summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2021-10-21ddclient: T3897: bugfix smoketestChristian Poessinger
2021-10-21Merge pull request #1036 from sever-sever/T3610Christian Poessinger
dhcp-server: T3610: Allow configuration for non-primary ip address
2021-10-21dhcp-server: T3610: Allow configuration for non-primary ip addressViacheslav
2021-10-21dhcp: T3626: Prevent to disable only one configured networkViacheslav
2021-10-20mdns: T3917: move avahi configuration file to /runChristian Poessinger
2021-10-20tunnel: T3921: bugfix KeyError for source-addressChristian Poessinger
(cherry picked from commit 1312068cb9743dd4d16edd37dbed9c142724997e)
2021-10-20dhcpv6-server: T3918: Fix subnets verify raise ConfigErrorViacheslav
2021-10-20Merge pull request #1030 from sarthurdev/mdns-avahiChristian Poessinger
mdns: T3917: Change to avahi-daemon for IPv4 + IPv6 mDNS repeater
2021-10-19mdns: T3917: Change to avahi-daemon for IPv4 + IPv6 mDNS repeatersarthurdev
2021-10-18Merge pull request #1022 from sever-sever/T3897Christian Poessinger
ddclient: T3897: Add option for IPv6 Dynamic DNS
2021-10-18ddclient: T3897: Add option for IPv6 Dynamic DNSViacheslav
2021-10-16l2tp: T3724: allow setting accel-ppp l2tp host-nameMarek Isalski
2021-10-15containers: T3676: Allow to set capabilitiesViacheslav
2021-10-11vyos.configdict: T2653: do not merge in defaults when interface is deletedChristian Poessinger
It makes less to zero sense to blend in the default values of an interface when it is about to be deleted from the system anyways - this makes the entire dict just cleaner and easier to debug.
2021-10-08tunnel: T3893: harden logic when validating tunnel parametersChristian Poessinger
Different types of tunnels have different keys set in get_interface_config(). Thus it should be properly verified (by e.g. using dict_search()) that the key in question esits to not raise KeyError.
2021-10-02dns: forwarding: T3882: remove deprecated code to work with PowerDNS 4.5Christian Poessinger
(cherry picked from commit 8e6c48563d1612916bd7fcc665d70bfa77ec5667)
2021-09-27nat66: T3863: ndppd requires interfaces to be presentChristian Poessinger
2021-09-27frr: T2175: rename daemon Jinja2 templates to match (d)aemon suffixChristian Poessinger
2021-09-23openvpn: T3642: Fix password_protected checkNicolas Riebesel
2021-09-22vrrp: keepalived: T3847: enable no_tag_node_value_mangle for get_config_dict()Christian Poessinger
Commit 761631d6 ("vrrp: keepalived: T3847: migrate to get_config_dict()") switched to the new python function get_config_dict(), when we deal with tag nodes that can contain a hyphen, we should also set no_tag_node_value_mangle in order to preserve it. This caused a dict lookup error as the hyphens in the test scripts got replaced by an _.
2021-09-21vrrp: keepalived: T3847: migrate/streamline CLI optionsChristian Poessinger
Rename virtual-address -> address as we always talk about an IP address.
2021-09-21vrrp: keepalived: T3847: remove "transition-script mode-force" optionChristian Poessinger
2021-09-21vrrp: keepalived: T3847: migrate to get_config_dict()Christian Poessinger
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived.
2021-09-21vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks featureChristian Poessinger
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file.
2021-09-19dhcp-server: T3672: re-add missing "name" CLI optionChristian Poessinger
This option is mandatory and must be user configurable as it needs to match on both sides.
2021-09-19dhcp-server: T3672: only one failover peer is supportedChristian Poessinger
2021-09-18container: T2216: add IPv6 support to container networksChristian Poessinger
2021-09-18dhcp-server: T1968: allow multiple static-routes to be configuredChristian Poessinger
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } }
2021-09-15ipsec: T3830: "authentication id|use-x509-id" are mutually exclusiveChristian Poessinger
Manually set peer id and use-x509-id are mutually exclusive!
