Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-08-16 | conntrack: T3579: bugfix when deleting non existent iptable rules | Christian Poessinger | |
We only delete iptables rules if they really exist - if we try to delete a non- existing rule a PermissionError exception is thrown. We could either ignore the error code (that is what the old Vyatta code did), or we check what we are doing beforehand. | |||
2021-08-16 | conntrack: T3579: remove debug print() | Christian Poessinger | |
2021-08-16 | ospf: T3757: verify() bugfix for interface area | Christian Poessinger | |
Commit 6f87d8c9 ("ospf: T3757: support to configure area at an interface level") did not allow the old way an area and netwokr was set-up as the if expression was missing a check if 'area' was set in both the interface and the ospf process. | |||
2021-08-15 | Merge pull request #973 from sever-sever/T3702 | Christian Poessinger | |
pbr: T3702: Fix incorrect splits for fwmark | |||
2021-08-15 | pbr: T3702: Fix incorrect splits for fwmark | Viacheslav | |
2021-08-15 | Merge pull request #972 from erkin/current | Christian Poessinger | |
smoketest: conntrack: Update smoketests for new conntrack modules syntax | |||
2021-08-15 | smoketest: ospf: add debug code for redistribution test | Christian Poessinger | |
2021-08-15 | ospf: T3236: improve Jinja2 template - always use if before a loop | Christian Poessinger | |
2021-08-15 | smoketest: ospf: fix type in testcase name #10 | Christian Poessinger | |
2021-08-15 | smoketest: ospf: T3757: test interface area configuration | Christian Poessinger | |
2021-08-15 | smoketest: conntrack: Update smoketests for new conntrack modules syntax | erkin | |
2021-08-15 | ospf: T3757: support to configure area at an interface level | Christian Poessinger | |
FRR supports configuring either network prefixes per area, or assign an interface to an area to participate in the routing process. This is already well known from other venders and supported by FRR. A valid VyOS OSPF configuration would then look like: vyos@vyos# show protocols ospf { interface dum0 { area 0 } interface eth0.201 { area 0 authentication { md5 { key-id 10 { md5-key vyos } } } dead-interval 40 hello-interval 10 priority 1 retransmit-interval 5 transmit-delay 1 } log-adjacency-changes { detail } parameters { abr-type cisco router-id 172.18.254.201 } passive-interface default passive-interface-exclude eth0.201 } | |||
2021-08-15 | conntrack: T3275: bugfix XML generation | Christian Poessinger | |
This commit fixes an error introduced by 43fcc0db0 ("conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new default behavior") as the <valueless/> option can only be used on leafNodes. THis triggered the following build error: ValueError: <valueless/> is only allowed in <leafNode> | |||
2021-08-15 | wireguard: T3756: fix generated qr code header | Boris Manojlovic | |
2021-08-15 | Merge pull request #944 from sever-sever/T3702 | Christian Poessinger | |
pbr: T3702: Add rules match fwmark | |||
2021-08-15 | Merge pull request #970 from jack9603301/T3648 | Christian Poessinger | |
op-mode: nat: T3648: Modify the operation mode script implementation of NAT to fix the existing problem | |||
2021-08-15 | conntrack: T3275: migrate 'disable' syntax to 'enable' syntax for the new ↵ | Lulu Cathrinus Grimalkin | |
default behavior | |||
2021-08-14 | smoketest: shim: wait for commit to be completed | Christian Poessinger | |
This completes commit e7d841d285 ("smoketest: shim: remove superfluous sleep() in getFRRconfig()"). | |||
2021-08-14 | smoketest: shim: remove superfluous sleep() in getFRRconfig() | Christian Poessinger | |
The sleep was intended to handle a FRR issue where the config was/is somehow now available in vtysh even with the commit was done. This rather feels like a race-condition and is fixed in the subsequent commit. | |||
2021-08-14 | vyos.util: T1503: use build in methods to determine current user for ↵ | Christian Poessinger | |
commit_in_progress() | |||
2021-08-14 | op-mode: ipsec: T3745: "show vpn ipse sa" improve sorting | Christian Poessinger | |
