Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-02-17 | pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM ↵ | Andrew Gunnerson | |
files This commit updates the eapol code so that it writes the full certificate chains for both the specified CA and the client certificate to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively. The full CA chain is necessary for validating the incoming server certificate when it is signed by an intermediate CA and the intermediate CA cert is not included in the EAP-TLS ServerHello. In this scenario, wpa_supplicant needs to have both the intermediate CA and the root CA in its `ca_file`. Similarly, the full client certificate chain is needed when the ISP expects/requires that the client (wpa_supplicant) sends the client cert + the intermediate CA (or even + the root CA) as part of the EAP-TLS ClientHello. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com> | |||
2022-02-17 | vyos.configverify: T4255: fix unexpected print of dictionary instead of key | Christian Poessinger | |
2022-02-16 | xml: T3474: get component version dictionary from xml cache, not legacy | John Estabrook | |
2022-02-16 | xml: T3474: add smoketest to check xml component versions are maintained | John Estabrook | |
Add smoketest to catch updates to a component version in legacy curver_DATA that is not present in xml syntaxVersion. | |||
2022-02-16 | xml: T3474: add component version include files | John Estabrook | |
Add the include files containing the syntaxVersion element defining the version of the respective component; these files are included by the top level file 'xml-component-versions.xml.in'. Processing of these elements was previously added to the python xml lib in commit 40f5359d. This will replace the use of 'curver_DATA' in vyatta-cfg-system and other legacy packages. | |||
2022-02-16 | wireless: T4240: bugfix interface bridging | Christian Poessinger | |
VLAN isolation can not be "set" when interface is of type wifi. | |||
2022-02-14 | pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert name | Andrew Gunnerson | |
This commit fixes a small typo where the client cert name was being used to index the CA configuration dict. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com> | |||
2022-02-13 | ethernet: T4242: speed/duplex can never be switched back to auto/auto | Christian Poessinger | |
2022-02-13 | vyos.util: T4191: add new sysctl() helper function | Christian Poessinger | |
2022-02-08 | configtree: T4235: encapsulate config tree diff function | John Estabrook | |
2022-02-06 | config: T4228: is_member() must return all instances not only the last one | Christian Poessinger | |
2022-02-04 | firewall: T4209: Fix support for rule `recent` matches | sarthurdev | |
2022-02-03 | firewall: T4178: Fix only inverse matching on tcp flags | sarthurdev | |
2022-01-31 | Merge pull request #1199 from sarthurdev/T4218 | Christian Poessinger | |
firewall: T4218: T4216: Add prefix to user defined chains, support negated groups, fixes | |||
2022-01-31 | Merge pull request #1198 from vyos/force_to_list | Christian Poessinger | |
T4221: add force_to_list Jinja2 filter | |||
2022-01-31 | T4221: add force_to_list Jinja2 filter | Daniil Baturin | |
2022-01-29 | firewall: T4216: Add support for negated firewall groups | sarthurdev | |
2022-01-29 | firewall: T4218: Adds a prefix to all user defined chains | sarthurdev | |
2022-01-29 | firewall: T4178: Fix dict_keys issue with tcp flags | sarthurdev | |
2022-01-27 | firewall: T4178: Fix tcp flags output when `not` isn't used | sarthurdev | |
2022-01-26 | pki: T4212: Catch `install_into_config` errors and output for manual command ↵ | sarthurdev | |
entry | |||
2022-01-20 | firewall: T2199: Add log prefix to match legacy perl behaviour | sarthurdev | |
Example syslog: [FWNAME-default-D] ... * Also clean-up firewall default-action | |||
2022-01-18 | firewall: T3560: Add support for MAC address groups | sarthurdev | |
2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
* Add support for ECN and CWR flags | |||
2022-01-14 | firewall: T4178: Use lowercase for TCP flags and add an validator | sarthurdev | |
