summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-05-31pki: T3642: Enable `generate pki openvpn ...` to install into configsarthurdev
2022-05-30pki: T3642: Add ability to import files into PKi configurationsarthurdev
2022-05-30eigrp: T2773: bugfix Makefile - temporary code removalChristian Poessinger
2022-05-30Merge pull request #1342 from nicolas-fort/T4450Christian Poessinger
Policy: T4450: Expand options for ip|ipv6 address match.
2022-05-29Policy: T4450: Expand options for ip|ipv6 address match. Now support ↵Nicolas Fort
prefix-len on both matches. Also change help properties of route-source node.
2022-05-29xml: reword static routing completion helpChristian Poessinger
2022-05-29eigrp: T2472: add missing <multi/> specifier when redistributing protocolsChristian Poessinger
2022-05-29vyos.frr: T2472: add wigrpd supportChristian Poessinger
2022-05-29eigrp: T2472: add "local-as" CLI node to specify ASN like under BGPChristian Poessinger
2022-05-29eigrp: T2472: add basic template rendering and FRR communicationChristian Poessinger
2022-05-29rip: T4448: remove default version for RIPChristian Poessinger
Commit f9e38622 ("rip: T4448: add support to set protocol version on an interface level") also added the versionspecified on a per interface level. the RIp version carried a default value of 2 which makes RIPv1 and RIPv2 no longer working which is dthe default for FRR. Remove the default "2" from the RIP version specifier to make this behavior work again.
2022-05-29Merge branch 'eigrp' into currentChristian Poessinger
* eigrp: eigrp: T2472: disable protocol by default eigrp: T2472: add initial python helper eigrp: vrf: T2773: prepare XML definitions for VRF instance eigrp: T2473: add XML definitions
2022-05-29eigrp: T2472: disable protocol by defaultChristian Poessinger
2022-05-29eigrp: T2472: add initial python helperChristian Poessinger
2022-05-29eigrp: vrf: T2773: prepare XML definitions for VRF instanceChristian Poessinger
2022-05-29eigrp: T2473: add XML definitionssever-sever
2022-05-29Merge branch 'T4449' of https://github.com/nicolas-fort/vyos-1x into currentChristian Poessinger
* 'T4449' of https://github.com/nicolas-fort/vyos-1x: Policy: T4449: Extend matching options for route-map ip nexthop
2022-05-28rip: T4448: add support to set protocol version on an interface levelChristian Poessinger
2022-05-28xml: rip: T4448: rename include files to match schemaChristian Poessinger
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }
2022-05-28Policy: T4449: Extend matching options for route-map ip nexthopNicolas Fort
2022-05-28smoketest: rip: T4448: improve class startup timeChristian Poessinger
2022-05-28rip: T4448: add support for explicit version selectionChristian Poessinger
2022-05-27Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8Nicolas Fort
2022-05-27dhcp6: pd: T4447: bugfix sla-id limits (must be greater then 128Christian Poessinger
The sla-id parameter of DHCPv6 prefix delegations is limited to 128. While this is enough to use all /64 subnets of a /57 prefix, with a /56 prefix that is no longer sufficient. Increased sla-id length tp 64535 so one could delegate an entire /48.
2022-05-26http-api: T3412: remove unneeded packagesJohn Estabrook
2022-05-26sstp: T4444. Port number changing supportgoodNETnick
2022-05-25Merge pull request #1333 from sever-sever/T4442John Estabrook
http-api: T4442: Add action reset
2022-05-26http-api: T4442: Add action resetViacheslav Hletenko
Add action 'reset' (op-mode) for HTTP-API http://localhost/reset curl --unix-socket /run/api.sock -X POST -Fkey=mykey \ -Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \ http://localhost/reset
2022-05-25Merge pull request #1331 from jestabro/configtest-errorsJohn Estabrook
configtest: T4382: errors exposed by revision of load-config
2022-05-25configtest: T4382: no migration to 'bgp local-as' under vrfJohn Estabrook
The migration script bgp/0-to-1 did not address 'protocols bgp ASN' -> 'protocols bgp local-as ASN' under a vrf. Move to configs.no-load for review on extending/adding a migration script.
