summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-29tacacs: T141: Wrap string in double quotes to allow expansionIndrajit Raychaudhuri
2023-12-29smoketest: T5688: pppoe-server support multiple client-ip-pool subnetsChristian Breunig
2023-12-29dhcp: T3316: Add `_kea` user as vyattacfg group memberIndrajit Raychaudhuri
Allowing `_kea` to be a member of `vyattacfg` group allows kea-dhcp{4,6}-server to have access to DHCP lease directory under `/config/` and thus have ability to manipupate the leases files.
2023-12-29Merge pull request #2704 from c-po/template-t5869Christian Breunig
vyos.template: T5869: first_host_address() does not honor RFC4291 section 2.6.1
2023-12-29Merge pull request #2709 from c-po/nat-T5681Christian Breunig
nat: T5681: relax wording on non existing interface Warning message
2023-12-29Merge pull request #2710 from c-po/container-smoketestViacheslav Hletenko
smoketest: T5867: extend container tests for IPv4 and IPv6 networks
2023-12-29T5688: Fixed ip pool migration scripts for l2tp, sstp, pppoeaapostoliuk
Fixed migration 'subnet' option in l2tp, sstp, pppoe. 'subnet' option can contain several values.
2023-12-29smoketest: T5867: extend container tests for IPv4 and IPv6 networksChristian Breunig
2023-12-29nat: T5681: relax wording on non existing interface Warning messageChristian Breunig
Remove the word "error" from a Warning only message to not irritate the user.
2023-12-29tests: T5869: consolidate duplicated test casesChristian Breunig
We have had duplicated test cases in test_jinja_filters.py and test_template.py, They have been consolidated into test_template.py.
2023-12-29vyos.template: T5869: first_host_address() does not honor RFC4291 section 2.6.1Christian Breunig
The subnet router anycast address is predefined. Its format is as follows: | n bits | 128-n bits | +------------------------------------------------+----------------+ | subnet prefix | 00000000000000 | +------------------------------------------------+----------------+ The "subnet prefix" in an anycast address is the prefix that identifies a specific link. This anycast address is syntactically the same as a unicast address for an interface on the link with the interface identifier set to zero. Packets sent to the Subnet-Router anycast address will be delivered to one router on the subnet. All routers are required to support the Subnet-Router anycast addresses for the subnets to which they have interfaces. The Subnet-Router anycast address is intended to be used for applications where a node needs to communicate with any one of the set of routers. Our code as of now returns the subnet router anycast address as the first_host_address().
2023-12-29smoketest: T5840: fix for latest CLI changes in mac address nodeChristian Breunig
2023-12-29dhcp: T3316: Adjust kea lease files' location and permissionsIndrajit Raychaudhuri
Move the kea lease file to a separate directory `/config/dhcp` that `kea` process can write to so that subprocesses spawned by `kea` process can operate on the lease files. To allow `kea` process to write to `/config/dhcp`, add `_kea` user to `vyattacfg` group. And the lease files are owned completely by `_kea` user to play well with `kea-lfc` process. Specifically, this is necessary for `kea-lfc` which is spawned by `kea` process to clean up expired leases. Since `kea-lfc` creates additional backup lease files, it needs write access to the lease file directory. Additionally, change the extension of the lease file from `.leases` to `.csv` to reflect the actual file format.
2023-12-28Merge pull request #2703 from c-po/ddclient-t5852Daniil Baturin
ddclient: T5852: add missing priority
2023-12-28ddclient: T5852: add missing priorityChristian Breunig
Running ddclient on a VLAN interface will fail during reboot as there is no discrete priority to tell that the dynamic DNS service needs to be started after the interfaces.
2023-12-28Merge pull request #2699 from c-po/container-t5867Christian Breunig
container: T5867: disable healthchecks due to upstream issue
2023-12-28Merge pull request #2698 from c-po/t5866-radvdChristian Breunig
op-mode: T5866: Add command to restart IPv6 RA daemon
2023-12-28container: T5867: disable healthchecks due to upstream issueChristian Breunig
conmon 402de34b31388b5a2e1c <error>: Unable to send container stderr message to parent Broken pipe https://github.com/containers/conmon/issues/438
2023-12-28op-mode: T5866: Add command to restart IPv6 RA daemonChristian Breunig
vyos@vyos:~$ restart router-advert
2023-12-28container: T5829: fix base key "container" re-use in for loopChristian Breunig
2023-12-28container: T5829: verify container network used supports the given AFIChristian Breunig
2023-12-28Merge pull request #2658 from aapostoliuk/T5801-circinusChristian Breunig
T5801: Rewritten L2TP to get_config_dict
2023-12-28Merge pull request #2695 from aapostoliuk/T5842-circinusChristian Breunig
T5842: Rewritten PPTP to get_config_dict
2023-12-28Merge pull request #2650 from indrajitr/kea-reservation-fixChristian Breunig
dhcp: T3316: Support hostname, DUID and MAC address in reservation
2023-12-27T5842: Rewritten PPTP to get_config_dictaapostoliuk
Rewritten PPTP to get_config_dict Fixed 'dynamic-author' commands. These commands did not create anything in accel-ppp config.
