summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-08-25T3546: PPPoE-server add extended scripts for RADIUS attributesViacheslav Hletenko
Ability to get and parse RADIUS attributes via a shell script and then execute commands Ane of the usecases is to create a custom shaper with some smart Extended scripts receive from PPPoE daemon the following variables: $1 - Interface name $4 - Tunnel GW IP address $5 - Delegated IP address to the client $6 - Calling Station ID (MAC) if [ -f /run/accel-pppd/radattr.$1 ]; then true fi
2023-08-24Merge pull request #2167 from jestabro/eq-T5006Christian Breunig
http-api: T5006: add explicit async to retrieve operation
2023-08-24http-api: T5006: add explicit async to retrieve operationJohn Estabrook
2023-08-24T5506: Add link-local IPv6 address for container interfacesViacheslav Hletenko
Fix for adding IPv6 link-local address for container interfaces set container network NET01 prefix '10.0.0.0/24' set container network NET01 prefix '2001:db8:2222::/64' % ip -6 addr show scope link dev pod-NET01 17: pod-NET01: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 inet6 fe80::d89c:dfff:fe1a:8689/64 scope link
2023-08-19Merge pull request #2158 from c-po/t5470-wifi-equuleusViacheslav Hletenko
wifi: T5470: improve error message
2023-08-19wifi: T5470: improve error messageChristian Breunig
(cherry picked from commit ffb798b4678f3b1bd0a40cc42b1f0477470346dc)
2023-08-17Merge pull request #2154 from sever-sever/T5486Christian Breunig
T5486: smoketest: adjust to new process_named_running() implementation
2023-08-17Merge pull request #2153 from sever-sever/T5223Daniil Baturin
T5223: Fix removing key id for GRE tunnel
2023-08-17T5486: smoketest: adjust to new process_named_running() implementationViacheslav Hletenko
After commit 9c677c8 ("vyos.util: extend process_named_running() signature with cmdline") we need an exact match for the process name. In the past we used a in b and now we test for a == b. Process name doesn't march 'ddclient' psutil.Process(pid=10987, name='ddclient - sleeping for 20 seconds', started='13:12:47' It cause smoketest fail
2023-08-17T5223: Fix removing key id for GRE tunnelViacheslav Hletenko
Fix for removing key id from GRE tunnel Before fix: del interfaces tunnel tun10 parameters ip key commit sudo ip tunnel show tun10 tun10: gre/ip remote 203.0.113.254 local 192.168.122.11 ttl 64 tos inherit key 1234 After the fix: sudo ip tunnel show tun10 tun10: gre/ip remote 203.0.113.254 local 192.168.122.11 ttl 64 tos inherit
2023-08-12Merge pull request #2127 from sever-sever/T2298-eqChristian Breunig
T2298: vyos.util: extend process_named_running() signature with cmdline
2023-08-10Merge pull request #2126 from sever-sever/T5329-eqChristian Breunig
T5329 : priority: tunnel config is committed before wireguard
2023-08-01vyos.util: extend process_named_running() signature with cmdlineChristian Breunig
process_named_running() was introduced in commit 16b2fc8fc4ca ("dns-forwarding: T2298: fix path to control file") and thus remained more or less unchanged. Smoketests use process_named_running() heavily and might spawn multiple processes with the same name but ifferent options (e.g. dhcp6c or dhclient) and it was yet not possible to properly filter on the "real-deal" like the process bound to a given interface. One can now optionally specify a string that is searched inside the command line argument list of the process. Example: >>> process_named_running('dhcp6c', 'veth0') ['/usr/sbin/dhcp6c', '-D', '-k', '/run/dhcp6c/dhcp6c.veth0.sock', '-c', '/run/dhcp6c/dhcp6c.veth0.conf', '-p', '/run/dhcp6c/dhcp6c.veth0.pid', 'veth0'] 4215 >>> process_named_running('dhcp6c', 'veth1') ['/usr/sbin/dhcp6c', '-D', '-k', '/run/dhcp6c/dhcp6c.veth1.sock', '-c', '/run/dhcp6c/dhcp6c.veth1.conf', '-p', '/run/dhcp6c/dhcp6c.veth1.pid', 'veth1'] 4253 Where the debug list returned is the commandline searched. (cherry picked from commit 9c677c81be6a6e62958c73b038c2a36f1f629108)
