summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-02-17vyos.configverify: T4255: fix unexpected print of dictionary instead of keyChristian Poessinger
(cherry picked from commit 9e626ce7bad2bd846826822a3622fedf2d937e09)
2022-02-17Merge pull request #1221 from sever-sever/T3686-equChristian Poessinger
openvpn: T3686: Fix for check local-address in script and tmpl
2022-02-17Merge pull request #1224 from sever-sever/T1972-equDaniil Baturin
vrrp: T1972: Ability to set IP address on not vrrp interface
2022-02-17wireless: T4240: bugfix interface bridgingChristian Poessinger
VLAN isolation can not be "set" when interface is of type wifi. (cherry picked from commit 1ceaed55a629c92cf42baccdef4106e8d0e4914e)
2022-02-16backport: policy: T4219: add local-route(6) incoming-interfaceHenning Surmeier
2022-02-16vrrp: T1972: Ability to set IP address on not vrrp interfaceViacheslav Hletenko
Ability to set virtual_address on not vrrp-listen interface Add ability don't track primary vrrp interface "exclude-vrrp-interface" Add ability to set tracking (state UP/Down) on desired interfaces For example eth0 is used for vrrp and we want to track another eth1 interface that not belong to any vrrp-group set high-avail vrrp group WAN interface 'eth0' set high-avail vrrp group WAN virtual-address 192.0.2.222/24 interface 'eth2' set high-avail vrrp group WAN track exclude-vrrp-interface set high-avail vrrp group WAN track interface 'eth1'
2022-02-15Merge pull request #1222 from DmitriyEshenko/eq-1x-15022022Christian Poessinger
dhcpv6-server: T3494: Get address from network to correct sorting
2022-02-15dhcpv6-server: T3494: Get address from network to correct sortingDmitriyEshenko
2022-02-15openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template (cherry picked from commit 230ac0a202acd7ae9ad9bccb9e777ee5a0e0b7b7)
2022-02-14backport: policy: T4151: bugfix smoketestHenning Surmeier
.sort() is an inplace operation and return None...
2022-02-14backport: policy: T4151: remove all previous rules on editHenning Surmeier
2022-02-14backport: policy: T4151: Bugfix policy ipv6-local-routeHenning Surmeier
2022-02-14backport: policy: T4151: Add policy ipv6-local-routeHenning Surmeier
Adds support for `ip -6 rule` policy based routing. Also, extends the existing ipv4 implemenation with a `destination` key, which is translated as `ip rule add to x.x.x.x/x` rules. https://phabricator.vyos.net/T4151
2022-02-14tunnel: T4154: import cleanupChristian Poessinger
(cherry picked from commit 122c7a53575f67759f157e02eca776f799658dc1)
2022-02-14tunnel: T4154: verify() no more then one GRE tunnel is used w/o "ip key" per ↵Christian Poessinger
interface It is impossible for the OS kernel to distinguish multiple GRE tunnels when no "gre key" is configured when sourcing tunnels from the same interface. (cherry picked from commit 6f1326d6b68f6dcb83843374c876407ef2922bd1)
2022-02-13vrf: T4191: bugfix for "ip rule" when VRFs are createdChristian Poessinger
We always mangled and worked on the "ip rule" singleton even when nothing needed to be changed. This resulted in a VRF hickup when the same VRF was added and removed multiple times. set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit delete interfaces ethernet eth1 vrf delete vrf commit set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit broke reachability on eth1 - a reboot was required. This change will now only alter the ip rule tables once when VRF instances are created for the first time and will not touch the Kernel "ip rule" representation afterwards. (cherry picked from commit 2cec431e5caf9df85640f707cd6dc3077c17c238)
2022-02-13vyos.util: T4191: add new sysctl() helper functionChristian Poessinger
(cherry picked from commit b40315b3c5051888f499961e63410e14c5d1bad7)
2022-02-13ethernet: T4242: speed/duplex can never be switched back to auto/autoChristian Poessinger
(cherry picked from commit 812d9770619b968b04961aebf3944fde13df491b)
2022-02-13xml: ssh: T4233: sync regex for allow/deny usernames to "system login"Christian Poessinger
(cherry picked from commit d96bab4e6da517f07133667834cd6f8bcfb5160f)
2022-02-11Merge pull request #1218 from sever-sever/T4237Christian Poessinger
conntrack-sync: T4237: Fix checks for listen-address list to str
2022-02-11conntrack-sync: T4237: Fix checks for listen-address list to strViacheslav Hletenko
Verify section conntrack_sync.py funciton 'is_addr_assigned' should checks address as string not as list
2022-02-11smoketest: T3872: Fix token check for monitoring testViacheslav Hletenko
