summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-05-31T6422: Smoke test for NS record configration in authoritative DNS, typo & ↵Haim Gelfenbeyn
style fixes (cherry picked from commit f2d0701f50061374b5a4f55d33201629b3293248)
2024-05-31dns: T6422: allow multiple redundant NS recordsHaim Gelfenbeyn
NS is unlike CNAME or PTR, multiple NS records are perfectly valid and is a common use case: multiple redundant DNS servers is a common configuration and should be supported. (cherry picked from commit 19d8415512dcf87dc3a87feabf128652ffc74594)
2024-05-31Merge pull request #3566 from vyos/mergify/bp/sagitta/pr-3564Christian Breunig
op-mode: T683: remove superfluous debug print in snmpv3 display code (backport #3564)
2024-05-31Merge pull request #3565 from vyos/mergify/bp/sagitta/pr-3563Christian Breunig
conntrack: T6396: correction to helper message for ipv4/ipv6 custom timeout rule (backport #3563)
2024-05-31op-mode: T683: remove superfluous debug print in snmpv3 display codeChristian Breunig
This was a leftover from the early days. (cherry picked from commit d5271e084cca8af54f425816916a821b0eab1a5a)
2024-05-31conntrack: T6396: correction to helper message for custom timeout ruleGiggum
(cherry picked from commit 0c75e2470f8db900ffcac4e3c84669b6aa4580dd)
2024-05-30Merge pull request #3559 from vyos/mergify/bp/sagitta/pr-3531Christian Breunig
reverse-proxy: T6409: Remove unused backend parameters (backport #3531)
2024-05-30Merge pull request #3558 from vyos/mergify/bp/sagitta/pr-3510Daniil Baturin
T4576: Accel-ppp logging level configuration (backport #3510)
2024-05-30reverse-proxy: T6409: unindent migration script code pathChristian Breunig
(cherry picked from commit dd2516904527c74e01e0ced5166afe72a479ee00)
2024-05-30reverse-proxy: T6409: Remove unused backend parametersAlex W
(cherry picked from commit fb6602f431f5595b97ea3726467ec782fa50ceb8)
2024-05-30T4576: Accel-ppp logging level configurationkhramshinr
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve (cherry picked from commit 4d84f786f64d2b80046100ead5d0e8c1eef7418c)
2024-05-30Merge pull request #3556 from vyos/mergify/bp/sagitta/pr-3552Christian Breunig
op-mode: ipsec: T6407: fix profile generation (backport #3552)
2024-05-30op-mode: ipsec: T6407: fix profile generationChristian Breunig
Commit 952b1656f51 ("ipsec: T5606: T5871: Use multi node for CA certificates") added support for multiple CA certificates which broke the OP mode command to generate the IPSec profiles as it did not expect a list and was rather working on a string. Now multiple CAs can be rendered into the Apple IOS profile. (cherry picked from commit e6fe6e50a5c817e18c453e7bc42bb2e1c4b17671)
2024-05-30Merge pull request #3555 from vyos/mergify/bp/sagitta/pr-3546Christian Breunig
reverse-proxy: T6419: build full CA chain when verifying backend server (backport #3546)
2024-05-30Merge pull request #3554 from vyos/mergify/bp/sagitta/pr-3547Christian Breunig
container: T6406: fix NameError: name 'vyos' is not defined (backport #3547)
2024-05-30Merge pull request #3553 from vyos/mergify/bp/sagitta/pr-3551Christian Breunig
hostname: T6421: enforce explicit CLI priority for host-name and domain-name (backport #3551)
2024-05-30reverse-proxy: T6419: build full CA chain for frontend SSL certificateChristian Breunig
(cherry picked from commit 4b189a76c0a9a28504aab6715658840b929fc243)
2024-05-30reverse-proxy: T6419: build full CA chain when verifying backend serverChristian Breunig
(cherry picked from commit d83a6e5c5dc7e97e773f08bec7ba377530baafc9)
2024-05-30reverse-proxy: T5231: remove frontend ca-certificate code pathChristian Breunig
The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service. (cherry picked from commit 6000c47f068503522b0ccfe57c51f34ad9892e87)
2024-05-30reverse-proxy: T5231: better mark v4v6 listen any addressChristian Breunig
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement, where the later one is more humand readable. Both act in the same way. (cherry picked from commit a2f0b25452c67528077f343d75de09d038e97fee)
2024-05-30op-mode: T5231: add command to restart reverse-proxyChristian Breunig
(cherry picked from commit 2980eb0ad527f0ef0f1527c0ea97842ca2a8ede5)
2024-05-30container: T6406: fix NameError: name 'vyos' is not definedChristian Breunig
Commit 74910564f ("T6406: rename cpus to cpu") did not import the function from the Python module. (cherry picked from commit 8439f8a43e93c0560f1abfc2aa60990f521b4d4d)
2024-05-30vyos.ifconfig: T6421: verify /etc/hostname exists before readingChristian Breunig
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com> (cherry picked from commit cf07a55d183be1f4d28b8b50a0784513d91d6fe2)
2024-05-30hostname: T6421: enforce explicit CLI priority for host-name and domain-nameChristian Breunig
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities! (cherry picked from commit 96d0e23a32a0e1b990ce022546ed7225956a0494)
2024-05-30Merge pull request #3550 from vyos/T6420-contributor-link-update-sagittaChristian Breunig
T6420: updated contributor doc link
2024-05-30T6420: updated contributor doc linkVijayakumar A
2024-05-30Merge pull request #3545 from vyos/mergify/bp/sagitta/pr-3532Christian Breunig
