summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-11-17openvpn: T3995: implement systemd reload supportChristian Poessinger
(cherry picked from commit eceaa3a787929f5a514b9c45da52936c0d4d4a54)
2021-11-17OpenVPN: T3350: Changed custom options for OpenVPN processingzsdc
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing. (cherry picked from commit 3fd2ff423b6c6e992b2ed531c7ba99fb9e1a2123)
2021-11-17T3912: add additional newline after "Welcome to VyOS"Christian Poessinger
(cherry picked from commit 77eca49bffede005f546b7d9d3660bf2e32c7e8e)
2021-11-15graphql: T3993: add config file save/loadJohn Estabrook
(cherry picked from commit 8915a19f7761253b7bdf6ca847069539ee33851d)
2021-11-15graphql: T3993: move schema generation to bindings.py; clean up for lintingJohn Estabrook
(cherry picked from commit 9e2694b24b06d928240522322c9a6d60c7a7d290)
2021-11-15l2tp: T3724: allow setting accel-ppp l2tp host-nameMarek Isalski
(cherry picked from commit 3d00140453b3967370c77ddd9dac4af223a7ddce)
2021-11-14dhcp-server: T3982: dot (.) is an allowed static-mapping characterChristian Poessinger
This reverts a part of commit ac682795b7d69f11076ddf022c3452e411a0fdc5. (cherry picked from commit 1353757247c027f6352000a9450b502c25c460c8)
2021-11-10dhcp-server: T3982: remove support for invalid characters . and +Christian Poessinger
(cherry picked from commit c45e4beadf30accb1838b3bad1f21c2146469bf8)
2021-11-08T3912: remove duplicate "Welcome to VyOS!" already shown by pre-loginChristian Poessinger
(cherry picked from commit 73be449b1cd09f3ca86400753630fb4804fbeca7)
2021-11-07http-api: T2768: update dhcp-server example for migration 5-to-6John Estabrook
(cherry picked from commit dc9a2821d063a96681d6cb1d962618829b71937d)
2021-11-07http-api: T3440: give uvicorn time to initialize before starting NginxJohn Estabrook
(cherry picked from commit 889e16a77517549fb833a90d047455533be02f06)
2021-11-07http-api: T2768: add README.graphqlJohn Estabrook
(cherry picked from commit 5b69aad5bfe1fd1dfc51afb1d4b6323028009deb)
2021-11-07http-api: T2768: example using GraphQL for high-level config operationsJohn Estabrook
(cherry picked from commit b168b4cc7da456f14714d917cdc7a1c6b8df9af5)
2021-11-07vyos.template: T2720: allow setting template directoryJohn Estabrook
(cherry picked from commit d3d4e3bedcc0b43e16554b1832b43da9d41e651f)
2021-11-07http-api: T3616: update for strict content-type check in FastAPI 0.65.2John Estabrook
FastAPI 0.65.2 checks content-type request header before assuming JSON, closing a well-known loophole. This requires a modification of the code providing backwards compatibility of multipart forms. (cherry picked from commit 3a9041e2d4d4a48ba7c01439e69c5f86a4a850c2)
2021-11-07http api: T3412: use FastAPI as web framework; support application/jsonJohn Estabrook
Replace the Flask micro-framework with FastAPI, in order to support extensions to the API and OpenAPI 3.* generation. This change will remain backwards compatible with previous versions. Notably, the multipart forms version of requests remain supported; in addition application/json requests are now natively supported. (cherry picked from commit 0125fff200efe3259aa25953e7505f69679261f8)
2021-11-07T3912: use a more informative default login bannerChristian Poessinger
(cherry picked from commit 5d39a113bdef82e201aa43f848217c30db2f6fd9)
2021-11-07bonding: T1614: add constraint on member interface names to be usedChristian Poessinger
(cherry picked from commit a4cf71912d52de4398273405b5682d8da5e1dbe3)
2021-11-05smoketest: T3972: test removal of vif-c interfacesChristian Poessinger
(cherry picked from commit ab111d56410753929979b06899912ea036819405)
2021-11-05vyos.configdict: T3972: bugfix QinQ vif-c removal triggered KeyErrorChristian Poessinger
Generic get_removed_vlans() function replaced the entire config dict when any QinQ vif-c subinterface was deleted. (cherry picked from commit b3be36586c85005538d5cc994c7c9694b9907d81)
2021-11-04sstp: accel-ppp: T3964: add missing input validator for static-ip assignmentChristian Poessinger
(cherry picked from commit b8f702bc7b6e92b8841271b4a2355d2b65ccb247)
2021-11-03sstp: T2566: use XML defaultValue over Jinja2 hardcoded valueChristian Poessinger
2021-11-03Merge pull request #1060 from sever-sever/T2566Christian Poessinger
sstp: T2566: Fix to allow IPv6 only pools
2021-11-02sstp: T2566: Fix to allow IPv6 only poolsViacheslav
To allow IPv6 only for vpn sstp sessions we have to add 'ppp-options' which can disable IPv4 allocation explicity. Additional IPv6 ppp-options and fix template for it.
