summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-05-28Policy: T4449: Extend matching options for route-map ip nexthopNicolas Fort
2022-05-28smoketest: rip: T4448: improve class startup timeChristian Poessinger
2022-05-28rip: T4448: add support for explicit version selectionChristian Poessinger
2022-05-27Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8Nicolas Fort
2022-05-27dhcp6: pd: T4447: bugfix sla-id limits (must be greater then 128Christian Poessinger
The sla-id parameter of DHCPv6 prefix delegations is limited to 128. While this is enough to use all /64 subnets of a /57 prefix, with a /56 prefix that is no longer sufficient. Increased sla-id length tp 64535 so one could delegate an entire /48.
2022-05-26http-api: T3412: remove unneeded packagesJohn Estabrook
2022-05-26sstp: T4444. Port number changing supportgoodNETnick
2022-05-25Merge pull request #1333 from sever-sever/T4442John Estabrook
http-api: T4442: Add action reset
2022-05-26http-api: T4442: Add action resetViacheslav Hletenko
Add action 'reset' (op-mode) for HTTP-API http://localhost/reset curl --unix-socket /run/api.sock -X POST -Fkey=mykey \ -Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \ http://localhost/reset
2022-05-25Merge pull request #1331 from jestabro/configtest-errorsJohn Estabrook
configtest: T4382: errors exposed by revision of load-config
2022-05-25configtest: T4382: no migration to 'bgp local-as' under vrfJohn Estabrook
The migration script bgp/0-to-1 did not address 'protocols bgp ASN' -> 'protocols bgp local-as ASN' under a vrf. Move to configs.no-load for review on extending/adding a migration script.
2022-05-25configtest: T4382: missing block in migration script vrf/0-to-1John Estabrook
The config vrf-basic reveals a missing block in the migration script vrf/0-to-1, moving 'next-hop-vrf' to 'vrf'. As this only exists in Sagitta, modify script 0-to-1. Also, fix the 'system nt' typo seen in vrf-ospf.
2022-05-25configtest: T4382: missing 'ipv4-options' in 'interfaces openvpn'John Estabrook
As a result of the firewall/5-to-6 migration script, 'firewall options interface vtun0 adjust-mss' is moved to: 'interfaces openvpn vtun0 ip adjust-mss 1380' however, interfaces-openvpn.xml.in is missing the include file ipv4-options.xml.i. Add missing include file.
2022-05-25configtest: T4382: inconsistent ipsec component versionJohn Estabrook
The pki-ipsec sagitta-era config contains 'vpn ipsec ipsec-interfaces interface eth0' with ipsec component version ipsec@6, however, this construction is successfully moved by migration script ipsec/5-to-6. Consequently, this must have been an error in translation of the config file. Note that this is unrelated to the corrected error regarding an empty 'ipsec-interfaces' node. Move config to configs.no-load for review.
2022-05-25configtest: T4382: bgp_small_as has a nonsensical entryJohn Estabrook
bgp_small_as contains set commands such as: 'protocols static route 10.0.0.0/8 MY-NAS distance 254' which would appear to have no meaning, in any VyOS version. Move to config.no-load for analysis.
2022-05-25configtest: T4382: 'nat ... log' takes no 'enable' argumentJohn Estabrook
The component version in bgp-dmvpn-spoke is nat@5, however, 4-to-5 removes the boolean argument. It is confirmed that the migration script works correctly, hence, it must be a typo in translation; remove argument 'enable'.
2022-05-25configtest: T4382: system@20 cannot have 'user level' (16-to-17)John Estabrook
The config file isis-small has system@20, but 'user level' which was migrated in system/16-to-17; remove the line in the config, as there is no problem with the migration script in question.
2022-05-25configtest: T4382: remove typoJohn Estabrook
This is a typo in vrf-ospf: 'system nt' on the line before 'system ntp'.
2022-05-25configtest: T4382: bgp migration scripts need to follow quagga scriptsJohn Estabrook
The configs bgp_bfd_communities and bgp_big_as_cloud reveal a counterexample to the independence of component migration scripts: quagga migration scripts must precede those of bgp; explicitly reorder from lexical order.
2022-05-25configtest: T4382: fix missing delete of 'ipsec-interfaces' nodeJohn Estabrook
Migration of bgp-azure-ipsec-gateway and bgp_dmvpn_hub reveals that migration script ipsec/5-to-6 leaves the empty node 'ipsec-interfaces' after moving the interface; fix the migration script, as it is not yet in 1.3.
