summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-01-01nat: T2199: rename iptables -> nftables variable prefixChristian Poessinger
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python
2021-12-31smoketest: ipsec: T4126: verify configured priorityChristian Poessinger
2021-12-31smoketest: ipsec: make use of setUpClass()Christian Poessinger
2021-12-31Merge pull request #1129 from sever-sever/T4126Christian Poessinger
ipsec: T4126: Ability to set priorities for installed policy
2021-12-31ipsec: T4126: Ability to set priorities for installed policyViacheslav
Add priority for policy based IPSec VPN tunnels If 2 tunnels have the same pair of local and remote traffic selectors (prefixes) it allows to set more preforable install policy from required peer The lowest priority is more preforable
2021-12-31firewall: xml: T4100: increase maximum number of rules to 999999Christian Poessinger
2021-12-31snmp: T4124: remove snmp.py from vyos-configdChristian Poessinger
Commit 566f7f24 ("snmp: T4124: migrate to get_config_dict()") changed the internal structure to support vyos-configd. When using SNMPv3 we need to alter the running config by replacing the plaintext-password with an encrypted one, this is not allowed with vyos-configd.
2021-12-30smoketest: snmp: T4124: locally connect to SNMP service and retrieve dataChristian Poessinger
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger
2021-12-30Merge pull request #1128 from zdc/T4121-sagittaKim
dhclient: T4121: Fixed resolv.conf generation at early boot stage
2021-12-30dhclient: T4121: Fixed resolv.conf generation at early boot stagezsdc
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils.
2021-12-29Merge pull request #1126 from justsecure/currentChristian Poessinger
webproxy: T4116: Ability to listen on IPv6 addresses
2021-12-29configd: T4086: use 'copy' on mutable global var default_config_dataJohn Estabrook
2021-12-29webproxy: T4116: Ability to listen on IPv6 addressesAndreas
IPv6 addresses on webproxy/SQUID where not added correctly. They need to be added in brackets. Modified squid.conf.tmpl to bracketize the address
2021-12-29Improve IPsec help stringsDaniil Baturin
2021-12-29More consise consistent help strings for listen-address commandsDaniil Baturin
2021-12-29Improve tunnel interface help stringsDaniil Baturin
2021-12-28Merge pull request #1123 from sever-sever/T4111Christian Poessinger
ipsec: T4111: Fix for swanctl configuration IPV6 peers
2021-12-28ipsec: T4111: Fix for swanctl configuration IPV6 peersViacheslav
Peer name must not contain dots and colons, otherwise swanct can't generate correct configuration for swanctl.conf This is used in connection names and child SA names Add filter 'dot_colon_to_dash' which replace dots and colons
2021-12-27smoketest: snmp: T4093: v3 user requires a groupChristian Poessinger
2021-12-27snmp: T4093: add missing verify() step for required group per snmp v3 userChristian Poessinger
2021-12-27Merge pull request #1116 from sever-sever/T4039Christian Poessinger
syslog: T4039: Add protocol23format logging for UDP
2021-12-27syslog: T4039: Add protocol23format logging for UDPViacheslav
Add protocol23format for rsyslog protocol UDP Add ability to use IPv6 addresses (bracketize_ipv6) for protocol TCP and UDP, when protocol is configured explicity
2021-12-26smoketest: ospf: use setUpClass()/tearDownClass() for route-mapsChristian Poessinger
2021-12-26xml: ospfv3: remove leading whitespaces from ospfv3/no-summary.xml.iChristian Poessinger
2021-12-26ospfv3: T4107: add support for "default-information originate"Christian Poessinger
2021-12-26ospfv3: T4108: add support for auto-cost parameterChristian Poessinger
2021-12-26ospfv3: T4102: nssa area support both no-summary and default-originateChristian Poessinger
2021-12-26flow-accounting: T4097: move configuration file to /runChristian Poessinger
2021-12-26flow-accounting: T4097: bugfix removing service from CLIChristian Poessinger
2021-12-26smoketest: flow-accounting: adjust to CLI change (source-address)Christian Poessinger
2021-12-26http: api: T4055: add VRF supportChristian Poessinger
2021-12-25https: T1443: remove duplicate CLI definitionChristian Poessinger
2021-12-25Merge branch 't4097-flow-accounting' into currentChristian Poessinger
* t4097-flow-accounting: flow-accounting: T4106: support specification of capture packet length flow-accounting: T4105: drop "sflow agent-address auto" flow-accounting: T4099: rename "netflow source-ip" to source-address flow-accounting: T4097: move to get_config_dict()
2021-12-25flow-accounting: T4106: support specification of capture packet lengthChristian Poessinger
2021-12-25flow-accounting: T4105: drop "sflow agent-address auto"Christian Poessinger
The implementation of the "auto" option to specify the sflow/netflow agent-address is very error prone. The current implementation will determine the IP address used for the "auto" value as follow: Get BGP router-id 1) If not found use OSPF router-id 2) If not found use OSPFv3 router-id 3) If not found use "the first IP address found on the system Well, what is the "first IP address found"? Also this changes if DHCP is in use. Also another disadvantage is when the BGP/OSPF/OSPFv3 router-id is changed, the agent-address is not updated upon the next reboot of the system. This task is about removing the "auto" keyword from the CLI at all and make it either entirely configurable by the user and hardcode the value in CLI, or not use this at all. If "auto" is specified we will query the system in the above order and set the proper router-id in the CLI. If none can be found the CLI node is removed.
2021-12-25flow-accounting: T4099: rename "netflow source-ip" to source-addressChristian Poessinger
sFlow uses the source-address CLI node and netflow uses source-ip this is just confusing and should be synced to the common source-address CLI node.
2021-12-25flow-accounting: T4097: move to get_config_dict()Christian Poessinger
2021-12-25Merge pull request #1115 from sever-sever/T4081Christian Poessinger
keepalived: T4081: Fix health-checking when syn-group is used
2021-12-25ospfv3: T4102: add support for NSSA area-typeChristian Poessinger
2021-12-25op-mode: ospfv3: T4095: add missing VRF commandsChristian Poessinger
2021-12-24smoketest: ospf: enable FRR debuggingChristian Poessinger
2021-12-24smoketest: flow-accounting: add sflow and netflow testcasesChristian Poessinger
2021-12-23Merge pull request #1119 from sever-sever/T3854Christian Poessinger
conntrack-sync: T3854: Add missed statistics for op-mode
2021-12-23conntrack-sync: T3854: Add missed statistics for op-modeViacheslav
After rewriting conntrack-sync to XML/python part of op-mode parameters was missed Add "status" and "statistics" for conntrack-sync
2021-12-21Merge pull request #1117 from sever-sever/T4056Christian Poessinger
interface: T4056: Fix unexpected delete tc qdisc
2021-12-21interface: T4056: Fix unexpected delete tc qdiscViacheslav
Traffic-policy rules are generated by old Perl code This commit prevents to unexpected override this code by python.
2021-12-21keepalived: T4081: Fix health-checking when syn-group is usedViacheslav
If health-check scripts are used in vrrp group and vrrp group is membmer of sync-group, then health-check scripts should be part of the section "vrrp_sync_group". In other case the health-scripts won't work anymore.
2021-12-21Merge pull request #1114 from sever-sever/T3435-natChristian Poessinger
nat: T3435: Fix for op-mode concatenate str