2023-08-01T5329 : priority: tunnel config is committed before wireguardsrividya0208
(cherry picked from commit 3d5aba0775ff0d858d6c75d6aa37183be73c15aa)
2023-07-31Merge pull request #2097 from aapostoliuk/T4790-equuleusChristian Breunig
login: T4790: Added check of the sum of radius timeouts
2023-07-27Merge pull request #2115 from sever-sever/T5258-eqDaniil Baturin
T5258: git Actions use ubuntu-22.04 for PR conflicts checker
2023-07-27T5258: git Actions use ubuntu-22.04 for PR conflicts checkerViacheslav Hletenko
git Actions use ubuntu-22.04 instead of deprecated ubuntu-18.04 for PR conflicts checker https://github.com/actions/runner-images/issues/6002
2023-07-25login: T4790: Added check of the sum of radius timeoutsaapostoliuk
Added check of the sum of login radius timeouts. It has to be less or eq 50 sec. Added check of a number of login radius servers. It has to be less or eq 8 Otherwise, log in to the device can be discarded. Backported from 1.4
2023-07-22Merge pull request #2101 from sever-sever/T5354Christian Breunig
sshguard: T5354: Add service ssh dynamic-protection
2023-07-22Merge pull request #2106 from zdc/T4412-equuleusDaniil Baturin
remote: T4412: fixed upload via SSH
2023-07-21remote: T4412: fixed upload via SSHzsdc
- added timeout to socket creating - added skipping SSH fingerprint check with a negative result if a console is not interactive - replaced tracebacks with human-readable error messages - suppressed warnings from `cryptography` used by `paramiko`
2023-07-19sshguard: T5354: Add service ssh dynamic-protectionViacheslav Hletenko
Sshguard protects hosts from brute-force attacks It can inspect logs and block "bad" addresses by threshold Auto-generates own tables and rules for nftables, so they are not intercept with VyOS firewall rules. When service stops, all generated tables are deleted. set service ssh dynamic-protection set service ssh dynamic-protection allow-from '192.0.2.1' set service ssh dynamic-protection block-time '120' set service ssh dynamic-protection detect-time '1800' set service ssh dynamic-protection threshold '30'
2023-06-30Merge pull request #2057 from c-po/t5313-backportChristian Breunig
bcast-relay: T5313: verify() relay interfaces have IPv4 address configured
2023-06-30bcast-relay: T5313: capitalize UDP protocol nameChristian Breunig
(cherry picked from commit a409b255acc3dc0a67058593e31b3614e20714f0)
2023-06-27Merge pull request #2058 from c-po/vrrp-t5315-backportChristian Breunig
vrrp: T5315: add support to explicitly specify version (backport)
2023-06-26vrrp: T5315: fix completion helperChristian Breunig
(cherry picked from commit 90c0c2c4c81cdbf2ec3f928499f3e1719bfd6f9a)
2023-06-26vrrp: T5315: add support to explicitly specify versionChristian Breunig
set high-availability vrrp group <name> version 2|3 (cherry picked from commit 6ca308182a7891e600a2e8749f7b12b566005576)
2023-06-25bcast-relay: T5313: verify() relay interfaces have IPv4 address configuredChristian Breunig
(cherry picked from commit ca7c063666c038d104082542f04ead6062e79246)
2023-06-24Merge pull request #2019 from c-po/t5240-backport-radvdChristian Breunig
router-advert: T5240: verify() that no more then 3 IPv6 name-servers configured
2023-05-28router-advert: T5240: verify() that no more then 3 IPv6 name-servers configuredChristian Breunig
This is a radvd limitation. (cherry picked from commit 8ef017a3496467433c311af63116af7657c58037)
2023-05-12Merge pull request #2001 from c-po/t2769-syslog-vrf-backport1.3.3Viacheslav Hletenko
syslog: T2769: add VRF support (backport)
2023-05-11syslog: T2769: add VRF supportChristian Breunig
Allow syslog messages to be sent through a VRF (e.g. management). (cherry picked from commit 46d2bcdb0b500b4d1b9d973ab5b9ca3c6cf44e51)
2023-05-10Merge pull request #1979 from zdc/T5190-equuleusChristian Breunig
cloud-init: T5190: Added Cloud-init pre-configurator
2023-05-06Merge pull request #1981 from c-po/equuleusChristian Breunig
vyos.ifconfig: T2104: support adding and removing VLANs in one call.
