summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-02vti: T5769: restore interface settings on down -> up eventChristian Breunig
On VTI interface link down the link-local IPv6 address is removed. As soon as the IPSec tunnel is online again, vti-up-down helper is called which only places the interface in up state using iproute2 command sudo ip link set vti0 up This does not restore the IPv6 LL address. Instead use vyos.ifconfig to properly re-initialize the VTI interface using the generic update() method.
2023-12-02Merge pull request #2564 from fett0/T5796Christian Breunig
T5796:add/fixed OCSERV HTTP security headers
2023-12-02 T5796:add/fixed OCSERV HTTP security headersfett0
2023-12-02Merge pull request #2562 from indrajitr/avahi-cleanup-2Christian Breunig
mdns: T5793: Cleanup avahi-daemon configuration in `/etc` [followup]
2023-12-01mdns: T5793: Cleanup avahi-daemon configuration in `/etc`Indrajit Raychaudhuri
`/etc/avahi` technically can be deleted since we operate with avahi-daemon configuration in `/run/avahi-daemon`. But we still need to keep `/etc/avahi/services` because avahi-daemon `chroot` to that location at startup. This is setup at build time via `AVAHI_CONFIG_DIR` and there is no way to change it at runtime.
2023-12-01Merge pull request #2559 from indrajitr/avahi-cleanupChristian Breunig
mdns: T5793: Cleanup avahi-daemon configuration in `/etc`
2023-12-01mdns: T5793: Cleanup avahi-daemon configuration in `/etc`Indrajit Raychaudhuri
`/etc/avahi` can be deleted since we operate with avahi-daemon configuration in `/run/avahi-daemon`.
2023-12-01Merge pull request #2554 from indrajitr/ddclient-update-20231128Christian Breunig
ddclient: T5791: Update dynamic dns configuration path for consistency
2023-12-01Merge pull request #2547 from aapostoliuk/T4704-circinusChristian Breunig
policy: T4704: Allowed to set metric (MED) to (+/-)rtt
2023-11-30ddclient: T5791: Update smoketest for dynamic dns config path changeIndrajit Raychaudhuri
2023-11-30ddclient: T5791: Migration script for dynamic dns config path changeIndrajit Raychaudhuri
2023-11-30ddclient: T5791: Remove XML includes that aren't used anymoreIndrajit Raychaudhuri
As followup to interface definition change, remove XML snippets that aren't used anymore. They were there because they were 'include'-ed multiple times in the interface definition `dynamic-dns.xml.in`. Since that's not the case anymore, they can be removed.
2023-11-30ddclient: T5791: Update dynamic dns configuration pathIndrajit Raychaudhuri
Modify the configuration path to be consistent with the usual dialects of VyoS configuration (wireguard, dns, firewall, etc.) This would also shorten the configuration path and have a unified treatment for RFC2136-based updates and other 'web-service' based updates. While at it, add support for per-service web-options. This would allow for probing different external URLs on a per-service basis.
2023-11-30policy: T4704: Allowed to set metric (MED) to (+/-)rttaapostoliuk
Allowed to set metric (MED) to (+/-)rtt in the route-map.
2023-11-29Merge pull request #2552 from jestabro/image-update-host-keysJohn Estabrook
image-tools: T5789: copy ssh host keys on image update
2023-11-29image-tools: T5789: copy ssh host keys on image updateJohn Estabrook
2023-11-28Merge pull request #2542 from jestabro/single-owner-https-configJohn Estabrook
http-api: T5782: use single config-mode script for https and http-api
2023-11-28Merge pull request #2550 from jestabro/non-interactive-add-delete-imageJohn Estabrook
image-tools: T5751: allow non-interactive add/delete image
2023-11-27image-tools: T5751: use revised image tools in configsessionJohn Estabrook
2023-11-27image-tools: T5751: restore arg raise_error for non-interactive useJohn Estabrook
2023-11-27image-tools: T5751: add arg no_prompt for non-interactive callsJohn Estabrook
2023-11-27image-tools: T5751: normalize args using hyphen instead of underscoreJohn Estabrook
2023-11-27Merge pull request #2546 from c-po/t5749-vrf-fixupChristian Breunig
vyos.utils: T5749: fix get_vrf_members() call to iproute2
2023-11-27vyos.utils: T5749: fix get_vrf_members() call to iproute2Christian Breunig
The iproute2 master argument is used for both a VRF and a bridge device. Using this in the VRF context would retrieve and report back the wrong interfaces: Old implementation: =================== >>> from vyos.utils.network import get_vrf_members >>> get_vrf_members('br1') ['eth1', 'eth2', 'vxlan1'] >>> get_vrf_members('black') ['br1.3002', 'br1.4000', 'pim6reg10200'] The new implementation: ======================= >>> from vyos.utils.network import get_vrf_members >>> get_vrf_members('br1') [] >>> get_vrf_members('black') ['br1.3002', 'br1.4000', 'pim6reg10200']
2023-11-27smoketest: T31: remove VRF failfast unittest aargumentChristian Breunig
2023-11-27Merge pull request #2544 from c-po/t5783-smoketestsChristian Breunig
smoketest: T5783: check for any abnormal daemon termination
2023-11-27Merge pull request #2543 from jestabro/check-in-dockerChristian Breunig
image-tools: T4516: exit grub-update service if running in docker
2023-11-26http-api: T5782: use single config-mode script for https and http-apiJohn Estabrook
2023-11-26smoketest: T5783: check for any abnormal daemon terminationChristian Breunig
We need to ensure when stressing FRR with the smoketests that no unexpected crash happens. We simply verify the PID of the individual FRR daemons.