2022-05-25configtest: T4382: missing block in migration script vrf/0-to-1John Estabrook
The config vrf-basic reveals a missing block in the migration script vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in vrf-ospf.
2022-05-25configtest: T4382: missing 'ipv4-options' in 'interfaces openvpn'John Estabrook
As a result of the firewall/5-to-6 migration script, 'firewall options interface vtun0 adjust-mss' is moved to: 'interfaces openvpn vtun0 ip adjust-mss 1380' however, interfaces-openvpn.xml.in is missing the include file ipv4-options.xml.i. Add missing include file.
2022-05-25configtest: T4382: inconsistent ipsec component versionJohn Estabrook
The pki-ipsec sagitta-era config contains 'vpn ipsec ipsec-interfaces interface eth0' with ipsec component version ipsec@6, however, this construction is successfully moved by migration script ipsec/5-to-6. Consequently, this must have been an error in translation of the config file. Note that this is unrelated to the corrected error regarding an empty 'ipsec-interfaces' node. Move config to configs.no-load for review.
2022-05-25configtest: T4382: bgp_small_as has a nonsensical entryJohn Estabrook
bgp_small_as contains set commands such as: 'protocols static route 10.0.0.0/8 MY-NAS distance 254' which would appear to have no meaning, in any VyOS version. Move to config.no-load for analysis.
2022-05-25configtest: T4382: 'nat ... log' takes no 'enable' argumentJohn Estabrook
The component version in bgp-dmvpn-spoke is nat@5, however, 4-to-5 removes the boolean argument. It is confirmed that the migration script works correctly, hence, it must be a typo in translation; remove argument 'enable'.
2022-05-25configtest: T4382: system@20 cannot have 'user level' (16-to-17)John Estabrook
The config file isis-small has system@20, but 'user level' which was migrated in system/16-to-17; remove the line in the config, as there is no problem with the migration script in question.
2022-05-25configtest: T4382: remove typoJohn Estabrook
This is a typo in vrf-ospf: 'system nt' on the line before 'system ntp'.
2022-05-25configtest: T4382: bgp migration scripts need to follow quagga scriptsJohn Estabrook
The configs bgp_bfd_communities and bgp_big_as_cloud reveal a counterexample to the independence of component migration scripts: quagga migration scripts must precede those of bgp; explicitly reorder from lexical order.
2022-05-25configtest: T4382: fix missing delete of 'ipsec-interfaces' nodeJohn Estabrook
Migration of bgp-azure-ipsec-gateway and bgp_dmvpn_hub reveals that migration script ipsec/5-to-6 leaves the empty node 'ipsec-interfaces' after moving the interface; fix the migration script, as it is not yet in 1.3.
2022-05-25Merge pull request #1319 from goodNETnick/ocserv_sh_otp_keyViacheslav Hletenko
ocserv: T4420: show configured 2FA OTP key
2022-05-25Merge pull request #1088 from zdc/T4020-sagittaDaniil Baturin
FRR: T4020: Added CLI options for FRR daemons
2022-05-21smoketest: flow-accounting: T4437: adjust smoketest to new generated config ↵Christian Poessinger
syntax
2022-05-21flow-accounting: T4099: "source-address" must exist locallyChristian Poessinger
2022-05-21xml: flow-accounting: T4437: fix node helpChristian Poessinger
2022-05-21xml: nhrp: fix CLI descriptionChristian Poessinger
2022-05-21nhrp: T4353: use ".service" suffix on systemd nameChristian Poessinger
2022-05-21op-mode: T4390: add nhrp and flow-accounting loggingChristian Poessinger
2022-05-21flow-accounting: T4437: also install rule to IPv6 VYOS_CT_PREROUTING_HOOKChristian Poessinger
2022-05-21flow-accounting: T4437: bugfix IPv6 flow collector addressChristian Poessinger