summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-06-24T5735: Stunnel CLI and configurationkhramshinr
Add CLI commands Add config Add conf_mode Add systemd config Add stunnel smoketests Add log level config
2024-06-24Merge pull request #3710 from vyos/T6511-add-circinus-to-pr-workflowChristian Breunig
T6511: add circinus branch to workflow
2024-06-23T6511: add circinus branch to workflowVijayakumar A
2024-06-22Merge pull request #3679 from natali-rs1985/T3202-currentChristian Breunig
T3202: Enable wireguard debug messages
2024-06-22Merge pull request #3703 from c-po/package-smoketestDaniil Baturin
GitHub: T6494: add workflow to build custom ISO for integration tests
2024-06-22Merge pull request #3702 from c-po/T6503-restart-sshChristian Breunig
op-mode: T6503: "restart ssh" command not working
2024-06-22GitHub: T6494: add workflow to build custom ISO for integration testsChristian Breunig
For every PR we will build the vyos-1x package and include it in a custom build of the VyOS ISO image (generic flavor) in order to execute the commonly available smoketests: - make test (CLI smoketests) - make testc (config load & migration tests) - make testraid (Installation of RAID1 system with disk replacement) This is a measure agains merged PRs that break the smoketests in the end.
2024-06-21op-mode: T6503: "restart ssh" command not workingChristian Breunig
Commit e5af1f090 ("ssh: T6192: allow binding to multiple VRF instances") switched the systemd unit file from ssh.service to ssh@*.service, this change was not reflected in the "restart ssh" op-mode command.
2024-06-21Merge pull request #3684 from dmbaturin/T6498-uptime-helpersJohn Estabrook
op mode: T6498: move uptime helpers to vyos.utils.system
2024-06-21op mode: T6498: move uptime helpers to vyos.utils.systemDaniil Baturin
to be able to call them from the new tech-support script
2024-06-21Merge pull request #3694 from c-po/T6489-snmpdChristian Breunig
snmp: T6489: use new Python wrapper to interact with config filesystem
2024-06-20Merge pull request #3654 from talmakion/bugfix/T5514John Estabrook
op-mode: T5514: Allow safe reboots to config defaults when config.boot is deleted
2024-06-20snmp: T6489: use new Python wrapper to interact with config filesystemChristian Breunig
Do no longer use my_set and my_delete as this prevents scripts beeing run under supervision of vyos-configd.
2024-06-20Merge pull request #3693 from nicolas-fort/T3900-fix-templateChristian Breunig
T3900: firewall: fix for initial implementation
2024-06-20T3202: add single variable for Kernel dynamic debug settingsChristian Breunig
2024-06-20T3202: Enable wireguard debug messagesNataliia Solomko
2024-06-20T3900: firewall: fix for initial implementation - remove jump to state ↵Nicolas Fort
policy on OUTUT_raw
2024-06-20Merge pull request #3677 from HollyGurza/T5949Christian Breunig
T5949: Add option to disable USB autosuspend
2024-06-20Merge pull request #3682 from c-po/T6500-openconnect-multi-caChristian Breunig
openconnect: T6500: add support for multiple ca-certificates
2024-06-19Merge pull request #3685 from c-po/macsec-error-messageChristian Breunig
macsec: T5447: fix error message syntax - there is no tx and rx key, only key
2024-06-19macsec: T5447: fix error message syntax - there is no tx and rx key, only keyChristian Breunig
2024-06-19openconnect: T6500: add support for multiple ca-certificatesChristian Breunig
Add possibility to provide a full CA chain to the openconnect server. * Support multiple CA certificates * For every CA certificate specified, always determine the full certificate chain in the background and add the necessary SSL certificates
2024-06-19Merge pull request #3680 from sever-sever/T6497Christian Breunig
T6497: CGNAT delete conntrack entries if a pool is modified
2024-06-19T6497: CGNAT delete conntrack entries if a pool is modifiedViacheslav Hletenko
2024-06-19T5949: Add option to disable USB autosuspendkhramshinr
2024-06-19op-mode: T5514: Allow safe reboots to config defaults when config.boot is ↵Andrew Topp
deleted * Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances * Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
2024-06-18Merge pull request #3678 from natali-rs1985/T6492-currentChristian Breunig
T6492: Check if all migrators have the executable bit set
2024-06-18Merge pull request #3576 from alainlamar/T6425Christian Breunig
wireless: T6425: Fixing VHT beamforming for 802.11ac
2024-06-18wireless: T6425: adjust to latest country-code changesChristian Breunig
Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide configuration") removed the per wifi interface setting for a country-code. This commit adjust the smoketests to the new design.
