summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-08Merge pull request #2584 from c-po/T4943-google-authenticatorChristian Breunig
login: T4943: use pam-auth-update to enable/disable Google authenticator
2023-12-08T5805: telegraf: re-add network metricsVladimir F
(cherry picked from commit 383c40c547c7f4dc408b98306119bb3740bc3f7c)
2023-12-08Merge pull request #2591 from c-po/currentChristian Breunig
ddclient: T5791: use a fixed VRF table ID in smoketests
2023-12-08ddclient: T5791: use a fixed VRF table ID in smoketestsChristian Breunig
Fixes DEBUG - ====================================================================== DEBUG - ERROR: test_07_dyndns_vrf (__main__.TestServiceDDNS.test_07_dyndns_vrf) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py", line 302, in test_07_dyndns_vrf DEBUG - self.cli_set(['vrf', 'name', vrf_name, 'table', vrf_table]) DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 68, in cli_set DEBUG - self._session.set(config) DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 154, in set DEBUG - self.__run_command([SET] + path + value) DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 143, in __run_command DEBUG - raise ConfigSessionError(output) DEBUG - vyos.configsession.ConfigSessionError: Number is not in any of allowed ranges
2023-12-08op-cmd: T5802: bug fix for "ping x.x.x.x interface" completion optionssrividya0208
2023-12-08login: T4943: use pam-auth-update to enable/disable Google authenticatorChristian Breunig
The initial version always enabled Google authenticator (2FA/MFA) support by hardcoding the PAM module for sshd and login. This change only enables the PAM module on demand if any use has 2FA/MFA configured. Enabling the module is done system wide via pam-auth-update by using a predefined template. Can be tested using: set system login user vyos authentication plaintext-password vyos set system login user vyos authentication otp key 'QY735IG5HDHBFHS5W7Y2A4EM274SMT3O' See https://docs.vyos.io/en/latest/configuration/system/login.html for additional details.
2023-12-08Merge pull request #2587 from jestabro/wireguard-T5413-migration-29-30Christian Breunig
wireguard: T5413: fix missing check to migration script raising error
2023-12-08smoketest: add a dialout router config with IPv6-PD and WireGuard from 1.3.4Christian Breunig
(cherry picked from commit 1f304a5b3b3698e11f3a497ca9c61b69ef94b26b)
2023-12-07wireguard: T5413: fix missing check to migration script raising errorJohn Estabrook
2023-12-08dhcp: T3316: Add time-zone node for options 100 and 101sarthurdev
2023-12-08dhcp: T3316: Add captive portal v4/v6 optionssarthurdev
2023-12-08dhcp: T3316: Migrate dhcp/dhcpv6 server to Keasarthurdev
2023-12-07Merge pull request #2583 from srividya0208/ipv6_ospfv3Christian Breunig
op-mode: T5808: Correction of description for ipv6 ospfv3 graceful-restart
2023-12-07op-mode: T5808: Correction of description for ipv6 ospfv3 graceful-restartsrividya0208
2023-12-07Merge pull request #2551 from nicolas-fort/T5778Daniil Baturin
T5778: dhcp server: fix op-mode command
2023-12-07Merge pull request #2539 from nicolas-fort/T5775Daniil Baturin
T5775: firewall: re-add state-policy to firewall. These commands are …
2023-12-07Merge pull request #2580 from jestabro/copy-config-on-installJohn Estabrook
image-tools: T5758: restore saving previous data on install
2023-12-07image-tools: T5758: restore saving previous data on installJohn Estabrook
Restore scanning previous installations for config data and ssh host keys on install.
2023-12-07Merge pull request #2578 from sever-sever/nat64Viacheslav Hletenko
T160: add NAT64
2023-12-06T160: Rebase and fixes for NAT64Viacheslav Hletenko
- Update the base (rebase) - Move include/nat64-protocol.xml.i => include/nat64/protocol.xml.i - Delete unwanted `write_json`, use `write_file` instead - Remove unnecessary deleting of default values for tagNodes T2665 - Add smoketest Example: ``` set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth0 address '192.168.122.10/24' set interfaces ethernet eth2 address '2001:db8::1/64' set nat64 source rule 100 source prefix '64:ff9b::/96' set nat64 source rule 100 translation pool 10 address '192.168.122.10' set nat64 source rule 100 translation pool 10 port '1-65535' ```
2023-12-06nat64: T160: Implement Jool-based NAT64 translatorJoe Groocock
Signed-off-by: Joe Groocock <me@frebib.net>
2023-12-05Merge pull request #2574 from nicolas-fort/T5779Daniil Baturin
T5779: conntrack: Apply fixes to <set system conntrack timeout custom>
2023-12-05Merge pull request #2575 from aapostoliuk/T5688-fixesChristian Breunig
accel-ppp: T5688: Fixed migration script for pppoe-server
2023-12-05accel-ppp: T5688: Fixed migration script for pppoe-serveraapostoliuk
Fixed migration script for pppoe-server
2023-12-05T5779: conntrack: Apply fixes to <set system conntrack timeout custom>. ↵Nicolas Fort
Remove what was not working on 1.3, migrate what was working to new syntax and extend feature for ipv6.
