summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-02-07Merge pull request #2953 from sever-sever/T6021Christian Breunig
T6021: Fix QoS shaper r2q calculation
2024-02-07T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication.
2024-02-07vrf: T5973: module is now statically compiled into the kernelChristian Breunig
Always enable VRF strict_mode
2024-02-07T6021: Fix QoS shaper r2q calculationViacheslav Hletenko
The current calculation `r2q` is wrong as it uses `Floor division` but expecting `division` This way `math.ceil` calculate wrong value as we expect round a number upward to its nearest integer For example for speed 710 mbits expected value `444` but we get `443` ``` from math import ceil MAXQUANTUM = 200000 speed = 710000000 speed_bps = int(speed) // 8 >>> speed_bps // MAXQUANTUM 443 >>> speed_bps / MAXQUANTUM 443.75 >>> >>> >>> ceil(speed_bps // MAXQUANTUM) 443 >>> ceil(speed_bps / MAXQUANTUM) 444 >>> ```
2024-02-06Merge pull request #2941 from jestabro/cleanup-waitJohn Estabrook
image-tools: T6016: wait for umount in cleanup function
2024-02-06Merge pull request #2946 from sever-sever/T5921Christian Breunig
T5921: Fix OpenConnect verify for local users
2024-02-06T5921: Fix OpenConnect verify for local usersViacheslav Hletenko
Fix verify error for the VPN OpenConnect configuration with local authentication and without any user File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 94, in verify if not ocserv["authentication"]["local_users"]: KeyError: 'local_users'
2024-02-06vpn: T3843: l2tp configuration not cleared after deletekhramshinr
vpn: T5926: IPSEC does not apply after l2tp configuration was changed added dependency between l2tp and ipsec conf added test for apply config to swanctl
2024-02-06Merge pull request #2943 from vyos/mergify/bp/current/pr-2942Daniil Baturin
op-mode:T6015:Fix for charon file generated by ipsec debug script (backport #2942)
2024-02-06op-mode:T6015:Fix the charon file generated by ipsec debug scriptsrividya0208
(cherry picked from commit 0c9c496961dc88110da53943a14dd88086ea920d)
2024-02-05image-tools: T6016: wait for umount in cleanup functionJohn Estabrook
2024-02-06Merge pull request #2936 from c-po/rpki-T6011Daniil Baturin
rpki: T6011: known-hosts-file is no longer supported by FRR
2024-02-06Merge pull request #2935 from c-po/rpkiDaniil Baturin
init: T2044: always start/stop rpki during system boot
2024-02-05Merge pull request #2937 from jestabro/overhead-advisory-updateJohn Estabrook
T6018: adjust smoketest for update to FastAPI web framework
2024-02-05T6018: adjust smoketest for update to FastAPI web frameworkJohn Estabrook
2024-02-03rpki: T6011: known-hosts-file is no longer supported by FRRChristian Breunig
2024-02-03init: T2044: always start/stop rpki during system bootChristian Breunig
2024-02-03Merge pull request #2932 from c-po/ipsec-T5998Christian Breunig
ipsec: T5998: add replay-windows setting
2024-02-03ipsec: T5998: add replay-windows settingChristian Breunig
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040>
2024-02-03Merge pull request #2931 from c-po/configdict-bugfixViacheslav Hletenko
configdict: T5894: preserve old behavior when dealing with PKI
2024-02-02configdict: T5894: preserve old behavior when dealing with PKIChristian Breunig
Commit b152b5202 ("configdict: T5894: add get_config_dict() flag with_pki") added the generic PKI flag but if there was no PKI subsystem available in the configuration, no pki dict key ever manifested in the resulting dictionary requested by the caller. This is different to the old behavior (which each caller implementing the call itself) where there always was a pki key present - even if it was empty. This triggered a bug in the IPSec script Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 600, in <module> verify(ipsec) File "/usr/libexec/vyos/conf_mode/vpn_ipsec.py", line 372, in verify verify_pki_rsa(ipsec['pki'], rsa) ~~~~~^^^^^^^ KeyError: 'pki' As it wanted to verify keys, but there was no pki dictionary key available. This commit restores the previous behavior.
