summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-09-16ipsec: T4118: Change vpn ipsec syntax for IKE ESP and peerViacheslav Hletenko
Migration and Change boolean nodes "enable/disable" to disable-xxxx, enable-xxxx and just xxx for VPN IPsec configurations - IKE changes: - replace 'ipsec ike-group <tag> mobike disable' => 'ipsec ike-group <tag> disable-mobike' - replace 'ipsec ike-group <tag> ikev2-reauth yes|no' => 'ipsec ike-group <tag> ikev2-reauth' - ESP changes: - replace 'ipsec esp-group <tag> compression enable' => 'ipsec esp-group <tag> compression' - PEER changes: - replace: 'peer <tag> id xxx' => 'peer <tag> local-id xxx' - replace: 'peer <tag> force-encapsulation enable' => 'peer <tag> force-udp-encapsulation' - add option: 'peer <tag> remote-address x.x.x.x' Add 'peer <name> remote-address <name>' via migration script
2022-08-08Merge pull request #1461 from nicolas-fort/nat66-excludeChristian Poessinger
nat66: T4598: Add exclude options in nat66
2022-08-08nat66: T4598: add file nat-exclue.xml.i, which is invoked by nat66.xml.in ↵Nicolas Fort
and nat-rule.xml.i
2022-08-05Merge pull request #1460 from sever-sever/T4597Christian Poessinger
ocserv: T4597: Check bind port before openconnect commit
2022-08-05nat66: T4598: Add exclude options in nat66Nicolas Fort
2022-08-05ocserv: T4597: Check bind port before openconnect commitViacheslav Hletenko
Check if openconnect listen port is available and not used by another service
2022-08-05Merge pull request #1459 from dmbaturin/genop-exnViacheslav Hletenko
T2719: add an exception hierarchy for op mode errors
2022-08-05bgp: T4257: bugfixes after renaming "local-as" to "system-as"Christian Poessinger
2022-08-04Merge https://github.com/Cheeze-It/vyos-1x into currentChristian Poessinger
* https://github.com/Cheeze-It/vyos-1x: bgp: T4257: Changing BGP "local-as" to "system-as"
2022-08-04macsec: T4537: macsec_csindex can be set even without encryptionChristian Poessinger
2022-08-04smoketest: macsec: T4537: validate macsec_csindex for both AES-GCM-128 and ↵Christian Poessinger
AES-GCM-256
2022-08-04T2719: add an exception hierarchy for op mode errorsDaniil Baturin
2022-08-04Merge pull request #1457 from sever-sever/T4586Christian Poessinger
nat66: T4586: Add SNAT destination prefix and DNAT address
2022-08-04macsec: T4592: can not create two interfaces using the same source-interfaceChristian Poessinger
2022-08-04vyos.config.configdict: T4592: only print interface name, not interface dict ↵Christian Poessinger
on error
2022-08-04smoketest: macsec: T4537: verify macsec_csindexChristian Poessinger
2022-08-03Merge pull request #1369 from nicolas-fort/T4480Daniil Baturin
T4480: webproxy: Add safe-ports and ssl-safe-ports for acl squid config
2022-08-03nat66: T4586: Add SNAT destination prefix and DNAT addressViacheslav Hletenko
Ability to configure SNAT destination prefix and DNAT source address Add option "!" - not address/prefix for NAT66
2022-08-03validators: T4586: Add IPv6 exclude validators for address/prefixViacheslav Hletenko
Add IPV6 exclude validators: - ipv6-address-exclude - ipv6-prefix-exclude Will use in nat66 source/destination
2022-08-02Merge pull request #1456 from sever-sever/T4585Christian Poessinger
containers: T4585: Add option restart to containers.py
2022-08-02containers: T4585: Add option restart to containers.pyViacheslav Hletenko
Add option restart to `containers.py`
2022-08-02Merge pull request #1455 from sever-sever/T4544Christian Poessinger
graphql: T4544: Add overwritten scripts op-mode-standardized.json
2022-08-02graphql: T4544: Add overwritten scripts op-mode-standardized.jsonViacheslav Hletenko
Add overwritten scripts to 'op-mode-standardized.json'
2022-08-02Merge pull request #1454 from sever-sever/T4585Christian Poessinger
container: T4585: Rewrite show container
2022-08-02container: T4585: Rewrite show containerViacheslav Hletenko
Rewrite op-mode: - show container - show container network - show container image to the new vyos.opmode format
2022-08-02macsec: T4537: add mussing macsec_csindex option to support GCM-AES-256Christian Poessinger
2022-08-02hostap: T4584: add Debian specific options to systemd unit filesChristian Poessinger
2022-08-01macsec: T4537: remove debug falg "-d" from systemd service fileChristian Poessinger
2022-08-01macsec: T4537: supply PID path via systemd service file to daemonChristian Poessinger
2022-08-01macsec: T4391: bugfix config pathChristian Poessinger
After commit 85d6c8f7c62 ("vyos.configdict: T4391: enable get_interface_dict() to be used with ConfigTreeQuery()") we also need to use the full path when working with Config() as previous calls to get_interface_dict() no longer change the level of Config().