2024-06-18wireless: T6425: Add smoketests for VHT beamformingAlain Lamar
2024-06-18wireless: T6425: Fix broken VHT beamformingAlain Lamar
2024-06-18T6492: Check if all migrators have the executable bit setNataliia Solomko
2024-06-17Merge pull request #3652 from c-po/T6489-unionfsChristian Breunig
T6489: Add support for CLI config scripts that change the underlaying working configuration
2024-06-17Merge pull request #3675 from vyos/T6318-wireless-config-testsChristian Breunig
wireless: T6318: add quotes for console speed in config-tests
2024-06-17wireless: T6318: add quotes for console speed in config-testsChristian Breunig
2024-06-17Merge pull request #3657 from c-po/pki-T6241-no-debugChristian Breunig
pki: T6241: remove debug print statement about updated subsystems
2024-06-17Merge pull request #3655 from talmakion/bugfix/T4026Daniil Baturin
pki: T4026: Only emit private keys when available
2024-06-17Merge pull request #3656 from c-po/wireless-regdomainDaniil Baturin
wireless: T6318: move country-code to a system wide configuration
2024-06-16Revert T6494: Update sonarcloud.yml and add more branches for scanning" (#3663)Yuriy Andamasov
2024-06-16Merge pull request #3661 from vyos/update-sonarcloud-settingsYuriy Andamasov
T6494: Update sonarcloud.yml and add more branches for scanning
2024-06-16T6494: Update sonarcloud.yml and add more branches for scanningYuriy Andamasov
2024-06-16Merge pull request #3659 from natali-rs1985/openvpn-fix-smoketestsChristian Breunig
openvpn: T5487: Fix migration smoketests commands
2024-06-16openvpn: T5487: Fix migration smoketests commandsNataliia Solomko
2024-06-16wireless: T6318: move country-code to a system wide configurationChristian Breunig
Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code"
2024-06-16pki: T4026: Only emit private keys when availableAndrew Topp
* install_certificate() code path handles private_key=None & key_passphrase=None OK already * file and console output paths will error trying to encode None as a key * This is only an issue for a couple of the generate_*_sign() functions, where having a null private key is possible * Self-signing and CA creation always generate a private key * Certreqs will generate a private key if not already provided * Do not prompt for a private key passphrase if we aren't giving back a private key
2024-06-15pki: T6241: remove debug print statement about updated subsystemsChristian Breunig
Commit 9f9891a2099 ("pki: T6241: Fix dependency updates on PKI changes") added a print() statement which notified the users about the subsystems which got supplied with an updated certificate. Example: > PKI: Updating config: interfaces openvpn vtun0 tls certificate openvpn_vtun0 > PKI: Updating config: interfaces openvpn vtun0 tls ca_certificate openvpn_vtun0_1 This is an informational message which should maybe (if needed) be sent to syslog. But the main issue is that CLI paths are mangled (- to _) which makes the about print output wrong and could potentially confuse users. Statement has been commented to be re-enabled for debugging.
2024-06-15Merge pull request #3653 from c-po/openvpn-migration-permission-fixChristian Breunig
openvpn: T5487: make migration script executable
2024-06-15openvpn: T5487: make migration script executableChristian Breunig
Migration script introduced in commit 0f669a226 ("openvpn: T5487: Remove eprecated option --cipher for server and client mode") lacked executable permission.
2024-06-15T6489: add abstraction vyos.utils.configfs to work natively with the config ↵Christian Breunig
filesystem
2024-06-15T6489: add abstraction vyos.utils.auth.get_current_user()Christian Breunig