2024-02-02Merge pull request #2748 from MattKobayashi/t5848Christian Breunig
qos: T5848: Add triple-isolate option to CAKE policy config
2024-02-02qos: T5848: improve flow-isolation help stringsChristian Breunig
2024-02-02Merge pull request #2889 from sarthurdev/kea-hooksChristian Breunig
dhcpv6: T3771: Installation of routes for delegated prefixes, add excluded-prefix to PD
2024-02-02Merge pull request #2927 from ishioni/T5955Christian Breunig
container: T5955: add uid/gid settings
2024-02-02smoketest: T5955: verify container uid/gid settingChristian Breunig
2024-02-02container: T5955: allow setting uid/gidPiotr Maksymiuk
2024-02-02Merge pull request #2891 from aapostoliuk/T5971-circinusViacheslav Hletenko
T5971: Rewritten ppp options in accel-ppp services
2024-02-01upnp: T5989: add ipv4-prefix as a valid option for UPnP ACLsChris Buechler
2024-02-01Merge pull request #2756 from nicolas-fort/T4839Christian Breunig
T4839: firewall: Add dynamic address group in firewall configuration
2024-02-01Merge pull request #2860 from indrajitr/ddclient-update-20240119Christian Breunig
ddclient: T5966: Adjust dynamic dns config address subpath
2024-02-01Merge pull request #2903 from HollyGurza/T5687Christian Breunig
dns forwarding: T5687: Implement ECS settings for PowerDNS recursor
2024-02-01smoketest: T5687: simplify "dns forwarding" test setupChristian Breunig
Commit eb76729d6324 ("dns forwarding: T5687: Implement ECS settings for PowerDNS recursor") added a helper "_set_required_options()" method to reduce duplicate code when setting up the base interface test. This refactors the test class to call this code always in setUp() so we have it written only once.
2024-02-01dns forwarding: T5687: add missing constraints on ecs-add-for CLI nodeChristian Breunig
Completion help suggests only IPv4 and IPv6 prefixes are supported, thus add a proper constraint enforcing this.
2024-02-01Merge pull request #2883 from sever-sever/T5974Viacheslav Hletenko
T5974: Fix QoS shape bandwidth and ceil calculation for default
2024-02-01Merge pull request #2890 from sever-sever/T5941Christian Breunig
T5941: Migration policy delete orphaned interface policy
2024-02-01Merge pull request #2892 from sever-sever/T5941-tpChristian Breunig
T5941: Migration QoS delete orphaned interface traffic-policy
2024-02-01GitHub: update PR request laballer to v5.0.0 tagChristian Breunig
2024-02-01Merge pull request #2914 from aapostoliuk/T5930-circinusChristian Breunig
bgp: T5930: Denied using rt vpn 'export/import' with 'both' together
2024-02-01bgp: T5930: Denied using rt vpn 'export/import' with 'both' togetheraapostoliuk
Denied using command 'route-target vpn export/import' with 'both' together in bgp configuration.
2024-02-01Merge pull request #2887 from nicolas-fort/T5977Christian Breunig
T5977: firewall: remove ipsec options in output chain rule definition…
2024-01-31Merge pull request #2910 from aapostoliuk/T5254-fixChristian Breunig
T5254: Deleted extra file git
2024-01-31T5254: Deleted extra file gitaapostoliuk
Deleted extra file git.
2024-01-31Merge pull request #2908 from cleopold73/cleopold73-patch-1Christian Breunig
reverse-proxy: T5999: Allow root for exact match in backend rule URL
2024-01-31dns forwarding: T5687: Implement ECS settings for PowerDNS recursorkhramshinr
Fix option descriptions
2024-01-30reverse-proxy: T5999: Allow root for exact match in backend rule URLcleopold73
2024-01-30Merge pull request #2906 from jvoss/T6003Christian Breunig
rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix'
2024-01-30rpki: T6003: Add 'show rpki as-number' and 'show rpki prefix'Jonathan Voss
2024-01-30Merge pull request #2877 from c-po/vrf-5973Christian Breunig
vrf: T5973: multiple bugfixes and improvements
2024-01-30Merge pull request #2902 from jestabro/migration-certbotChristian Breunig
https: T6000: fix error in migration of path https certbot