2023-12-04Merge pull request #2501 from aapostoliuk/T5688-currentChristian Breunig
accel-ppp: T5688: Standardized pool configuration in accel-ppp
2023-12-04accel-ppp: T5688: Standardized pool configuration in accel-pppaapostoliuk
Standardized pool configuration for all accel-ppp services. 1. Only named pools are used now. 2. Allows all services to use range in x.x.x.x/mask and x.x.x.x-x.x.x.y format 3. next-pool can be used in all services 2. Allows to use in ipoe gw-ip-address without pool configuration which allows to use Fraimed-IP-Address attribute by radius. 3. Default pool name should be explicidly configured with default-pool. 4. In ipoe netmask and range subnet can be different.
2023-12-04Merge pull request #2569 from indrajitr/ddclient-update-20231203-04Christian Breunig
ddclient: T5791: Simplify and fix migration script for dynamic dns
2023-12-03ddclient: T5791: Simplify and fix migration script for dynamic dnsIndrajit Raychaudhuri
Mark 'dns dynamic name' as tag node to avoid unexpected nesting.
2023-12-03Merge pull request #2566 from c-po/t5769-vtiChristian Breunig
vti: T5769: restore interface settings on down -> up event
2023-12-03Merge pull request #2567 from indrajitr/ddclient-update-20231203Christian Breunig
ddclient: T5791: Update dynamic dns configuration path for consistency [followup]
2023-12-03ddclient: T5791: Fix file permission for migration scriptIndrajit Raychaudhuri
2023-12-02vti: T5769: restore interface settings on down -> up eventChristian Breunig
On VTI interface link down the link-local IPv6 address is removed. As soon as the IPSec tunnel is online again, vti-up-down helper is called which only places the interface in up state using iproute2 command sudo ip link set vti0 up This does not restore the IPv6 LL address. Instead use vyos.ifconfig to properly re-initialize the VTI interface using the generic update() method.
2023-12-02Merge pull request #2564 from fett0/T5796Christian Breunig
T5796:add/fixed OCSERV HTTP security headers
2023-12-02 T5796:add/fixed OCSERV HTTP security headersfett0
2023-12-02Merge pull request #2562 from indrajitr/avahi-cleanup-2Christian Breunig
mdns: T5793: Cleanup avahi-daemon configuration in `/etc` [followup]
2023-12-01mdns: T5793: Cleanup avahi-daemon configuration in `/etc`Indrajit Raychaudhuri
`/etc/avahi` technically can be deleted since we operate with avahi-daemon configuration in `/run/avahi-daemon`. But we still need to keep `/etc/avahi/services` because avahi-daemon `chroot` to that location at startup. This is setup at build time via `AVAHI_CONFIG_DIR` and there is no way to change it at runtime.
2023-12-01Merge pull request #2559 from indrajitr/avahi-cleanupChristian Breunig
mdns: T5793: Cleanup avahi-daemon configuration in `/etc`
2023-12-01mdns: T5793: Cleanup avahi-daemon configuration in `/etc`Indrajit Raychaudhuri
`/etc/avahi` can be deleted since we operate with avahi-daemon configuration in `/run/avahi-daemon`.
2023-12-01Merge pull request #2554 from indrajitr/ddclient-update-20231128Christian Breunig
ddclient: T5791: Update dynamic dns configuration path for consistency
2023-12-01Merge pull request #2547 from aapostoliuk/T4704-circinusChristian Breunig
policy: T4704: Allowed to set metric (MED) to (+/-)rtt
2023-11-30ddclient: T5791: Update smoketest for dynamic dns config path changeIndrajit Raychaudhuri
2023-11-30ddclient: T5791: Migration script for dynamic dns config path changeIndrajit Raychaudhuri
2023-11-30ddclient: T5791: Remove XML includes that aren't used anymoreIndrajit Raychaudhuri
As followup to interface definition change, remove XML snippets that aren't used anymore. They were there because they were 'include'-ed multiple times in the interface definition `dynamic-dns.xml.in`. Since that's not the case anymore, they can be removed.
2023-11-30ddclient: T5791: Update dynamic dns configuration pathIndrajit Raychaudhuri
Modify the configuration path to be consistent with the usual dialects of VyoS configuration (wireguard, dns, firewall, etc.) This would also shorten the configuration path and have a unified treatment for RFC2136-based updates and other 'web-service' based updates. While at it, add support for per-service web-options. This would allow for probing different external URLs on a per-service basis.
2023-11-30T5778: dhcp server: fix op-mode command <show dhcp server leases ...>.Nicolas Fort
2023-11-30policy: T4704: Allowed to set metric (MED) to (+/-)rttaapostoliuk
Allowed to set metric (MED) to (+/-)rtt in the route-map.
2023-11-29Merge pull request #2552 from jestabro/image-update-host-keysJohn Estabrook
image-tools: T5789: copy ssh host keys on image update
2023-11-29image-tools: T5789: copy ssh host keys on image updateJohn Estabrook
2023-11-28Merge pull request #2542 from jestabro/single-owner-https-configJohn Estabrook
http-api: T5782: use single config-mode script for https and http-api