summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-08-22graphql: T3993: add missing sys.exit()John Estabrook
2022-08-22bridge: T4632: vlan aware bridge lacks CPU forwardingChristian Poessinger
The VLAN aware bridge was forwarding traffic between member ports, but traffic destined torwards the CPU was dropped. This resulted in a gateway not reachable or DHCP leases that could not be handed out. Tested via: VyOS set interfaces bridge br0 enable-vlan set interfaces bridge br0 member interface eth1 allowed-vlan '10' set interfaces bridge br0 member interface eth1 allowed-vlan '20' set interfaces bridge br0 member interface eth1 allowed-vlan '30' set interfaces bridge br0 member interface eth1 allowed-vlan '40' set interfaces bridge br0 member interface eth1 native-vlan '40' set interfaces bridge br0 member interface eth2 allowed-vlan '30' set interfaces bridge br0 member interface eth2 allowed-vlan '20' set interfaces bridge br0 member interface eth2 allowed-vlan '10' set interfaces bridge br0 member interface eth2 allowed-vlan '40' set interfaces bridge br0 vif 10 address '10.0.10.1/24' set interfaces bridge br0 vif 20 address '10.0.20.1/24' set interfaces bridge br0 vif 30 address '10.0.30.1/24' set interfaces bridge br0 vif 40 address '10.0.40.1/24' Arista vEOS vlan 10,20,30,40 interface Ethernet1 switchport trunk allowed vlan 10,20,30,40 interface Vlan10 ip address 10.0.10.2/24 interface Vlan20 ip address 10.0.20.2/24 interface Vlan30 ip address 10.0.30.2/24 interface Vlan40 ip address 10.0.40.2/24 interface Ethernet1 switchport trunk allowed vlan 10,20,30,40 switchport mode trunk spanning-tree portfast Cisco vIOS interface GigabitEthernet0/0 ip address 10.0.40.3 255.255.255.0 duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 10.0.10.3 255.255.255.0 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip address 10.0.20.3 255.255.255.0 ! interface GigabitEthernet0/0.30 encapsulation dot1Q 30 ip address 10.0.30.3 255.255.255.0 !
2022-08-22BGP: T4634: Allow configuration of disable-connected-checkSander Klein
2022-08-20nat66: T4631: Add port and protocol to nat66Viacheslav Hletenko
Ability to configure src/dst/translation port and protocol for SNAT and DNAT IPv6
2022-08-20Merge pull request #1481 from sever-sever/T4597Christian Poessinger
ocserv: T4597: Fix check bounded port by service itself
2022-08-20ocserv: T4597: Fix check bounded port by service itselfViacheslav Hletenko
We check listen port before commit service if is port available and not bounded, but when we start openconnect our own port starts be bounded by "ocserv-main" process and next commit will be fail as port is already bound To fix it, extend check if port already bonded and it is not our self process "ocserv-main"
2022-08-19Merge pull request #1476 from sever-sever/T4620Christian Poessinger
UPnP: T4211: T4620 Fix upnp template
2022-08-19ethernet: T4538: fix wrong systemd unit used for EAPoLChristian Poessinger
When MACsec was bound to an ethernet interface and the underlaying source-interface got changed (even description only) this terminated the MACsec session running on top of it. The root cause is when EAPoL was implemented in commit d59354e52a8a7f we re-used the same systemd unit which is responsible for MACsec. That indeed lead to the fact that wpa_supplicant was always stopped when anything happened on the underlaying source-interface that was not related to EAPoL.
2022-08-19UPnP: T4611: Rule must be as prefix instead of an addressViacheslav Hletenko
From the doc miniupnpd IP/mask format must be nnn.nnn.nnn.nnn/nn Comment out invalid option "anchor"
2022-08-18firewall: T4622: Add TCP MSS optionViacheslav Hletenko
Ability to drop|accept packets based on TCP MSS size set firewall name <tag> rule <tag> tcp mss '501-1460'
2022-08-17nat: T538: Add static NAT one-to-oneViacheslav Hletenko
Ability to set static NAT (one-to-one) in one rule set nat static rule 10 destination address '203.0.113.0/24' set nat static rule 10 inbound-interface 'eth0' set nat static rule 10 translation address '192.0.2.0/24' It will be enough for PREROUTING and POSTROUTING rules Use a separate table 'vyos_static_nat' as SRC/DST rules and STATIC rules can have the same rule number
2022-08-16Merge pull request #1475 from sever-sever/T4613Christian Poessinger
upnp: T4613: Verify listen key in dictionary
2022-08-16Merge pull request #1474 from DaniilHarun/currentChristian Poessinger
T4619: Replacing instead of adding a static arp entry
2022-08-16UPnP: T4620: Fix Jinja2 template rulesViacheslav Hletenko
2022-08-16upnp: T4613: Verify listen key in dictionaryViacheslav Hletenko
There is no check if 'listen' is exist in the dictionary, fix it Fix odd ValueHelp format
2022-08-16T4619: Replacing instead of adding a static arp entryDaniilHarun
2022-08-16Merge pull request #1462 from sever-sever/T4596Christian Poessinger
ocserv: T4596: Rewrite show openconnect sessions op-mode
2022-08-16Debian: T4584: remove version number from hostap package requirementChristian Poessinger
2022-08-16Merge pull request #1471 from mkorobeinikov/currentChristian Poessinger
dhcp-relay: T4601: restart dhcp relay-agent
2022-08-16dhcp-relay: T4601: restart dhcp relay-agentmkorobeinikov
The command "restart dhcp relay-agent" doesn't restart "isc-dhcp-relay" service.