As INFLUX_TOKEN is present in override.conf.tmpl environment we expect variable "$INFLUX_TOKEN" in the telegraf template and config but not value of the token (cherry picked from commit 19f65290529ac642da419ac77003ddaa70d0cc67)
2022-02-09openvpn: T4230: Delete checks if local-host address assignedViacheslav Hletenko
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address
2022-02-09Merge pull request #1212 from sever-sever/T3872-eq-1xChristian Poessinger
monitoring: T3872: Add new feature service monitoring telegraf
2022-02-08monitoring: T3872: Add new feature service monitoring telegrafViacheslav Hletenko
2022-02-08smoketest: T3872: Add smoketest for monitoring telegrafViacheslav Hletenko
2022-02-08monitoring: T3872: Add tamplates for monitoringViacheslav Hletenko
2022-02-08monitoring: T3872: Add CLI XML for configuration telegrafViacheslav Hletenko
2022-02-08monitoring: T3872: Add required telegraf version >=1.20Viacheslav Hletenko
2022-02-06smoketest: bond: T4228: verify bond member is only used onceChristian Poessinger
(cherry picked from commit b4185f8356d69476292906ebe32daf1c4867601a)
2022-02-06config: T4228: is_member() must return all instances not only the last oneChristian Poessinger
(cherry picked from commit 5e7e96380b314587bbd8bd584848d39caef86f3f)
2022-02-05vrrp: T4226: transition-script does not work for groups containing a hypen (-)Christian Poessinger
(cherry picked from commit 11a900e706db59459314622050ced7d4117f090b)
2022-02-05Merge pull request #1204 from sever-sever/T4193-equChristian Poessinger
firewall-bridge: T4193: Add op-mode for firewall policy
2022-02-05T4227:Bridge: Typo in completion help of hello-time optionsrividya0208
There is spelling mistake in "advertisement" of hello-time option's completion help (cherry picked from commit b10baca3c8663e7e56eb9abfb3c03ce576c34f1f)
2022-02-03firewall-bridge: T4193: Add op-mode for firewall policyViacheslav Hletenko
2022-01-24Merge pull request #1187 from goodNETnick/dhcp-client-prefix_1.3Christian Poessinger
DHCP: T4196: fix client-prefix-length parameter
2022-01-23DHCP: T4196: fix client-prefix-length parametergoodNETnick
2022-01-16smoketest: ntp: T4184: check for "restrict default ignore" presencexChristian Poessinger
(cherry picked from commit 3ef881fcc3aada5846e3dd9ec20054c0e7261f46)
2022-01-16smoketest: ntp: re-organize testcasesChristian Poessinger
Drop the overcomplex function get_config_value() to search for NTPd configuration values. Rather assemble the required string and probe for its presence in the configuration like we do on most other smoketests. (cherry picked from commit ba9dc4c2ff89a7a71b84bc84db20e89f604919f2)
2022-01-16Merge pull request #1172 from sever-sever/T4184-equChristian Poessinger
ntp: T4184: Fix allow-clients address 1.3
2022-01-15ntp: T4184: Fix allow-clients addressViacheslav
NTP-server with option "allow-clients address x.x.x.x" should accept requests only from clients addresses which declared in configuration if this option exists Add "restrict default ignore" to fix it, in another case it responce to any address (cherry picked from commit 40f0e78dd94691d54ffd4d2e270ed071e2d2513a)
2022-01-15Merge pull request #1170 from sever-sever/T4183-equChristian Poessinger
T4183: T4110: Ability to set IPv6-link-local addresses for services and wg
2022-01-15listen-address: T4110: Ability to set IPv6 link-local for servicesViacheslav
Add ability to set for services like "SSH/NTP" listen IPv6 link-local addresses
2022-01-15wireguard: T4183: Allow setting ipv6 link local addres for peerViacheslav
Allow setting ipv6-link-local addresses as peer address for wireguard interfaces Add validator "ipv6-link-local"
2022-01-11remote: T3950: Gracefully handle chained exceptionserkin
2022-01-10Merge pull request #1146 from sever-sever/T3299-equChristian Poessinger
squid: T3299: Add listen address 0.0.0.0
2022-01-09keepalived: T4128: add missing keepalived.service fileChristian Poessinger
(cherry picked from commit 5a73c946000902f6e445b0803ca090f7fc6e0954)
2022-01-09keepalived: T4128: add systemd option Type=simpleChristian Poessinger
Without this option systemd startup will hit a timeout and the kill keepalived again. (cherry picked from commit 2a279f48e208b90c91eac5d6c5855e65cee39018)
2022-01-09squid: T3299: Add listen address 0.0.0.0sever-sever
(cherry picked from commit 1a74e6b3ce061f3c866bcb3f119ee5c73b0c6796)
2022-01-06vrrp: T4141: bugfix missing {% if %} clause when adding sync-groupsChristian Poessinger
(cherry picked from commit 0a91c5de32b52235f4c9c12a6ec34c017011c3df)