summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-04-02configverify: T6198: add common helper for PKI certificate validationChristian Breunig
The next evolutional step after adding get_config_dict(..., with_pki=True) is to add a common verification function for the recurring task of validating SSL certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
2024-04-02Merge pull request #3229 from c-po/multi-vrfChristian Breunig
T6192: allow binding SSH to multiple VRF instances
2024-04-02Merge pull request #3230 from c-po/syntax-cleanupChristian Breunig
firewall: nat: policy: vrf: nft call syntax and import cleanup
2024-04-02Merge pull request #3232 from aapostoliuk/T6196-circinusChristian Breunig
T6196: Fixed applying parameters for aggregation in BGP
2024-04-02T6196: Fixed applying parameters for aggregation in BGPaapostoliuk
Fixed using 'route-map', 'as-set' and 'summary-only' together in aggregation in BGP
2024-04-01Merge pull request #3212 from fett0/T6151fett0
bgp: T6151: Allow configuration of disable-ebgp-connected-route-check
2024-04-01init: T3355: always use full nft command name (e.g. --file over -f)Christian Breunig
2024-04-01firewall: T970: always use full nft command name (e.g. --file over -f)Christian Breunig
2024-04-01conntrack: T4309: T4903: always use full nft command name (e.g. --file over -f)Christian Breunig
2024-04-01nhrp: T2199: always use full nft command name (e.g. --file over -f)Christian Breunig
2024-04-01policy: T2199: always use full nft command name (e.g. --file over -f)Christian Breunig
2024-04-01nat: T2199: always use full nft command name (e.g. --file over -f)Christian Breunig
2024-04-01vrf: T3655: always use full nft command name (e.g. --check over -c)Christian Breunig
2024-04-01firewall: T2199: always use full nft command name (e.g. --file over -f)Christian Breunig
2024-04-01ssh: T6192: allow binding to multiple VRF instancesChristian Breunig
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF.
2024-04-01utils: T5738: always use vyos.utils.network.interface_exists over os.path.existsChristian Breunig
2024-04-01xml: T5738: extend VRF building blocks with common constraint definitionChristian Breunig
2024-04-01 T6188:l0crian1
- modified: src/op_mode/firewall.py Changed behavior of "show firewall" for specific rule to only show rule and not also default-action
2024-04-01 modified: op-mode-definitions/firewall.xml.inl0crian1
- Added show firewall <sections> detail paths modified: src/op_mode/firewall.py - Added Description as a header to normal "show firewall" commands - Added 'detail' view which shows the output in a list key-pair format Description column was added for these commands and their subsections: show firewall statistics show firewall groups show firewall <family> Detail view was added for these commands: show firewall bridge forward filter detail show firewall bridge forward filter rule <rule#> detail show firewall bridge name <chain> detail show firewall bridge name <chain> rule <rule#> detail show firewall ipv4 forward filter detail show firewall ipv4 forward filter rule <rule#> detail show firewall ipv4 input filter detail show firewall ipv4 input filter rule <rule#> detail show firewall ipv4 output filter detail show firewall ipv4 output filter rule <rule#> detail show firewall ipv4 name <chain> detail show firewall ipv4 name <chain> rule <rule#> detail show firewall ipv6 forward filter detail show firewall ipv6 forward filter rule <rule#> detail show firewall ipv6 input filter detail show firewall ipv6 input filter rule <rule#> detail show firewall ipv6 output filter detail show firewall ipv6 output filter rule <rule#> detail show firewall ipv6 name <chain> detail show firewall ipv6 name <chain> rule <rule#> detail show firewall group detail show firewall group <group> detail
2024-04-01Merge pull request #3223 from c-po/T6193-dhcp-clientDaniil Baturin
system: T6193: invalid warning "is not a DHCP interface but uses DHCP name-server option"
2024-04-01Merge pull request #3224 from c-po/T2590-dhcpv6-clientDaniil Baturin
dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domains
2024-04-01Merge pull request #3222 from HollyGurza/T6178Christian Breunig
T6178: Check that certificate exists during reverse-proxy commit
2024-04-01dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domainsChristian Breunig
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which was present to update /etc/resolv.conf with the DHCP specified nameservers and also the search domain list was no longer present. This commit adds a per interface rendered script to inform vyos-hostsd about the received IPv6 nameservers and search domains.