2023-12-27Merge pull request #2693 from aapostoliuk/T5859-circinusChristian Breunig
T5859: Fixed format of pool range in the accel-ppp config
2023-12-27Merge pull request #2651 from indrajitr/firewal-rename-enable-default-logChristian Breunig
firewall: T5834: Rename 'enable-default-log' to 'default-log'
2023-12-27T5859: Fixed format of pool range in the accel-ppp configaapostoliuk
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y' to 'x.x.x.x-y'
2023-12-26firewall: T5834: Improve log message and simplify log-option includeIndrajit Raychaudhuri
`include/firewall/rule-log-options.xml.i` is now more aptly renamed to `include/firewall/log-options.xml.i`.
2023-12-26firewall: T5834: Remove vestigial include fileIndrajit Raychaudhuri
This file is a left over from previous refactoring and no longer referenced anywhere in the interface definitions.
2023-12-26firewall: T5834: Add support for default log for route policyIndrajit Raychaudhuri
One can now do `set policy route foo default-log` which will add log to the policy route chain.
2023-12-26firewall: T5834: Migration for 'enable-default-log' to 'default-log'Indrajit Raychaudhuri
2023-12-26firewall: T5834: Rename 'enable-default-log' to 'default-log'Indrajit Raychaudhuri
Rename chain level defaults log option from `enable-default-log` to `default-log` for consistency.
2023-12-26Merge pull request #2691 from indrajitr/ddclient-update-20231224-02Christian Breunig
ddclient: T5144: Warn against configuration with broken IP lookup service
2023-12-26ddclient: T5144: Warn against configuration with broken IP lookup serviceIndrajit Raychaudhuri
We always enable HTTPS in ddclient configuration, however `http://checkip.dyndns.org` is HTTP only and does not support HTTPS. Warn the user if they are using this service. Also, make `url` in `web-options` mandatory.
2023-12-26Merge pull request #2686 from indrajitr/ddclient-update-20231224-01Christian Breunig
ddclient: T5144: Migrate web-options url to stricter format
2023-12-25Merge pull request #2689 from c-po/eee-t5311-t5566Daniil Baturin
ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces
2023-12-25ethernet: T5566: disable energy efficient ethernet (EEE) for interfacesChristian Breunig
VyOS is a routing (packet pushing) platform, thus supporting EEE which potentially causes issues is not a good idea. Some recent Intel drivers enable EEE by default, thus we will disable this for every NIC supporting EEE.
2023-12-25Merge pull request #2687 from c-po/lldp-snmp-t5855Christian Breunig
snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"
2023-12-25snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"Christian Breunig
2023-12-25snmp: T5855: add GPL license headerChristian Breunig
2023-12-25ddclient: T5144: Migrate web-options url to stricter formatIndrajit Raychaudhuri
Legacy ddclient allowed arbitrary URLs in web-options, but the new has stricter validations. Apply migration to the old URLs. Also migrate checkip.dyndns.org to https://domains.google.com/checkip for better TLS support.
2023-12-24ddclient: T5791: Adjust migration to normalize underscore in config namesIndrajit Raychaudhuri
2023-12-24Merge pull request #2682 from c-po/node-changed-t5837Christian Breunig
configdict: T5837: add support to return added nodes when calling node_changed()
2023-12-24Merge pull request #2683 from c-po/snmp-T5865Viacheslav Hletenko
snmp: 5856: fix service removal error
2023-12-24snmp: 5856: fix service removal errorChristian Breunig
When deleting SNMP from CLI the 'delete' key was not honored in the config dictionary, leading to a false process startup causing the following error: Job for snmpd.service failed because the control process exited with error code. See "systemctl status snmpd.service" and "journalctl -xeu snmpd.service" for details.
2023-12-24configdict: T5837: add support to return added nodes when calling node_changed()Christian Breunig
In the past, node_changed() suggested it would also return nodes that got added (function comment) but in reality only deleted keys got accounted for. This commit changes the signature and adds an argument expand_nodes to specify the users interest of a node was deleted (default), added (expand_nodes=Diff.ADD) or even both (expand_nodes=Diff.ADD|Diff.DELETE).
2023-12-24T5837: cleanup use of calls to vyos.configdict.node_changed()Christian Breunig
node_changed() will return a list of changed keys under "path". We are not always interested what changed, sometimes we are only interested if something changed at all, that what vyos.configdict.is_node_changed() is for.
2023-12-24Merge pull request #2677 from sever-sever/T160Christian Breunig
T160: NAT64 add match firewall mark feature
2023-12-24T160: NAT64 add match firewall mark featureViacheslav Hletenko
Match mark allows to use firewall marks of packet to use a specific pool Example of instance config /run/jool/instance-100.json ``` ... "pool4": [ { "protocol": "TCP", "prefix": "192.0.2.10", "port range": "1-65535", "mark": 23 }, ... ```