Age | Commit message (Collapse) | Author |
|
login: T4943: use pam-auth-update to enable/disable Google authenticator
|
|
(cherry picked from commit 383c40c547c7f4dc408b98306119bb3740bc3f7c)
|
|
ddclient: T5791: use a fixed VRF table ID in smoketests
|
|
Fixes
DEBUG - ======================================================================
DEBUG - ERROR: test_07_dyndns_vrf (__main__.TestServiceDDNS.test_07_dyndns_vrf)
DEBUG - ----------------------------------------------------------------------
DEBUG - Traceback (most recent call last):
DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py", line 302, in test_07_dyndns_vrf
DEBUG - self.cli_set(['vrf', 'name', vrf_name, 'table', vrf_table])
DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 68, in cli_set
DEBUG - self._session.set(config)
DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 154, in set
DEBUG - self.__run_command([SET] + path + value)
DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 143, in __run_command
DEBUG - raise ConfigSessionError(output)
DEBUG - vyos.configsession.ConfigSessionError: Number is not in any of allowed ranges
|
|
|
|
The initial version always enabled Google authenticator (2FA/MFA) support by
hardcoding the PAM module for sshd and login.
This change only enables the PAM module on demand if any use has 2FA/MFA
configured. Enabling the module is done system wide via pam-auth-update by
using a predefined template.
Can be tested using:
set system login user vyos authentication plaintext-password vyos
set system login user vyos authentication otp key 'QY735IG5HDHBFHS5W7Y2A4EM274SMT3O'
See https://docs.vyos.io/en/latest/configuration/system/login.html for additional
details.
|
|
wireguard: T5413: fix missing check to migration script raising error
|
|
(cherry picked from commit 1f304a5b3b3698e11f3a497ca9c61b69ef94b26b)
|
|
|
|
|
|
|
|
|
|
op-mode: T5808: Correction of description for ipv6 ospfv3 graceful-restart
|
|
|
|
T5778: dhcp server: fix op-mode command
|
|
T5775: firewall: re-add state-policy to firewall. These commands are …
|
|
image-tools: T5758: restore saving previous data on install
|
|
Restore scanning previous installations for config data and ssh host
keys on install.
|
|
T160: add NAT64
|
|
- Update the base (rebase)
- Move include/nat64-protocol.xml.i => include/nat64/protocol.xml.i
- Delete unwanted `write_json`, use `write_file` instead
- Remove unnecessary deleting of default values for tagNodes T2665
- Add smoketest
Example:
```
set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth0 address '192.168.122.10/24'
set interfaces ethernet eth2 address '2001:db8::1/64'
set nat64 source rule 100 source prefix '64:ff9b::/96'
set nat64 source rule 100 translation pool 10 address '192.168.122.10'
set nat64 source rule 100 translation pool 10 port '1-65535'
```
|
|
Signed-off-by: Joe Groocock <me@frebib.net>
|
|
T5779: conntrack: Apply fixes to <set system conntrack timeout custom>
|
|
accel-ppp: T5688: Fixed migration script for pppoe-server
|
|
Fixed migration script for pppoe-server
|
|
Remove what was not working on 1.3, migrate what was working to new syntax and extend feature for ipv6.
|
|
accel-ppp: T5688: Standardized pool configuration in accel-ppp
|
|
Standardized pool configuration for all accel-ppp services.
1. Only named pools are used now.
2. Allows all services to use range in x.x.x.x/mask
and x.x.x.x-x.x.x.y format
3. next-pool can be used in all services
2. Allows to use in ipoe gw-ip-address without pool configuration
which allows to use Fraimed-IP-Address attribute by radius.
3. Default pool name should be explicidly configured
with default-pool.
4. In ipoe netmask and range subnet can be different.
|
|
ddclient: T5791: Simplify and fix migration script for dynamic dns
|
|
Mark 'dns dynamic name' as tag node to avoid unexpected nesting.
|
|
vti: T5769: restore interface settings on down -> up event
|
|
ddclient: T5791: Update dynamic dns configuration path for consistency [followup]
|
|
|
|
On VTI interface link down the link-local IPv6 address is removed. As soon as
the IPSec tunnel is online again, vti-up-down helper is called which only places
the interface in up state using iproute2 command
sudo ip link set vti0 up
This does not restore the IPv6 LL address. Instead use vyos.ifconfig to properly
re-initialize the VTI interface using the generic update() method.
|
|
T5796:add/fixed OCSERV HTTP security headers
|
|
|
|
mdns: T5793: Cleanup avahi-daemon configuration in `/etc` [followup]
|
|
`/etc/avahi` technically can be deleted since we operate with
avahi-daemon configuration in `/run/avahi-daemon`.
But we still need to keep `/etc/avahi/services` because avahi-daemon
`chroot` to that location at startup. This is setup at build time via
`AVAHI_CONFIG_DIR` and there is no way to change it at runtime.
|
|
mdns: T5793: Cleanup avahi-daemon configuration in `/etc`
|
|
`/etc/avahi` can be deleted since we operate with avahi-daemon
configuration in `/run/avahi-daemon`.
|
|
ddclient: T5791: Update dynamic dns configuration path for consistency
|
|
policy: T4704: Allowed to set metric (MED) to (+/-)rtt
|
|
|
|
|
|
As followup to interface definition change, remove XML snippets that
aren't used anymore. They were there because they were 'include'-ed
multiple times in the interface definition `dynamic-dns.xml.in`. Since
that's not the case anymore, they can be removed.
|
|
Modify the configuration path to be consistent with the usual dialects
of VyoS configuration (wireguard, dns, firewall, etc.)
This would also shorten the configuration path and have a unified
treatment for RFC2136-based updates and other 'web-service' based updates.
While at it, add support for per-service web-options. This would allow
for probing different external URLs on a per-service basis.
|
|
|
|
Allowed to set metric (MED) to (+/-)rtt in the route-map.
|
|
image-tools: T5789: copy ssh host keys on image update
|
|
|
|
http-api: T5782: use single config-mode script for https and http-api
|