summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-09-18Merge pull request #2283 from nicolas-fort/T5590-fwall-logChristian Breunig
T5590: firewall log rule: fix order which rule are processed
2023-09-18Merge pull request #2276 from sarthurdev/conntrackViacheslav Hletenko
conntrack: T5571: Refactor conntrack using vyos.configdep
2023-09-18conntrack: T5217: Add tcp flag matching to `system conntrack ignore`sarthurdev
- Moves MSS node out of `tcp-flags.xml.i` and into `tcp-mss.xml.i` - Update smoketest to verify TCP flag matching
2023-09-18T5590: firewall log rule: fix order which rule are processed. Log options ↵Nicolas Fort
should be added at the end of the rule, after all matchers and befora action. Also change 2 lines in policy_route smoketest, which suddenly wasn't working as expected
2023-09-18Merge pull request #2278 from indrajitr/ddclient-cache-fix-smoketestChristian Breunig
ddclient: T5573: Fix smoketest for updated ddclient config
2023-09-18Merge pull request #2279 from sever-sever/smoketestChristian Breunig
GitHub: Add smoketest result menu
2023-09-18Merge pull request #2281 from nicolas-fort/T5594Christian Breunig
T5594: vrrp: extend function is_ipv6_tentative
2023-09-18T5594: vrrp: extend function is_ipv6_tentative to analysis all type of ipv6 ↵Nicolas Fort
address, and not only global ipv6 address. This allows to configure ipv6 link local address on vrrp hello-source-address parameter.
2023-09-18GitHub: Add smoketest result menuViacheslav Hletenko
Add the `Smoketest result` option to the default PR template
2023-09-18ddclient: T5573: Fix smoketest for updated ddclient configIndrajit Raychaudhuri
2023-09-17Merge pull request #2251 from indrajitr/ddclient-cache-fixChristian Breunig
ddclient: T5573: Update config generation aligning with caching fixes
2023-09-16github: Update PR template with section of related PRssarthurdev
2023-09-16nat: Remove deprecated kernel checksarthurdev
/usr/libexec/vyos/conf_mode/nat.py:21: DeprecationWarning: The distutils package is deprecated and slated for removal in Python 3.12. Use setuptools or check PEP 632 for potential alternatives from distutils.version import LooseVersion
2023-09-16conntrack: T5571: Refactor conntrack to be independent conf script from ↵sarthurdev
firewall, nat, nat66
2023-09-15Merge pull request #2273 from sever-sever/T5586Christian Breunig
T5586: Disable by default SNMP for Keeplived VRRP service
2023-09-15Merge pull request #2185 from sever-sever/T5261-newViacheslav Hletenko
T5261: Add AWS load-balancing tunnel handler
2023-09-15Merge pull request #2272 from vfreex/fix-t4502Viacheslav Hletenko
T4502: Fix syntax error introduced by #2062
2023-09-15T5586: Disable by default SNMP for Keeplived VRRP serviceViacheslav Hletenko
AgentX does not work stable. From time to time we see the system service crashing/degrading if something is wrong with SNMP from util net-snmp. We should disable it by default and enable it only if configured. set high-availability vrrp snmp
2023-09-15T4502: Fix syntax error introduced by #2062Yuxiang Zhu
When rebasing https://github.com/vyos/vyos-1x/pull/2062, some additional lines are mistakenly included. https://github.com/vyos/vyos-1x/commit/45cfd569119b66abd2f0dfb954042b57921881bd has removed the extra `}`, but the `{{ group_tmpl.groups(group, True) }}` line needs to be removed as well.
2023-09-15Merge pull request #2270 from indrajitr/ddclient-config-permissionChristian Breunig
ddclient: T5585: Fix file access mode for dynamic dns configuration
2023-09-15system: T5505: T5575: support calling system-ip(v6).py from init processChristian Breunig
After commit 976f82785 ("T5575: ARP/NDP table-size isnt set properly") the system bootup process got interrupted as both system-ip.py and system-ipv6.py tried to talk to FRR which was yet not started. This has been fixed by using a conditional path to only execute when FRR service has been enabled. This is safe to do as the initial commit call will has FRR service running and the path will be executed.
2023-09-15firewall: T4502: fix syntax error unexpected '}'Christian Breunig
2023-09-15smoketests: drop nopool/net30 from testcasesChristian Breunig
After commit 0ccbbca01b ("openvpn: T3214: specify nopool on --server line only if needed") that removed the net30 option and nopool smoketests needed a fix.