NAT: T6371: fix NAT op mode when list of ports/ranges configured (backport #3532)
2024-05-29nat: T6371: fix op mode display of configured ports when comma separated ↵Ginko
list of ports/ranges exists Before: Issuing the op mode command "show nat source rules" will throw an exception if the user has configured NAT rules using a list of ports as a comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was no handling for the "!" rule and so '!53' would display as '53'. With this PR: Introduced iteration to capture all configured ports and append to the appropriate string for display to the user as well as handling of '!' if present in user's configuration. (cherry picked from commit b7595ee9d328778105c70e3d4399ac45f555b304)
2024-05-29Merge pull request #3544 from vyos/mergify/bp/sagitta/pr-3541Christian Breunig
openvpn: T6374: only check TLS role for s2s if TLS is configured (backport #3541)
2024-05-29openvpn: T6374: only check TLS role for s2s if TLS is configuredDaniil Baturin
(cherry picked from commit f4069582273e1ee9916dea7de1e6ec176db81bc6)
2024-05-29Merge pull request #3538 from vyos/mergify/bp/sagitta/pr-3537Daniil Baturin
ISIS: T6332: Fix isis not working only ipv6 (backport #3537)
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
(cherry picked from commit 03fd368ed263ca28c9b1b5e29f486217784d15ef)
2024-05-28Merge pull request #3536 from vyos/mergify/bp/sagitta/pr-3528Christian Breunig
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS (backport #3528)
2024-05-28openvpn: T6374: ensure that TLS role is configured for site-to-site with TLSDaniil Baturin
(cherry picked from commit 380e998b10341b6dd42bb94d00a9d7a462ada27a)
2024-05-28Merge pull request #3535 from vyos/mergify/bp/sagitta/pr-3530Christian Breunig
T6406: Container CPU limits (backport #3530)
2024-05-28T6406: rename cpus to cpuNicolas Vollmar
(cherry picked from commit 74910564f82e2837cd7eb35ea21f07601e5f8f0d)
2024-05-28T6406: add container cpu limit optionNicolas Vollmar
(cherry picked from commit 81dea053e7178b8fea836a85aacde2a38ffb9e09)
2024-05-28T6406: check for required kernel configNicolas Vollmar
(cherry picked from commit 5146cb23fff56e5a84db8c84120b836ceeae47f2)
2024-05-27smoketest: T6199: remove redundant code when unpacking Kernel GZ configChristian Breunig
(cherry picked from commit 6bcb201a0e7ee9fea5874b963bd3e727ecec578f)
2024-05-27Merge pull request #3527 from vyos/mergify/bp/sagitta/pr-3522Daniil Baturin
smoketest: T6395: check for VFIO options to be present (backport #3522)
2024-05-27smoketest: T6395: check for VFIO options to be presentChristian Breunig
(cherry picked from commit f7b0bc68b7950a6c6e68b9e6708ef8a4b7b9b423)
2024-05-27Merge pull request #3525 from c-po/dhcpv6-T3493-constraintGroupDaniil Baturin
dhcpv6-server: T3493: add constraintGroup for prefix-delegation start/stop address
2024-05-27Merge pull request #3526 from vyos/mergify/bp/sagitta/pr-3523Daniil Baturin
reverse-proxy: T6402: Fix invalid checks in validation script (backport #3523)
2024-05-27reverse-proxy: T6402: Fix invalid checks in validation scriptAlex W
(cherry picked from commit d4d70929a81b2ee1f66a9412a3545911b3874a62)
2024-05-27dhcpv6-server: T3493: add constraintGroup for prefix-delegation start/stop ↵Christian Breunig
address In addition for testing that the supplied IPv6 address ends with ::, we also verify that it's a proper IPv6 address, just in case.
2024-05-26Merge pull request #3520 from vyos/mergify/bp/sagitta/pr-3518Christian Breunig
op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificates (backport #3518)
2024-05-26Merge pull request #3521 from vyos/mergify/bp/sagitta/pr-3517Christian Breunig
op-mode: T6377: must call pki.py helper as root to work with ACME certificates (backport #3517)
2024-05-26op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificatesChristian Breunig
This fixes (for and ACME generated certificate) vyos@vyos:~$ show pki certificate vyos fingerprint sha512 Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module> show_certificate_fingerprint(args.certificate, args.fingerprint) File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint print(get_certificate_fingerprint(cert, hash)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint fp = cert.fingerprint(hash_algorithm) ^^^^^^^^^^^^^^^^ AttributeError: 'bool' object has no attribute 'fingerprint' After the fix: vyos@vyos# run show pki certificate vyos fingerprint sha256 10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2 (cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
2024-05-26op-mode: T6377: must call pki.py helper as root to work with ACME certificatesChristian Breunig
This fixes the error: vyos@vyos:~$ show pki certificate Traceback (most recent call last): File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file raise e File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file with open(fname, 'r') as f: ^^^^^^^^^^^^^^^^ PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem' (cherry picked from commit 65fba1cd27af67c543e120effc12882bd0191f03)
2024-05-26Merge pull request #3519 from c-po/dhcpv6-T3493Christian Breunig
T3493: dhcpv6-server does not have prefix range validation