relax restriction on image-name len from 32 to 64 (backport #2737)
|
|
Python unittest framework treads the comments as test names during execution:
Example:
test_accel_ipv4_pool (__main__.TestVPNPPTPServer.test_accel_ipv4_pool)
Test accel-ppp IPv4 pool ... ok
(cherry picked from commit e9883143310993d87ba2e0c8ec7ef3b9faf928b1)
|
|
(cherry picked from commit b0d0ac4a822b36e4f0cfae82db06ee71581de51f)
|
|
Fixed migration 'subnet' option in l2tp, sstp, pppoe.
'subnet' option can contain several values.
(cherry picked from commit 21e5db430f93fd48ebc598ddf95c67d77485f5f5)
|
|
Rewritten PPTP to get_config_dict
Fixed 'dynamic-author' commands. These commands did not create
anything in accel-ppp config.
(cherry picked from commit f39eb894d991d296a82c69d1ab783011b5d0ed2f)
|
|
Rewritten L2TP to get_config_dict
Rewritten L2TP xml to accel-ppp patterns
Migrated 'idle' to 'ppp-options.lcp-echo-timeout'
Migrated 'authentication.mppe' to 'ppp-options.mppe'
Migrated 'authentication.radius.dae-server' to
'authentication.radius.dynamic-author'
Migrated 'authentication.require' to 'authentication.protocol'
Added 'authentication.radius.acct-interim-jitter'
Added 'authentication.radius.preallocate-vif'
Added 'authentication.radius.server.<IP>.acct-port'
Added 'ppp-options.ipv4'
Added smoke-tests
Fixed 'preallocate-vif' in SSTP
(cherry picked from commit 09e0a2ca035ee39a68a510b28cc74560669d0420)
|
|
(cherry picked from commit 3a9688ddb07f6bac1eb92aa13c20e897129e8958)
|
|
login: T5875: restore home directory permissions only when needed (backport #2726)
|
|
image-tools: T5883: preserve file owner in /config on add system update (backport #2731)
|
|
This improves commit 3c990f49e ("login: T5875: restore home directory
permissions when re-adding user account") in a way that the home directory
owner is only altered if it differs from the expected owner.
Without this change on every boot we would alter the owner which could increase
the boot time if the home of a user is cluttered.
(cherry picked from commit 1b364428f79b7e4588a000fca40582ef968fc7fd)
|
|
(cherry picked from commit 9f66b9ccfa25f56c209d90a0ad5ad779f3963bee)
|
|
A tunnel interface can not properly be sourced from a pppoe0 interface when
such interface is not (yet) connected to the BRAS. It might work on a running
system, but subsequent reboots will fail as the source-interface most likely
does not yet exist.
(cherry picked from commit 66ce19058b7b8597536ddf63bbca027add2ca8a1)
|
|
interfaces
Interfaces matching the following regex (ppp|pppoe|sstpc|l2tp|ipoe)[0-9]+ can
not be used as source-interface for e.g. a tunnel.
The main reason is that these are dynamic interfaces which come and go from a
kernel point of view, thus it's not possible to bind an interface to them.
(cherry picked from commit 5062f5d313548d6ebb9c07fee6b6d6be25b8f8f0)
|
|
T5474: establish common file name pattern for XML conf mode commands (backport #2729)
|
|
We will use _ as CLI level divider. The XML definition filename and also
the Python helper should match the CLI node.
Example:
set interfaces ethernet -> interfaces_ethernet.xml.in
set interfaces bond -> interfaces_bond.xml.in
set service dhcp-server -> service_dhcp-server-xml.in
(cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)
|
|
firewall: T5834: Rename 'enable-default-log' to 'default-log' (backport #2651)
|
|
T5870: ipsec remote access VPN: add x509 ("pubkey") authentication. (backport #2707)
|
|
(cherry picked from commit 656934e85cee799dba5b495d143f6be445ac22d5)
|
|
`include/firewall/rule-log-options.xml.i` is now more aptly renamed to
`include/firewall/log-options.xml.i`.
(cherry picked from commit 53a48f499ae9bcc2f657136bb7779b38aad1c242)
|
|
This file is a left over from previous refactoring and no longer
referenced anywhere in the interface definitions.
(cherry picked from commit f8f382b2195da8db8b730f107ffba16e67dac822)
|
|
One can now do `set policy route foo default-log` which will add log
to the policy route chain.
(cherry picked from commit 6278ce9b7cb2060c8226a60ccbdb580a0d8a3fb5)
|
|
(cherry picked from commit 7c40b70af9def9242b30d1fc949288d9da2bd027)
|
|
Rename chain level defaults log option from `enable-default-log` to
`default-log` for consistency.
(cherry picked from commit 245e758aa2ea8779186d0c92d79d33170d036992)
|
|
ipsec: T1210: add smoketest for remote-access (road-warrior) users (backport #2722)
|
|
This extends commit f9207ed4a ("ipsec: T1210: add smoketest for remote-access
(road-warrior) users") in a way that also the IPv4 pool and its DNS servers get
validated. There is no separate IPv6 test, as both address families behave
the same way when configuring these.
(cherry picked from commit 1e46cd606d9d87226fe0400bf3a53bda360808d8)
|
|
(cherry picked from commit 1a84c4d0e6ff88b650bcfc8ba81827af7fc079f3)
|
|
vyos.template: T5869: first_host_address() does not honor RFC4291 section 2.6.1 (backport #2704)
|
|
tacacs: T141: Wrap string in double quotes to allow expansion (backport #2715)
|
|
system: T5877: Shorten system domain-search config path (backport #2718)
|