summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-02-16wireless: T4240: bugfix interface bridgingChristian Poessinger
VLAN isolation can not be "set" when interface is of type wifi.
2022-02-15Merge pull request #1223 from sever-sever/T4237-curChristian Poessinger
conntrack-sync: T4237: Fix checks for listen-address list to str
2022-02-15conntrack-sync: T4237: Fix checks for listen-address list to strViacheslav Hletenko
Verify section conntrack_sync.py funciton 'is_addr_assigned' should checks address as string not as list (cherry picked from commit c41c51e4ed7ceb293161014a73bdd350162c3300)
2022-02-15Merge pull request #1220 from chenxiaolong/T4244Christian Poessinger
pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert name
2022-02-14pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert nameAndrew Gunnerson
This commit fixes a small typo where the client cert name was being used to index the CA configuration dict. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-14tunnel: T4154: import cleanupChristian Poessinger
2022-02-14tunnel: T4154: verify() no more then one GRE tunnel is used w/o "ip key" per ↵Christian Poessinger
interface It is impossible for the OS kernel to distinguish multiple GRE tunnels when no "gre key" is configured when sourcing tunnels from the same interface.
2022-02-13ethernet: T4242: speed/duplex can never be switched back to auto/autoChristian Poessinger
2022-02-13vrf: T4191: bugfix for "ip rule" when VRFs are createdChristian Poessinger
We always mangled and worked on the "ip rule" singleton even when nothing needed to be changed. This resulted in a VRF hickup when the same VRF was added and removed multiple times. set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit delete interfaces ethernet eth1 vrf delete vrf commit set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit broke reachability on eth1 - a reboot was required. This change will now only alter the ip rule tables once when VRF instances are created for the first time and will not touch the Kernel "ip rule" representation afterwards.
2022-02-13vyos.util: T4191: add new sysctl() helper functionChristian Poessinger
2022-02-12policy: T2199: bugfix verify_rule() on negated groupsChristian Poessinger
Related to #1215
2022-02-11Merge pull request #1214 from sever-sever/T3686Christian Poessinger
openvpn: T3686: Fix for check local-address in script and tmpl
2022-02-11Merge pull request #1217 from sever-sever/T4236Christian Poessinger
openvpn: T4236: Add generator for ovpn configurations in op-mode
2022-02-11Merge pull request #1216 from sever-sever/T3872Christian Poessinger
smoketest: T3872: Fix token check for monitoring test
2022-02-10openvpn: T4236: Add generator for ovpn configurations in op-modeViacheslav Hletenko
This generator generates client .ovpn files with required initial configuration It gets information from interface vtun, pki ca and certificates
2022-02-10Merge pull request #1133 from zdc/T1925-sagittaDaniil Baturin
ipsec: T1925: Fixed `show vpn ipsec sa` output
2022-02-10smoketest: T3872: Fix token check for monitoring testViacheslav Hletenko
As INFLUX_TOKEN is present in override.conf.tmpl environment we expect variable "$INFLUX_TOKEN" in the telegraf template and config but not value of the token
2022-02-10Merge pull request #1213 from jestabro/config-diffChristian Poessinger
configtree: T4235: encapsulate config tree diff function
2022-02-09openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template
2022-02-09openvpn: T4230: Delete checks if local-host address assignedViacheslav Hletenko
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address
2022-02-08configtree: T4235: encapsulate config tree diff functionJohn Estabrook
2022-02-08Merge pull request #1208 from sever-sever/T3600Christian Poessinger
dhcp: T3600: Fix DHCP static table dhcp-interface route
2022-02-08Merge pull request #1209 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Add input filter for firewall InfluxDB2
2022-02-08monitoring: T3872: Add input filter for firewall InfluxDB2Viacheslav Hletenko
Input filter for firewall allows to get bytes/counters from nftables in format, required for InfluxDB2
2022-02-07xml: ssh: T4233: sync regex for allow/deny usernames to "system login"Christian Poessinger
2022-02-07dhcp: T3600: Fix DHCP static table dhcp-interface routeViacheslav Hletenko
Static table dhcp-interface route required table in template Without table this route will be placed to table 'main' by default
2022-02-06smoketest: bond: T4228: verify bond member is only used onceChristian Poessinger
2022-02-06config: T4228: is_member() must return all instances not only the last oneChristian Poessinger
2022-02-05vrrp: T4226: transition-script does not work for groups containing a hypen (-)Christian Poessinger
2022-02-05Merge pull request #1200 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Fix template input plugin for running services
2022-02-05Merge pull request #1206 from sarthurdev/T4209Christian Poessinger
firewall: T4209: Fix support for rule `recent` matches
2022-02-05Merge pull request #1207 from sever-sever/T4151Christian Poessinger
policy: T4151: Delete unexpected print added in commit c501ae0f
2022-02-05Merge pull request #1205 from srividya0208/T4227Christian Poessinger
T4227:Bridge: Typo in completion help of hello-time option
2022-02-04policy: T4151: Delete unexpected print added in commit c501ae0fViacheslav Hletenko
2022-02-04firewall: T4209: Fix support for rule `recent` matchessarthurdev
2022-02-03T4227:Bridge: Typo in completion help of hello-time optionsrividya0208
There is spelling mistake in "advertisement" of hello-time option's completion help
2022-02-03Merge pull request #1201 from sarthurdev/T4178_2Christian Poessinger
firewall: T4178: Fix only inverse matching on tcp flags
2022-02-03firewall: T4178: Fix only inverse matching on tcp flagssarthurdev
2022-02-02monitoring: T3872: Fix template input plugin for running servicesViacheslav Hletenko
Add required capability for input scripts which collect statistics of running services
2022-02-01Revert "dhclient: T3392: remove /usr/sbin prefix from iproute2 ip command"Christian Poessinger
This reverts commit 78b247b724f74bdabab0706aaa7f5b00e5809bc1.
2022-01-31upnpd: T3420: code cleanupChristian Poessinger
2022-01-31upnpd: T3420: use proper include directivesChristian Poessinger
2022-01-31smoketest: upnpd: T3420: refine code and re-use pathsChristian Poessinger
2022-01-31Merge pull request #1196 from hensur/current-ipv6-local-route-iifChristian Poessinger
policy: T4219: add local-route(6) inbound-interface support
2022-01-31Merge pull request #1199 from sarthurdev/T4218Christian Poessinger
firewall: T4218: T4216: Add prefix to user defined chains, support negated groups, fixes
2022-01-31Merge pull request #1198 from vyos/force_to_listChristian Poessinger
T4221: add force_to_list Jinja2 filter
2022-01-31T4221: add force_to_list Jinja2 filterDaniil Baturin
2022-01-31firewall: T2199: Fix errors when referencing an empty chainsarthurdev
2022-01-30firewall: T2199: Add constraint for tagnode namessarthurdev
2022-01-30policy: T4219: add local-route(6) incoming-interfaceHenning Surmeier