2022-08-01op-mode: macsec: T4537: add "show|monitor log macsec" CLI commandsChristian Poessinger
2022-08-01macsec: T4537: restart wpa_supplicant on errorChristian Poessinger
2022-08-01macsec: T3368: check key length for gcm-aes-128/gcm-aes-256Christian Poessinger
2022-08-01op-mode: macsec: T3368: generate 128/258bit connectivity association keysChristian Poessinger
vyos@vyos:~$ generate macsec mka cak gcm-aes-128 6623f6ad9a0eae2db699b18f48af292b vyos@vyos:~$ generate macsec mka cak gcm-aes-256 0d84ac9d7cb7367c02ab22fc8b5f5f1113a62b765752bcf8d6da52554f04a826
2022-08-01bridge: T4565: bugfix error message when member interface contains an addressChristian Poessinger
We should not print the entire dictionary - we only need the bridge interface name: Bug: Cannot assign address to interface "eth1" as it is a member of bridge "{'br0': {'allowed_vlan': ['5-50', '101'], 'native_vlan': '101'}}"! Fixed: Cannot assign address to interface "eth1" as it is a member of bridge "br0"!
2022-08-01Merge pull request #1452 from sever-sever/T4572Christian Poessinger
mtu: T4572: Add DHCP-option MTU to get values from DHCP-server
2022-08-01mtu: T4572: Add DHCP-option MTU to get values from DHCP-serverViacheslav Hletenko
Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured
2022-08-01Merge pull request #1451 from sever-sever/T4562Christian Poessinger
vrf: T4562: Check VRF if it has not been configured
2022-08-01vrf: T4562: Check VRF if it has not been configuredViacheslav Hletenko
Check list of VRF's, check key 'ifname' is configured If not configured, return message "VRF is not configured"
2022-08-01Merge pull request #1446 from sever-sever/T4578Christian Poessinger
dns-forwarding: T4578: Rewrite show dns forwarding
2022-08-01Merge pull request #1447 from initramfs/fix-t4582-currentChristian Poessinger
router-advert: T4582: fix preferred cannot equal valid lifetime
2022-08-01Merge pull request #1449 from goodNETnick/sh_sys_cpuChristian Poessinger
show: T4581: 'show system cpu' fix
2022-07-31show: T4581: 'show system cpu' fixgoodNETnick
2022-08-01router-advert: T4582: fix preferred cannot equal valid lifetimeinitramfs
Allows preferred lifetime for prefix advertisements to equal the configured valid lifetime as per RFC 4861.
2022-07-31graphql: T4580: handle case of op-mode script name containing hyphensJohn Estabrook
2022-07-31smoketest: bridge: T4565: changes to lower interfaces must not destroy VLAN ↵Christian Poessinger
aware bridge
2022-07-30bgp: T4257: Changing BGP "local-as" to "system-as"Cheeze_It
bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor. bgp: T4257: Changing BGP "local-as" to "system-as" bgp: T4257: Changing BGP "local-as" to "system-as" This change is to change the global BGP name for the node "local-as" to "system-as" This is needed so that there's less ambiguity with the local-as feature per neighbor.
2022-07-30bridge: T4565: is_member() must return the dict of the member interfaceChristian Poessinger
... otherwise functionality like bridge VLANs will loose configuration on membe rinterface update (e.g. description)
2022-07-30bridge: T4579: cleanup interface dict (remove empty keys)Christian Poessinger
2022-07-30bridge: T4579: remove duplicate code path already handled by base classChristian Poessinger
Interface() base class already takes care about VLAN creation/removal of newly added or no longer required interfaces. No need to code this logic again.