2023-09-14ddclient: T5585: Fix file access mode for dynamic dns configurationIndrajit Raychaudhuri
ddclient.conf file is expected to have permission 600. We need to set the permission explicitly while creating the file.
2023-09-14Merge pull request #2268 from nicolas-fort/T5579Christian Breunig
T5579: show log firewall - Fix and extend command
2023-09-14T5579: show log firewall - Fix command in order to fit new firewall cli ↵Nicolas Fort
structure; extend command options so it can be used on every layer ; use journalctl to get the logs
2023-09-14Merge pull request #2242 from nicolas-fort/T4072-op-modeChristian Breunig
T4072: Firewall op-mode command: add bridge capabilities
2023-09-14Merge pull request #2253 from nicolas-fort/T5561Christian Breunig
T5561: nat: inbound|outbound interface should not be mandatory
2023-09-14Merge pull request #2255 from Apachez-/T5575Christian Breunig
T5575: ARP/NDP table-size isnt set properly
2023-09-14Merge pull request #2262 from dmbaturin/T5582-ntp-forceChristian Breunig
op mode: T5582: Add 'force ntp synchronization'
2023-09-14T5582: make "force ntp synchronisation" command VRF awareChristian Breunig
2023-09-14Merge pull request #1637 from ordex/T3214Daniil Baturin
openvpn: T3214: fix server-ipv6 and nopool handling
2023-09-14Merge pull request #2062 from vfreex/simple-fastpath-supportViacheslav Hletenko
T4502: firewall: Add software flow offload using flowtable
2023-09-14Merge pull request #2264 from Apachez-/T2044Christian Breunig
T2044: RPKI doesn't boot properly
2023-09-14T2044: RPKI doesn't boot properlyApachez
2023-09-13T5575: ARP/NDP table-size isnt set properlyApachez
2023-09-13op mode: T5582: Add 'force ntp synchronization'Daniil Baturin
2023-09-13TACACS: T5577: Added `mandatory` and `optional` modes for TACACS+zsdc
In CLI we can choose authentication logic: - `mandatory` - if TACACS+ answered with `REJECT`, authentication must be stopped and access denied immediately. - `optional` (default) - if TACACS+ answers with `REJECT`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if TACACS+ clearly answered that access should be denied (no user in TACACS+ database, wrong password, etc.). If TACACS+ is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode.
2023-09-13Merge pull request #2260 from jestabro/legacy-tech-supportChristian Breunig
T671: do not preserve old tech-support report implementation
2023-09-13RADIUS: T5577: Added `mandatory` and `optional` modes for RADIUSzsdc
In CLI we can choose authentication logic: - `mandatory` - if RADIUS answered with `Access-Reject`, authentication must be stopped and access denied immediately. - `optional` (default) - if RADIUS answers with `Access-Reject`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if RADIUS clearly answered that access should be denied (no user in RADIUS database, wrong password, etc.). If RADIUS is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode.
2023-09-13T671: do not preserve old tech-support report implementationJohn Estabrook
2023-09-13Merge pull request #2252 from sever-sever/T5576Christian Breunig
T5576: Add BGP remove-private-as all option
2023-09-13Merge pull request #2257 from c-po/t5581-ip-nhtChristian Breunig
op-mode: T5581: add "show ip nht" command (IPv4 nexthop tracking table)
2023-09-13op-mode: T5581: add "show ip nht" command (IPv4 nexthop tracking table)Christian Breunig
vyos@vyos:~$ show ip nht 172.18.254.202 resolved via ospf via 172.18.201.254, eth0.201 (vrf default), weight 1 Client list: bgp(fd 28)
2023-09-13T5575: ARP/NDP table-size isnt set properlyApachez
2023-09-13Merge pull request #2245 from c-po/t5239-frrChristian Breunig
frr: T5239: fix process startup order
2023-09-13T5561: nat: defining inbound|outbound interface should not be mandatory ↵Nicolas Fort
while configuring dNAT|sNAT rule
2023-09-13T5576: Add BGP remove-private-as all optionViacheslav Hletenko
Add the ability to use the option all for remove-private-as. Remove private ASNs in outbound updates. all - Apply to all AS numbers set protocols bgp neighbor <tag> address-family ipv4-unicast remove-private-as all
2023-09-13groups: T5577: Added `radius` and `tacacs` groupszsdc
We need separated groups for RADIUS and TACACS+ system users because they need to be used in PAM rules independently.
2023-09-12ddclient: T5573: Update config generation aligning with caching fixesIndrajit Raychaudhuri
Now that the caching fixes are in place, we can update the config to remove legacy treatment of ipv4 related properties.