Age | Commit message (Collapse) | Author |
|
pki: T6241: remove debug print statement about updated subsystems
|
|
pki: T4026: Only emit private keys when available
|
|
wireless: T6318: move country-code to a system wide configuration
|
|
|
|
T6494: Update sonarcloud.yml and add more branches for scanning
|
|
|
|
openvpn: T5487: Fix migration smoketests commands
|
|
|
|
Wireless devices are subject to regulations issued by authorities. For any
given AP or router, there will most likely be no case where one wireless NIC is
located in one country and another wireless NIC in the same device is located
in another country, resulting in different regulatory domains to apply to the
same box.
Currently, wireless regulatory domains in VyOS need to be configured per-NIC:
set interfaces wireless wlan0 country-code us
This leads to several side-effects:
* When operating multiple WiFi NICs, they all can have different regulatory
domains configured which might offend legislation.
* Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply
regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US"
This is true for the Compex WLE600VX. This setting cannot be done
per-interface.
Migrate the first found wireless module country-code from the wireless
interface CLI to: "system wireless country-code"
|
|
* install_certificate() code path handles private_key=None &
key_passphrase=None OK already
* file and console output paths will error trying to encode None as a key
* This is only an issue for a couple of the generate_*_sign() functions,
where having a null private key is possible
* Self-signing and CA creation always generate a private key
* Certreqs will generate a private key if not already provided
* Do not prompt for a private key passphrase if we aren't giving back a
private key
|
|
Commit 9f9891a2099 ("pki: T6241: Fix dependency updates on PKI changes") added
a print() statement which notified the users about the subsystems which got
supplied with an updated certificate.
Example:
> PKI: Updating config: interfaces openvpn vtun0 tls certificate openvpn_vtun0
> PKI: Updating config: interfaces openvpn vtun0 tls ca_certificate openvpn_vtun0_1
This is an informational message which should maybe (if needed) be sent to
syslog. But the main issue is that CLI paths are mangled (- to _) which makes
the about print output wrong and could potentially confuse users.
Statement has been commented to be re-enabled for debugging.
|
|
openvpn: T5487: make migration script executable
|
|
Migration script introduced in commit 0f669a226 ("openvpn: T5487: Remove
eprecated option --cipher for server and client mode") lacked executable
permission.
|
|
op-mode: T6480: must call pki.py helper as root to work with ACME certificates
|
|
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required
|
|
T6487: updated central workflows to use current branch
|
|
|
|
required
If the requested certificate to generate an Apple IOS profile was based on an
ACME certificate, we also need to mangle in the ACME certs content to retrieve
the certificates issuer name.
|
|
This is an addition to commit 65fba1cd2 ("op-mode: T6377: must call pki.py
helper as root to work with ACME certificates") which missed out the basic
"show pki" command, as the <command> XML node was deep down in the view.
|
|
openvpn: T5487: Remove deprecated option --cipher for server and client mode
|
|
T6456: Convert "monitor traffic" to modern op-mode wrapper
|
|
T6045: Recreate show lldp detail views & improve remote port selection
|
|
op_mode: T6227: Rewrite show conntrack-sync cache internal to use tabulate output
|
|
T6476: added sonarcloud workflow
|
|
output
|
|
|
|
bgp: T6473: missing completion helper for peer-groups inside a VRF
|
|
Using BGP peer-groups inside a VRF instance will make use if the global VRFs
peer-group list during tab-completion and not the peer-groups defined within
the BGP instance of the given VRF.
|
|
|
|
The old "monitor traffic" definition had misaligned arguments under the verbose node
and manually offered the same parameter keyword in multiple positions to emulate
flexible parameters.
I've wrapped tcpdump for op-mode and replicated the "varargs" style from mtr.py/mtr.xml.in
to present a few more parameters in a more flexible manner.
Changes to the Makefile were required for recursive varargs lookup.
|
|
If the remote device has explicitly sent the interface name as the portID,
we should use that first as the interface name, before working through
the previous priority order.
I've brought back LLDP detail views directly calling lldpcli. This can be
extended to render a template from op_mode/lldp.py, but lldpcli isn't bad
at rendering readable info. Raw mode (including detailed raw) is still
accessible for programmatic access.
|
|
firewall: T3900: fix migration and smoketests
|
|
wireless: T6462: add op-mode command for hostapd and wpa_supplicant logs
|
|
op-mode: T6471: add optimized get_config_dict
|
|
Commit 770edf016838523 ("T3900: T6394: extend functionalities in firewall")
changed the position in the CLI for conntrack timeout. This lead to failing
smoketests because of a regression in the migrator.
|
|
|
|
|
|
T6442: CGNAT add log for address allocation
|
|
vyos.utils: T5195: import vyos.cpu to this package
|
|
T6467: add PR checks workflows for sagitta branch
|
|
Add the configuration command to log current CGNAT allocation
set nat cgnat log-allocation
|
|
T6219: Add support for container sysctl parameter
|
|
|
|
|
|
* monitor log wireless hostapd [interface <name>]
* monitor log wireless wpa-supplicant [interface <name>]
* show log wireless hostapd [interface <name>]
* show log wireless wpa-supplicant [interface <name>]
|
|
The intention of vyos.utils package is to have a common ground for repeating
actions/helpers. This is also true for number of CPUs and their respective
core count.
Move vyos.cpu to vyos.utils.cpu
|
|
op-mode: T6424: ipsec: honor certificate CN and CA chain during profile generation
|
|
pki: T6463: reverse-proxy service not reloaded when updating SSL certificate(s)
|
|
pki: T6464: sstpc interface not reloaded when updating SSL certificate(s)
|
|
firewall: T3900: T6394: remove unused import
|