2024-04-01system: T6193: invalid warning "is not a DHCP interface but uses DHCP ↵Christian Breunig
name-server option" This fixes an invalid warning when using a DHCP VLAN interface to retrieve the system nameserver to be used. VLAN CLI config is not properly expanded leading to a false warning: [ system name-server eth1.10 ] WARNING: "eth1.10" is not a DHCP interface but uses DHCP name-server option!
2024-04-01T6178: Check that certificate exists during reverse-proxy commitkhramshinr
2024-03-31bgp: T6151: Fix description in PEER disable-connected-checkfett0
2024-03-31Merge pull request #3211 from jestabro/tree-maskViacheslav Hletenko
T6185: simplify marshalling of section and config data for config-sync
2024-03-30Merge pull request #3195 from HollyGurza/T4718-currentChristian Breunig
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf
2024-03-30Merge pull request #3218 from dmbaturin/half-cpusChristian Breunig
accel-ppp: T6187: use correct CPU counts adjusted for SMT
2024-03-30accel-ppp: T6187: use correct CPU counts adjusted for SMTDaniil Baturin
2024-03-30T6188: add description to show firewalll0crian1
2024-03-30Merge pull request #3213 from HollyGurza/T6106Daniil Baturin
bgp: T6106: Valid commit error for route-reflector-client option defined in peer-group
2024-03-30Merge pull request #3215 from jestabro/fix-annotationDaniil Baturin
image-tools: T6186: simplify image annotations fixing regression
2024-03-29image-tools: T6186: simplify image annotations fixing regressionJohn Estabrook
2024-03-29bgp: T6151: Fix description in PEER disable-connected-checkfett0
2024-03-29bgp: T6151: Allow configuration of disable-ebgp-connected-route-checkfett0
2024-03-29bgp: T6106: Valid commit error for route-reflector-client option defined in ↵khramshinr
peer-group changed exception condition Improved route_reflector_client test
2024-03-29bgp: T6010: Allow configuration of disable-ebgp-connected-route-checkfett0
2024-03-28T6121: add section system time-zoneJohn Estabrook
2024-03-28config-sync: T6185: combine data for sections/configs in one commandJohn Estabrook
Package path/section data in single command containing a tree (dict) of section paths and the accompanying config data. This drops the call to get_config_dict and the need for a list of commands in request.
2024-03-28configtree: T6180: add masking function mask_inclusiveJohn Estabrook
2024-03-28Merge pull request #3210 from sarthurdev/T6174Christian Breunig
dhcp: T6174: Add TACACS/Radius users to _kea group
2024-03-28dhcp: T6174: Add TACACS/Radius users to _kea groupsarthurdev
Also raise op-mode error when unable to fetch data from Kea socket
2024-03-28Merge pull request #3198 from HollyGurza/T6159Christian Breunig
openvpn: T6159: Openvpn Server Op-cmd adds heading "OpenVPN status on vtunx" for every client connection
2024-03-28Merge pull request #3207 from dmbaturin/T3664-grub-chrootChristian Breunig
vyos.system.grub: T3664: add chroot argument to the GRUB install function
2024-03-28Merge pull request #3208 from dmbaturin/T3664-template-env-varChristian Breunig
vyos.template: T3664: add an environment variable for template location
2024-03-28vyos.template: T3664: add an environment variable for template locationDaniil Baturin
to allow unmodified code to be executed from anywhere, even outside of VyOS installations
2024-03-28vyos.system.grub: T3664: add chroot argument to the GRUB install functionDaniil Baturin
to faciliate running it outside of a VyOS installation
2024-03-28Merge pull request #3200 from sever-sever/T5832Daniil Baturin
T5832: VRRP allow set interface for exluded-address
2024-03-28Merge pull request #3202 from sarthurdev/T5606_1Daniil Baturin
ipsec: T5606: T5871: Use multi node for CA certificates