2022-05-25Merge pull request #1319 from goodNETnick/ocserv_sh_otp_keyViacheslav Hletenko
ocserv: T4420: show configured 2FA OTP key
2022-05-25Merge pull request #1088 from zdc/T4020-sagittaDaniil Baturin
FRR: T4020: Added CLI options for FRR daemons
2022-05-21smoketest: flow-accounting: T4437: adjust smoketest to new generated config ↵Christian Poessinger
syntax
2022-05-21flow-accounting: T4099: "source-address" must exist locallyChristian Poessinger
2022-05-21xml: flow-accounting: T4437: fix node helpChristian Poessinger
2022-05-21xml: nhrp: fix CLI descriptionChristian Poessinger
2022-05-21nhrp: T4353: use ".service" suffix on systemd nameChristian Poessinger
2022-05-21op-mode: T4390: add nhrp and flow-accounting loggingChristian Poessinger
2022-05-21flow-accounting: T4437: also install rule to IPv6 VYOS_CT_PREROUTING_HOOKChristian Poessinger
2022-05-21flow-accounting: T4437: bugfix IPv6 flow collector addressChristian Poessinger
2022-05-20Merge pull request #1317 from sever-sever/T4418Christian Poessinger
monitoring: T4418: Add output plugin azure-data-explorer
2022-05-20monitoring: T4418: Add output plugin azure-data-explorerViacheslav Hletenko
Add output telegraf Plugin Azure Data Explorer set service monitoring telegraf azure-data-explorer authentication client-id 'x' set service monitoring telegraf azure-data-explorer authentication client-secret 'x' set service monitoring telegraf azure-data-explorer authentication tenant-id 'x' set service monitoring telegraf azure-data-explorer database 'x' set service monitoring telegraf azure-data-explorer group-metrics 'single-table' set service monitoring telegraf azure-data-explorer url 'http://localhost.loc'
2022-05-19ipsec: T2816: add completion help for IP addresses to local-address nodeChristian Poessinger
2022-05-19dmvpn: nhrp: T4434: secret length can not exceed 8 charactersChristian Poessinger
2022-05-19Merge pull request #1329 from dmbaturin/T4432John Estabrook
T4432: display load averages normalized for the number of CPU cores
2022-05-19T4432: display load averages normalized for the number of CPU coresDaniil Baturin
2022-05-17op-mode: T4429: Ability to detect external IP addressViacheslav Hletenko
In some cases, it is useful to detect own external IP address for example if the host behind NAT Send curl request to random online service from the list to detect IP address ; show ip external ; 192.0.2.95
2022-05-16Merge pull request #1290 from sever-sever/T4373Christian Poessinger
ppppoe-server: T4373: Add option multiplier for correct shaping
2022-05-16pppoe-server: T4373: Add option multiplier for correct shapingViacheslav Hletenko
Multiplier option is required by some vendors for correct shaping For RADIUS based rate-limits edit service pppoe-server set authentication radius rate-limit multiplier '0.001'
2022-05-16ocserv: T4420: show configured 2FA OTP keygoodNETnick
2022-05-13smoketest: add sshguard allow-from caseChristian Poessinger
2022-05-13sshguard: T4408: rename whitelist-address -> allow-fromChristian Poessinger
We do not only allow individual host addresses but also prefixes.
2022-05-13Debian: T4408: add missing sshguard dependencyChristian Poessinger
2022-05-13Merge pull request #1320 from sever-sever/T4408Christian Poessinger
sshguard: T4408: Add service ssh dynamic-protection
2022-05-12sshguard: T4408: Add service ssh dynamic-protectionViacheslav Hletenko
Sshguard protects hosts from brute-force attacks Can inspect logs and block "bad" addresses by threshold Auto-generate rules for nftables When service stopped all generated rules are deleted nft "type filter hook input priority filter - 10" set service ssh dynamic-protection set service ssh dynamic-protection block-time 120 set service ssh dynamic-protection detect-time 1800 set service ssh dynamic-protection threshold 30 set service ssh dynamic-protection whitelist-address 192.0.2.1
2022-05-12vrrp: T4417: bugfix service startup priorityChristian Poessinger
2022-05-12conntrack: T3535: use "reload-or-restart" from systemdChristian Poessinger
2022-05-12vrrp: T3944: use "reload-or-restart" over individual code pathsChristian Poessinger
systemd has its internal reload or restart logic - we do not need to programm it on our own.
2022-05-12container: T2216: use warning over exception when container image does not existChristian Poessinger
2022-05-12Merge pull request #1323 from sever-sever/T4399Christian Poessinger
Revert "NHRP : T4399: fix issues restart nhrp when add or del tunnel"