summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2022-04-06firewall: T4345: Fix incorrect rule limit rate syntaxsarthurdev
2022-04-05dns: forwarding: T3804: bugfix DHCP name-servers used for recursionChristian Poessinger
Commit 2ecf7a9f9c ('name-server: T3804: merge "system name-servers-dhcp" into "system name-server"') missed out an old dictionary key "system_name_server_dhcp" and thus system nameservers configured via DHCP did not get used for the DNS forwar recursor.
2022-04-04login: T4341: busy wait on userdel(8) until the account was deleted successfullyChristian Poessinger
2022-04-04login: T4341: disable user account prior to deletionChristian Poessinger
2022-04-04wwan: T4338: changing interface description should not trigger reconnectChristian Poessinger
Changing the WWAN interface description will trigger an interface reconnect. Reconnects should only be triggered in changes to the connection parameters like bond interfaces.
2022-04-04Merge pull request #1267 from sever-sever/T2580Christian Poessinger
ipoe: T2580: Add pools and gateway options
2022-04-04ipoe: T2580: Add pools and gateway optionsViacheslav Hletenko
Add new feature to allow to use named pools Can be used also with Radius attribute 'Framed-Pool' set service ipoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service ipoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2022-04-03isis: T3156: add segment routing local-block for ISISChristian Poessinger
2022-04-02wwan: T4324: properly start/stop ModemManager and cron helper on interface ↵Christian Poessinger
add/removal
2022-04-01bgp: T4332: addpath-tx-per-as requires BGP deterministic-med paramtere to be setChristian Poessinger
2022-03-30vrf: T4319: do not add IPv6 localhost address if IPv6 is disabledChristian Poessinger
2022-03-28Revert "openvpn: T4230: globally enable ip_nonlocal_bind"Daniil Baturin
This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c.
2022-03-27graphql: T3993: add unsettable gql option; this is not exposed by CLIJohn Estabrook
2022-03-26bgp: T4321: check neighbor IP addresses against VRF contextChristian Poessinger
2022-03-25mpls: T915: use vyos.util.sysctl_write() helper functionChristian Poessinger
2022-03-25vyos.util: T4319: rename sysctl() -> sysctl_write()Christian Poessinger
2022-03-25system: T4319: align ipv6 settings with ipv4 by using get_config_dict()Christian Poessinger
2022-03-24Merge pull request #1248 from sever-sever/T4290Christian Poessinger
bgp: T4290: Add verify source-interface for none ip neighbor
2022-03-24openvpn: T4294: force service restart on openvpn-option node changeChristian Poessinger
2022-03-21qos: T4284: initial XML interface definitions for rewriteChristian Poessinger
2022-03-21mirror: T3089: add verify_mirror() also for bond and bridge interfacesChristian Poessinger
2022-03-18OSPF : T4304: add check access-list is definedfett0
2022-03-15bonding: T4301: Fixed arp-monitor optionzsdc
In verify function for arp-monitor option was used by mistake an extra conversion for incoming data before comparing items. This commit removed these unnecessary conversions and makes the option operable.
2022-03-13bgp: T4290: Add verify source-interface for none ip neighborViacheslav Hletenko
When we use neighbor as interface we must not use option 'source-interface' for example: neighbor eth0 source-interface eth0 Such option can be used for IP/IPv6 neighbors
2022-03-07logrotate: T4250: Fixed logrotate config generationzsdc
* Removed `/var/log/auth.log` and `/var/log/messages` from `/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled items what leads to service error. * Removed generation config file for `/var/log/messages` from `system-syslog.py` - this should be done from `syslom logs` now. * Generate each logfile from `system syslog file` to a dedicated logrotate config file. * Fixed logrotate config file names in `/etc/rsyslog.d/vyos-rsyslog.conf`. * Added default logrotate settins for `/var/log/messages`
2022-03-03static: T4283: support "reject" routes - emit an ICMP unreachable when matchedChristian Poessinger
2022-03-01flow-accounting: T4277: support sending flow-data via VRF interfaceChristian Poessinger
It should be possible to send the gathered data via a VRF bound interface to the collector. This is somehow related to T3981 but it's the opposite side of the netflow process. set system flow-accounting vrf <name>
2022-02-26lldp: T4272: migrate to get_config_dict()Christian Poessinger
2022-02-25zone-policy: T2199: bugfix defaultValue usageChristian Poessinger
Instead of hardcoding the default behavior inside the Jinaj2 template, all defaults are required to be specified inside teh XML definition. This is required to automatically render the appropriate CLI tab completion commands.