2021-08-14 | op-mode: vpn: use over absolute path | Christian Poessinger | |
2021-08-14 | op-mode: combine two "show vpn" definitions | Christian Poessinger | |
2021-08-14 | ospf: T3236: use proper daemon named template file | Christian Poessinger | |
2021-08-14 | op-mode: nat: T3648: Modify the operation mode script implementation of NAT ↵ | jack9603301 | |
to fix the existing problem | |||
2021-08-13 | vyos.util: "harden" is_systemd_service_running() function | Christian Poessinger | |
Inspired by the comments of https://unix.stackexchange.com/a/435317 use a more robust approach. A service can be "active" but not "running" (e.g. restarting with a configuration error). We can now test if a systemd unit is "activated" and if it is "running" at all. >>> from vyos.util import is_systemd_service_active >>> from vyos.util import is_systemd_service_running >>> is_systemd_service_active('ssh') True >>> is_systemd_service_running('sshd') False >>> is_systemd_service_running('ssh') True | |||
2021-08-13 | vrf: T3734: T3728: vni must be configured with a higher priority then bgpd | Christian Poessinger | |
When removing bgp (vrf) instances the assigned VRF vni must be deleted from FRR prior the removal of the bgp settings (T3734). This is now done by moving the CLI command "set vrf name red vni 1000" to a dedicated Python script with a priority higher then bgp. | |||
2021-08-13 | Merge pull request #969 from sarthurdev/T3752 | Christian Poessinger | |
pki: T3752: Fix file output for certificate requests | |||
2021-08-13 | Merge pull request #968 from sever-sever/T3738 | Christian Poessinger | |
openvpn: T3738: Disable authentication option for server mode | |||
2021-08-13 | pki: T3752: Fix file output for certificate requests | sarthurdev | |
2021-08-13 | xml: T3234: update instead of overwrite on repeated path | John Estabrook | |
2021-08-13 | openvpn: T3738: Disable authentication option for server mode | Viacheslav | |
2021-08-13 | Merge pull request #914 from sever-sever/T3673 | Christian Poessinger | |
policy: T3673: Add set large-comm-list for route-map | |||
2021-08-13 | Merge pull request #967 from sever-sever/T3708-curr | Christian Poessinger | |
isis: T3708: Fix errors in MTU calculation | |||
2021-08-13 | policy: T3673: Add set large-comm-list-delete for route-map | Viacheslav | |
2021-08-13 | isis: T3708: Fix errors in MTU calculation | Viacheslav | |
2021-08-13 | nginx: T3740: use bracketize_ipv6 Jinja2 filter on server address | Christian Poessinger | |
2021-08-12 | Merge pull request #966 from kroy-the-rabbit/T3749 | John Estabrook | |
T3749: Moving some counters into the proper loop | |||
2021-08-12 | T3749: Moving some counters into the proper loop | Kroy | |
2021-08-12 | login: T3746: inform users about pending reboots | Christian Poessinger | |
2021-08-12 | Merge pull request #963 from FileGo/T3744 | Christian Poessinger | |
dns: T3744: fixed dns fwd statistics formatting | |||
2021-08-12 | dns: T3744: fixed dns fwd statistics formatting | FileGo | |
2021-08-11 | Merge pull request #962 from jestabro/T3732 | John Estabrook | |
T3732: merge leafNodes containing a defaultValue with default-less leafNodes of same path | |||
2021-08-11 | xml: T3732: merge leafNode with defaultValue with leafNode(s) of same path | John Estabrook | |
2021-08-11 | bgp: T3739: add common route-distinguisher XML building block | Christian Poessinger | |
2021-08-11 | GitHub: fix typo in PR template | Christian Poessinger | |
2021-08-11 | xml: T3732: simplifications for merging defaultValue and default-less nodes | John Estabrook | |
2021-08-11 | smoketest: ospf: add logger to passive-interface test | Christian Poessinger | |
2021-08-11 | accel-ppp: T3731: eliminate service name from error message | Christian Poessinger | |
VyOS will automatically append the subsystem name (pppoe-server or sstp) when something goes wrong. No need to hardcode this into the error string a second time. | |||
2021-08-10 | Merge pull request #961 from sarthurdev/T3727 | Christian Poessinger | |
ipsec: T3727: Fix ESP proposals not being set from tunnel esp-group |