2023-11-26Merge pull request #2541 from erkin/commit-fixChristian Breunig
remote: T5773: Fix for broken config download
2023-11-26image-tools: T4516: exit grub-update service if running in dockerJohn Estabrook
2023-11-25remote: T5773: Fix for broken config uploaderkin
2023-11-23Merge pull request #2532 from jestabro/drop-http-api-confChristian Breunig
http-api: T5768: remove auxiliary http-api.conf
2023-11-22http-api: T5768: remove auxiliary http-api.confJohn Estabrook
2023-11-22Merge pull request #2522 from dmbaturin/require-api-keysChristian Breunig
https api: T5772: check if keys are configured unless PAM auth is enabled for GraphQL
2023-11-22Merge pull request #2528 from nicolas-fort/T5637-Extend-bridgeChristian Breunig
T5637: firewall: extend rule for default-action to firewall bridge
2023-11-22Merge pull request #2527 from c-po/t5630-mru-part-2Christian Breunig
pppoe: T5630: make MRU default to MTU if unspecified
2023-11-22T5637: firewall: extend rule for default-action to firewall bridge, in order ↵Nicolas Fort
to be able to catch logs using separte rule for default-action
2023-11-22pppoe: T5630: make MRU default to MTU if unspecifiedChristian Breunig
This fixes the implementation in e062a8c11 ("pppoe: T5630: allow to specify MRU in addition to already configurable MTU") and restores the bahavior that MRU defaults to MTU if MRU is not explicitly set. This was the behavior in VyOS 1.3.3 and below before we added ability to define the MRU value.
2023-11-22Merge pull request #2503 from c-po/t5759-vxlan-mtuChristian Breunig
vxlan: T5759: change default MTU from 1450 -> 1500 bytes
2023-11-22vxlan: T5759: change default MTU from 1450 -> 1500 bytesChristian Breunig
Found an odd behavior on Linux and the VyOS CLI implementation. If adding VXLAN interfaces using iproute2 the MTU differs depending on the creation syntax: ip -4 link add vxlan100 type vxlan dstport 4789 external df unset tos inherit \ ttl 16 nolearning vnifilter local 172.16.33.201 ip -4 link add vxlan200 type vxlan id 200 dstport 4789 local 172.16.33.201 dev eth0 ip -6 link add vxlan300 type vxlan id 300 dstport 4789 local 2001:db8:1::1 dev eth0 132: vxlan300: <BROADCAST,MULTICAST> mtu 1430 qdisc noop state DOWN group default qlen 1000 link/ether 4e:fb:e3:f5:d9:59 brd ff:ff:ff:ff:ff:ff 133: vxlan200: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000 link/ether 0e:4e:f4:76:59:3f brd ff:ff:ff:ff:ff:ff 134: vxlan100: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether ba:b6:b7:0c:b1:37 brd ff:ff:ff:ff:ff:ff VyOS always sets a default MTU of 1450 bytes which is correct for IPv4 p2p links or multicast, but invalid for IPv6 p2p. Also this will break EVPN deployments as ethernet bridges with MTU < 1500 bytes are less fun. Increase default MTU to 1500 bytes. Migrate old configurations to use 1450 bytes if not specified otherwise on the CLI.
2023-11-22Merge pull request #2499 from c-po/t5753-vxlan-vnifilterChristian Breunig
vxlan: T5753: add support for VNI filtering
2023-11-21Merge pull request #2519 from c-po/t5762-vhost-portJohn Estabrook
http: T5762: rename "virtual-host listen-port" -> "virtual-host port"
2023-11-22https api: T5772: check if keys are configuredDaniil Baturin
unless PAM auth is enabled for GraphQL
2023-11-21smoketest: macsec: T5770: fix NameError: name 'cipher' is not definedChristian Breunig
2023-11-21Merge pull request #2518 from giga1699/T5770Christian Breunig
T5770 Enable MACsec encryption stanza
2023-11-21Merge pull request #2516 from sever-sever/T5767Christian Breunig
T5767: HTTPS API add reboot and poweroff endpoints
2023-11-21macsec: T5770: enable iproute2 "encrypt on" stanzaGiga Murphy
2023-11-21http: T5762: rename "virtual-host listen-port" -> "virtual-host port"Christian Breunig
This complements commit f5e43b136 ("http: T5762: api: make API socket backend communication the one and only default") so we have a consistent port CLI node across VyOS components.
2023-11-21T5767: HTTPS API add reboot and poweroff endpointsViacheslav Hletenko
Add ability to reboot and poweroff the system via API curl -k --location --request POST 'https://vyos/reboot' \ --form data='{"op": "reboot", "path": ["now"]}' \ --form key='apikey' curl -k --location --request POST 'https://vyos/poweroff' \ --form data='{"op": "poweroff", "path": ["now"]}' \ --form key='apikey'