2022-08-15ocserv: openconnect: T4614: add support for split-dnsChristian Poessinger
set vpn openconnect network-settings split-dns <domain>
2022-08-15smoketest: ocserv: implement config file validationChristian Poessinger
2022-08-15ocserv: T4333: migrate to new vyos_defined Jinja2 testChristian Poessinger
2022-08-15Merge pull request #1468 from sever-sever/T4609Christian Poessinger
container: T4609: Fix restart container
2022-08-15container: T4609: Fix restart containerViacheslav Hletenko
Add 2 dashes for arg "name"
2022-08-15Merge pull request #1465 from sever-sever/T4595Christian Poessinger
dmvpn: T4595: Fix dpd profile options
2022-08-11Merge pull request #1464 from sever-sever/T4603Christian Poessinger
l2tp: T4603: Add RADIUS nas-ip-address option
2022-08-10dmvpn: T4595: Fix dpd profile optionsViacheslav Hletenko
Fix template for configuration DMVPN IKE profile dead-peer-detection delay and dead-peer-detecion timeout options
2022-08-10l2tp: T4603: Add RADIUS nas-ip-address optionViacheslav Hletenko
Add l2tp authentication radius nas-ip-address option which will be sent in NAS-IP-Address Radius attribute
2022-08-08Merge pull request #1461 from nicolas-fort/nat66-excludeChristian Poessinger
nat66: T4598: Add exclude options in nat66
2022-08-08nat66: T4598: add file nat-exclue.xml.i, which is invoked by nat66.xml.in ↵Nicolas Fort
and nat-rule.xml.i
2022-08-06ocserv: T4596: Rewrite show openconnect sessions op-modeViacheslav Hletenko
Rewrite "show openconnect-server sessions" to vyos.opmode format Ability to get raw and formatted output Ability to get data via API
2022-08-05Merge pull request #1460 from sever-sever/T4597Christian Poessinger
ocserv: T4597: Check bind port before openconnect commit
2022-08-05nat66: T4598: Add exclude options in nat66Nicolas Fort
2022-08-05ocserv: T4597: Check bind port before openconnect commitViacheslav Hletenko
Check if openconnect listen port is available and not used by another service
2022-08-05Merge pull request #1459 from dmbaturin/genop-exnViacheslav Hletenko
T2719: add an exception hierarchy for op mode errors
2022-08-05bgp: T4257: bugfixes after renaming "local-as" to "system-as"Christian Poessinger
2022-08-04Merge https://github.com/Cheeze-It/vyos-1x into currentChristian Poessinger
* https://github.com/Cheeze-It/vyos-1x: bgp: T4257: Changing BGP "local-as" to "system-as"
2022-08-04macsec: T4537: macsec_csindex can be set even without encryptionChristian Poessinger
2022-08-04smoketest: macsec: T4537: validate macsec_csindex for both AES-GCM-128 and ↵Christian Poessinger
AES-GCM-256
2022-08-04T2719: add an exception hierarchy for op mode errorsDaniil Baturin
2022-08-04Merge pull request #1457 from sever-sever/T4586Christian Poessinger
nat66: T4586: Add SNAT destination prefix and DNAT address
2022-08-04ipsec: T4594: Rewrite op-mode show vpn ipsec saViacheslav Hletenko
Rewrite op-mode "show vpn ipsec sa" to new format Use vyos.opmode format Ability to get raw and formatted output
2022-08-04graphql: T4544: Add ipsec.py to op-mode-standardized.jsonViacheslav Hletenko
Add overwritten script 'ipsec.py' to 'op-mode-standardized.json'
2022-08-04utils: T4594: Add convert_data utilViacheslav Hletenko
Convert multiple types of data to types usable in CLI For example 'vici' returns values in bytestring/bytes and we can decode them all at once
2022-08-04macsec: T4592: can not create two interfaces using the same source-interfaceChristian Poessinger
2022-08-04vyos.config.configdict: T4592: only print interface name, not interface dict ↵Christian Poessinger
on error
2022-08-04smoketest: macsec: T4537: verify macsec_csindexChristian Poessinger
2022-08-03Merge pull request #1369 from nicolas-fort/T4480Daniil Baturin
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config
2022-08-03nat66: T4586: Add SNAT destination prefix and DNAT addressViacheslav Hletenko
Ability to configure SNAT destination prefix and DNAT source address Add option "!" - not address/prefix for NAT66