2021-09-10Merge pull request #1000 from sever-sever/T3810Christian Poessinger
squid: squidguard: T3810: Fix template for sourcre-group and rule
2021-09-10squidguard: T3810: Set DB directory rigths 755Viacheslav
2021-09-10ethernet: T3802: use only one implementation for get_driver_name()Christian Poessinger
Move the two implementations to get the driver name of a NIC from ethernet.py and ethtool.py to only ethtool.py. (cherry picked from commit 07840977834816b69fa3b366817d90f44b5dc7a7)
2021-09-09policy: T3812: FRR bgpd also knows about route-maps because of rpkiChristian Poessinger
In order to alter rpki configuration we must also process the route-map nodes with/for bgpd.
2021-09-08openvpn: T3805: fix bool logic in verify_pki() for client modeChristian Poessinger
Add support for OpenVPN client mode with only the CA certificate of the server installed.
2021-09-08openvpn: T3805: drop privileges using systemd - required for rtnetlinkChristian Poessinger
2021-09-08openvpn: T3805: use vyos.util.makedir() to create system directoriesChristian Poessinger
2021-09-08openvpn: T3805: use vyos.util.write_file() to store certificatesChristian Poessinger
2021-09-06pki: eapol: T3642: only add "pki" key to interface dict if pki is configuredChristian Poessinger
2021-09-06pki: eapol: T3642: use write_file() to store certificatesChristian Poessinger
2021-09-06ifconfig: T3806: "ipv6 address no_default_link_local" required for MTU < 1280Christian Poessinger
This commit also extends the smoketest to verify that the exception for this error is raised.
2021-09-06pki: T3642: verify() that we can not delete certificates still referenced in CLIChristian Poessinger
2021-09-05name-server: T3804: merge "system name-servers-dhcp" into "system name-server"Christian Poessinger
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP address we wan't to use. We also have "set system name-servers-dhcp <interface>" which does the same, but the name-server in question is retrieved via DHCP. Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>" to keep things as they are in real life - we need a name-server. (cherry picked from commit 2ecf7a9f9cbe9359457bd23b4a0c45f3763123c7)
2021-09-04bgp: T3798: "replace-as" option can only be used when "no-prepend" is definedChristian Poessinger
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as") added support for a new CLI option when the local-as is changed for a specified neighbor or peer-group. There was an error in the CLI / design as the "replace-as" option can only be used when "no-prepend" is defined. Thus "no-prepend" became a <node> and the new "replace-as" leafNode is now a child of "no-prepend".
2021-09-03login: T971 allow quoting in public-keys optionsPaul Lettington
This patch allows the use of `&quot;` in ssh public-key options which unlocks the ability to set the `from` option in a way that sshd will accept to limit what hosts a user can connect from.
2021-09-03bgp: T3798: add support for neighbor local-as <n> replace-asChristian Poessinger
2021-09-02tunnel: T3788: Add check keys for ipip and sitViacheslav
Keys are not allowed with ipip and sit tunnels
2021-09-02login: T3792: bugfix for usernames containing a hyphenChristian Poessinger
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius: T3192: migrate to get_config_dict()") the user-name was not excluded from mangling (no_tag_node_value_mangle=True). This resulted in a username "vyos-user" from CLI to be actually created as "vyos_user" on the system. This commit also adds respective Smoketests to prevent this in the future.
2021-09-02login: radius: T3192: drop workaround required by get_config_dict()Christian Poessinger
The workaround is no longer required, as the issue was resolved in get_config_dict() so if it is a <multi/> node, a list is always returned.
2021-09-01Merge pull request #986 from sever-sever/T2920Christian Poessinger
tunnel: T2920: Add checks tun with same source addr and keys