Age | Commit message (Collapse) | Author |
|
In the past whenever a change happened to any interface and it was configured
as a DHCP client, VyOS always had a breif outage as DHCP released the old lease
and re-aquired a new one - bad!
This commit changes the behavior that DHCP client is only restarted if any one
of the possible options one can set for DHCP client under the "dhcp-options"
node is altered.
|
|
files
This commit updates the eapol code so that it writes the full
certificate chains for both the specified CA and the client certificate
to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively.
The full CA chain is necessary for validating the incoming server
certificate when it is signed by an intermediate CA and the
intermediate CA cert is not included in the EAP-TLS ServerHello. In this
scenario, wpa_supplicant needs to have both the intermediate CA and the
root CA in its `ca_file`.
Similarly, the full client certificate chain is needed when the ISP
expects/requires that the client (wpa_supplicant) sends the client cert
+ the intermediate CA (or even + the root CA) as part of the EAP-TLS
ClientHello.
Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
|
|
|
|
|
|
Add smoketest to catch updates to a component version in legacy
curver_DATA that is not present in xml syntaxVersion.
|
|
Add the include files containing the syntaxVersion element defining the
version of the respective component; these files are included by the top
level file 'xml-component-versions.xml.in'. Processing of these elements
was previously added to the python xml lib in commit 40f5359d. This will
replace the use of 'curver_DATA' in vyatta-cfg-system and other legacy
packages.
|
|
VLAN isolation can not be "set" when interface is of type wifi.
|
|
This commit fixes a small typo where the client cert name was being used
to index the CA configuration dict.
Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
firewall: T4218: T4216: Add prefix to user defined chains, support negated groups, fixes
|
|
T4221: add force_to_list Jinja2 filter
|
|
|
|
|
|
|
|
|
|
|
|
entry
|
|
Example syslog: [FWNAME-default-D] ...
* Also clean-up firewall default-action
|
|
|
|
* Add support for ECN and CWR flags
|
|
|
|
|
|
|
|
frr.py debugging is set True if the file '/tmp/vyos.frr.debug' exists;
this check needs to be called within an init function, as frr.py will
have already been loaded by vyos-configd before the /tmp/*.debug files
are created by vyos-router, or by call to 'touch'.
|
|
firewall: policy: T4149: T4155: Fix incorrect table variable, fix handling of deleted base firewall node
|
|
|
|
Following the update to vyos1x-config, commit 64263617, UTF-8 characters
are supported within the config file, hence in the output of showConfig.
|
|
Ability to see interface type "input" ifbX from op-mode
|
|
zone-policy
|
|
firewall: T4130: Fix firewall state-policy errors
|
|
Also fixes:
* Issue with multiple state-policy rules being created on firewall updates
* Prevents interface rules being inserted before state-policy
|
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
|
|
Peer name must not contain dots and colons, otherwise
swanct can't generate correct configuration for swanctl.conf
This is used in connection names and child SA names
Add filter 'dot_colon_to_dash' which replace dots and colons
|
|
Traffic-policy rules are generated by old Perl code
This commit prevents to unexpected override this code by python.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Background information [1]. Specifies whether an external control plane
(e.g. ip route encap/EVPN) or the internal FDB should be used.
[1]: https://legacy.netdevconf.info/2.2/slides/prabhu-linuxbridge-tutorial.pdf
|
|
|
|
Commit ee80d0aebd ("vyos.ifconfig: T2738: do not remove OS assigned IP
addresses from interface") addressed an issue with IP addresses added to
interfaces by daemons and not by the CLI. The solution in this commit for IP
address removal unfortunately did not cover VLAN (802.1q and 802.1ad) IP address
removal in the same way as it is done for non VLAN interfaces. The code was
missing.
(cherry picked from commit 91898b8bd876af6b4d7fae54981e78400f57e008)
|
|
T562: Config syntax for defining DNS forward authoritative zones
|