2022-02-23tunnel: T4267: "parameters ip key" on GRE not required for different remotesChristian Poessinger
2022-02-22vxlan: T4264: interface is destroyed and rebuild on description changeChristian Poessinger
When changing "general" parameters like: - interface IP address - MTU - description the interface is destroyed and recreated ... this should not happen!
2022-02-21vxlan: T4120: code cleanup for multiple remotesChristian Poessinger
2022-02-20bridge: remove unreferenced import -> leaf_node_changedChristian Poessinger
2022-02-20vxlan: T4120: add ability to set multiple remotes (PR #1127)Andreas
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command.
2022-02-19containers: T4249: Allow to connect host device to the containerViacheslav Hletenko
Ability to attach host devices to the container It can be disk, USB device or any device from the directory /dev set container name alp01 device disk source '/dev/vdb1' set container name alp01 device disk destination '/dev/mydisk'
2022-02-17pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM ↵Andrew Gunnerson
files This commit updates the eapol code so that it writes the full certificate chains for both the specified CA and the client certificate to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively. The full CA chain is necessary for validating the incoming server certificate when it is signed by an intermediate CA and the intermediate CA cert is not included in the EAP-TLS ServerHello. In this scenario, wpa_supplicant needs to have both the intermediate CA and the root CA in its `ca_file`. Similarly, the full client certificate chain is needed when the ISP expects/requires that the client (wpa_supplicant) sends the client cert + the intermediate CA (or even + the root CA) as part of the EAP-TLS ClientHello. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-17openvpn: T4230: globally enable ip_nonlocal_bindChristian Poessinger
2022-02-17Merge pull request #1211 from sever-sever/T4230-curChristian Poessinger
openvpn: T4230: Delete checks if local-host address assigned
2022-02-15conntrack-sync: T4237: Fix checks for listen-address list to strViacheslav Hletenko
Verify section conntrack_sync.py funciton 'is_addr_assigned' should checks address as string not as list (cherry picked from commit c41c51e4ed7ceb293161014a73bdd350162c3300)
2022-02-14pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert nameAndrew Gunnerson
This commit fixes a small typo where the client cert name was being used to index the CA configuration dict. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-14tunnel: T4154: import cleanupChristian Poessinger
2022-02-14tunnel: T4154: verify() no more then one GRE tunnel is used w/o "ip key" per ↵Christian Poessinger
interface It is impossible for the OS kernel to distinguish multiple GRE tunnels when no "gre key" is configured when sourcing tunnels from the same interface.
2022-02-13vrf: T4191: bugfix for "ip rule" when VRFs are createdChristian Poessinger
We always mangled and worked on the "ip rule" singleton even when nothing needed to be changed. This resulted in a VRF hickup when the same VRF was added and removed multiple times. set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit delete interfaces ethernet eth1 vrf delete vrf commit set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit broke reachability on eth1 - a reboot was required. This change will now only alter the ip rule tables once when VRF instances are created for the first time and will not touch the Kernel "ip rule" representation afterwards.
2022-02-12policy: T2199: bugfix verify_rule() on negated groupsChristian Poessinger
Related to #1215
2022-02-09openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template
2022-02-09openvpn: T4230: Delete checks if local-host address assignedViacheslav Hletenko
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address
2022-02-05Merge pull request #1206 from sarthurdev/T4209Christian Poessinger
firewall: T4209: Fix support for rule `recent` matches
2022-02-04policy: T4151: Delete unexpected print added in commit c501ae0fViacheslav Hletenko
2022-02-04firewall: T4209: Fix support for rule `recent` matchessarthurdev
2022-01-31upnpd: T3420: code cleanupChristian Poessinger