2022-01-12 | firewall: T4160: Fix support for inverse matches | sarthurdev | |
2022-01-11 | remote: T3950: Gracefully handle chained exceptions | erkin | |
2022-01-10 | frr: T4166: move log debug setting to init function for vyos-configd | John Estabrook | |
frr.py debugging is set True if the file '/tmp/vyos.frr.debug' exists; this check needs to be called within an init function, as frr.py will have already been loaded by vyos-configd before the /tmp/*.debug files are created by vyos-router, or by call to 'touch'. | |||
2022-01-10 | Merge pull request #1151 from sarthurdev/firewall | Christian Poessinger | |
firewall: policy: T4149: T4155: Fix incorrect table variable, fix handling of deleted base firewall node | |||
2022-01-09 | policy: T4155: Fix using incorrect table variable | sarthurdev | |
2022-01-05 | config: T3785: drop restriction to ascii in decode | John Estabrook | |
Following the update to vyos1x-config, commit 64263617, UTF-8 characters are supported within the config file, hence in the output of showConfig. | |||
2022-01-05 | op-mode: T4142: Fix for show input ifbX interfaces | Viacheslav | |
Ability to see interface type "input" ifbX from op-mode | |||
2022-01-05 | firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵ | sarthurdev | |
zone-policy | |||
2022-01-04 | Merge pull request #1130 from sarthurdev/firewall | Christian Poessinger | |
firewall: T4130: Fix firewall state-policy errors | |||
2022-01-04 | firewall: T4130: Fix firewall state-policy errors | sarthurdev | |
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy | |||
2021-12-31 | Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current | Christian Poessinger | |
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python | |||
2021-12-30 | snmp: T4124: migrate to get_config_dict() | Christian Poessinger | |
2021-12-28 | ipsec: T4111: Fix for swanctl configuration IPV6 peers | Viacheslav | |
Peer name must not contain dots and colons, otherwise swanct can't generate correct configuration for swanctl.conf This is used in connection names and child SA names Add filter 'dot_colon_to_dash' which replace dots and colons | |||
2021-12-21 | interface: T4056: Fix unexpected delete tc qdisc | Viacheslav | |
Traffic-policy rules are generated by old Perl code This commit prevents to unexpected override this code by python. | |||
2021-12-19 | vxlan: T3700: add support for Generic Protocol extension (VXLAN-GPE) | Christian Poessinger | |
2021-12-16 | remote: T3356: Remove incomplete HTTP upload progressbar support | erkin | |
2021-12-16 | Merge branch 'vyos:current' into current | Lulu Cathrinus Grimalkin | |
2021-12-16 | Merge branch 'current' of https://github.com/erkin/vyos-1x into current | erkin | |
2021-12-16 | remote: T4037: Report the final URL when following redirects | erkin | |
2021-12-13 | http-api: T4071: allow API to bind to unix domain socket | John Estabrook | |
2021-12-10 | vxlan: T3700: add support for external controlled FDB | Christian Poessinger | |
Background information [1]. Specifies whether an external control plane (e.g. ip route encap/EVPN) or the internal FDB should be used. [1]: https://legacy.netdevconf.info/2.2/slides/prabhu-linuxbridge-tutorial.pdf | |||
2021-12-10 | ConfigError: T4068: automatically wrap message at 72 characters | Christian Poessinger | |
2021-12-09 | vyos.configdict: T4064: bugfix for IP addresses not removed from Kernel | Christian Poessinger | |
Commit ee80d0aebd ("vyos.ifconfig: T2738: do not remove OS assigned IP addresses from interface") addressed an issue with IP addresses added to interfaces by daemons and not by the CLI. The solution in this commit for IP address removal unfortunately did not cover VLAN (802.1q and 802.1ad) IP address removal in the same way as it is done for non VLAN interfaces. The code was missing. (cherry picked from commit 91898b8bd876af6b4d7fae54981e78400f57e008) | |||
2021-12-09 | Merge pull request #1024 from lucasec/dns-authoritative | Christian Poessinger | |
T562: Config syntax for defining DNS forward authoritative zones | |||
2021-12-08 | configquery: T4060: allow use before boot configuration is complete | John Estabrook | |