2021-11-01dhclient: T3940: Added lease file argument to the `dhclient -x` callzsdc
When `dhclient` with the `-x` option is used to stop running DHCP client with a lease file that is not the same as in the new `dhclient` process, it requires a `-lf` argument with a path to the old lease file to find information about old/active leases and process them according to instructions and config. This commit adds the option to the `02-vyos-stopdhclient` hook, which allows to properly process `dhclient` instances started in different ways. (cherry picked from commit 393970f9ee5b3dfc58e0e999d3d5941a198b2c6f)
2021-10-31tunnel: T3956: GRE key check must not be run on our own interface instanceChristian Poessinger
2021-10-31netflow: T3953: use warning if "netflow source-ip" does not exist instead of ↵Christian Poessinger
error (cherry picked from commit 17215846b512851e7df8cdfcfc06c18b1d27f763)
2021-10-31smoketest: config: add DMVPN hub and spoke examplesChristian Poessinger
(cherry picked from commit 062422db04f5ec6fd0a769f0d71faf4efa2d377f)
2021-10-31console: udev: T3954: adjust rule script to new systemd-udev versionChristian Poessinger
We can no longer use bash veriable string code vor string manipulation. Move to a more robust "cut" implementation. (cherry picked from commit 513e951f3e1358ec6ff5424d03e8f4e9aa7c3388)
2021-10-31console: T3954: bugfix RuntimeError: dictionary keys changed during iterationChristian Poessinger
(cherry picked from commit f227987ccf41e01d4ddafb6db7b36ecf13148c78)
2021-10-29ipsec: T3643: Fix for show tunnels with state downViacheslav
The current op-mode for "show vpn ipsec sa" shows only tunnels which established (parent SA) and installed (child SA) If tunnel not installed it can't show correct information about this tunnel, in that case it can shows only parent sa state Get codebase for "show_ipsec_sa.py" (op-mode) from 1.4 branch where it was fixed.
2021-10-28Merge pull request #1050 from sever-sever/T3941-equChristian Poessinger
IPSec: T3941: Fix uptime for tunnels sa op-mode
2021-10-28IPSec: T3941: Fix uptime for tunnels sa op-modeViacheslav
The current uptime for tunnels is getting from parent SA That is incorrect as we should get value from child SA
2021-10-27vrrp: T3944: reload daemon instead of restart when already runningChristian Poessinger
This prevents a failover from MASTER -> BACKUP when changing any MASTER related configuration. (cherry picked from commit 2c82c9acbde2ccca9c7bb5e646a45fd646463afe)
2021-10-27Merge pull request #1046 from sever-sever/T3942-equChristian Poessinger
op-mode: T3942: Add feature generate IPSec debug-archive
2021-10-26op-mode: T3942: Add feature generate IPSec debug-archiveViacheslav
2021-10-24vyos.ethtool: T3935: relax __init__() when driver name is not detectedChristian Poessinger
In addition to commit 0b414bcd ("vyos.ethtool: T3874: do not throw exception if adapter has issues with autoneg") we should also not care too strict when locating the driver name. This might cause false positives. (cherry picked from commit 8cf5a4f023c5459cad4c84e93f73a9ddd69be81a)
2021-10-22Merge pull request #1039 from sever-sever/T2566Christian Poessinger
sstp: T2566: Fix verify section for pool ipv6 only
2021-10-22sstp: T2566: Fix verify section for pool ipv6 onlyViacheslav
2021-10-22tunnel: T3925: fix configtest - source-interface does not work with gretapChristian Poessinger
(cherry picked from commit 594c57d9b16cac5810f796f15ad7458bd0877435)
2021-10-21Merge pull request #1032 from ross211/dhclient-vyos-cleanupChristian Poessinger
dhclient hooks: T3920: avoid 'too many args' error when no vrf
2021-10-21dhcp-server: T3610: Allow configuration for non-primary ip addressViacheslav
(cherry picked from commit 78cfb949cc6bceab744271cf23f269276b178182)
2021-10-21dhcp: T3626: Prevent to disable only one configured networkViacheslav
(cherry picked from commit 9c825a3457a88a4eebc6475f92332822e5102889)
2021-10-21tunnel: T3925: dhcp-interface was of no use - use source-interface insteadChristian Poessinger
2021-10-20tunnel: T3921: bugfix KeyError for source-addressChristian Poessinger
2021-10-20dhcpv6-server: T3918: Fix subnets verify raise ConfigErrorViacheslav
(cherry picked from commit ead10909ba9104733930bb3f59c90610138bd047)
2021-10-20dhclient hooks: T3920: avoid 'too many args' error when no vrfRoss Dougherty
2021-10-13Merge pull request #1023 from Georgiy-Tugai/patch-1Christian Poessinger
T3904: Fix NTP pool associations
2021-10-13ntp: T3904: Fix NTP pool associationsGeorgiy Tugai
As of NTP 4.2.7, 'nopeer' also blocks pool associations. See https://bugs.ntp.org/show_bug.cgi?id=2657 See also https://github.com/geerlingguy/ansible-role-ntp/pull/84
2021-10-13dns: T3277: DNS Forwarding - reverse zones for RFC1918 addressesHard7Rock
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c) (cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)