2023-05-05container: T5082: future proof bridge network nameChristian Breunig
Users might add the podman network interface to a zone based firewall. This could cuase breaking configs on upgrades to 1.4. As container support is not yet released for 1.3 LTS version (will be 1.3.3), we once rename the network interface to match the schema in VyOS 1.4.
2023-05-05vyos.ifconfig: T2104: support adding and removing VLANs in one call.Christian Breunig
VLANIf('eth0.10').remove() will create and remove the VLAN in one command. Thus one can ensure when calling remove() on a VLAN it will always succeed. (cherry picked from commit 7700da10b8d1d1b3d0db914ab48aebf8ff536da1)
2023-05-04cloud-init: T5190: Added Cloud-init pre-configuratorzsdc
Added a new service that starts before Cloud-init, waits for all network interfaces initialization, and if requested by config, checks which interfaces can get configuration via DHCP server and creates a corresponding Cloud-init network configuration. This protects from two situations: * when Cloud-init tries to get meta-data via eth0 (default and fallback variant for any data source which depends on network), but the real network is connected to another interface * when Cloud-init starts simultaneously with udev and initializes the first interface to get meta-data before it is renamed to eth0 by udev
2023-04-27Merge pull request #1969 from jestabro/eq-multipart-parserDaniil Baturin
http-api: T5175: check value of attribute for FastAPI>=0.91.0
2023-04-23http-api: T5175: check value of attribute for FastAPI>=0.91.0John Estabrook
FastAPI v0.92.0 (starlette v0.24.0) sets default attribute Request._form; check for value == None instead of existence when overriding Request class. (cherry picked from commit cac55a066e1f7d7d4c0eec5ada76570a326b5ac9)
2023-04-13Merge pull request #1952 from sever-sever/T4727Christian Breunig
T4727: Add RADIUS rate-limit attribute for vpn pptp
2023-04-13Merge pull request #1954 from sever-sever/T5152-eqChristian Breunig
T5152: Get default hostname for telegraf from FQDN or hostname
2023-04-13Merge pull request #1951 from fett0/T4939Daniil Baturin
T4939: backport VRRP startup delay
2023-04-12T5152: Get default hostname for telegraf from FQDN or hostnameViacheslav Hletenko
Fix for Telegraf agent hostname isn't qualified Try to get the hostname from FQDN and then from the hostname Used for metrics You may have more than one machine with different domain names r1 domain-name foo.local, hostname myhost r2 domain-name bar.local, hostname myhost It helps to detect from which exactly host we get metrics for InfluxDB2
2023-04-12 T4939: fixed template VRRP startup delayfett0
2023-04-11T4727: Add RADIUS rate-limit attribute for vpn pptpViacheslav Hletenko
Add rate-limit attribute, multiplier, vendor specific attribute for the [shaper] section
2023-04-11 T4939: backport VRRP startup delayfett0
2023-04-05Merge pull request #1928 from c-po/t4959-backportChristian Breunig
T4959: Add container registry authentication config for containers (backport)
2023-04-01container: T4959: add registry authentication optionChristian Breunig
Container registry CLI node changed from leafNode to tagNode with the same defaults. In addition we can now configure an authentication option per registry. (cherry picked from commit fe82d86d3e87cb8d92ebc9d0652c08e3dd79a12c)
2023-04-01schema: T5079: extension to support defaultValues on tagNodesChristian Breunig
(cherry picked from commit b4af532dd531c23bc1ad84cca290916be55357bf)
2023-04-01Merge pull request #1919 from c-po/equuleusChristian Breunig
container: T5047: restart only containers that changed (backport)