| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-10-07 | Merge branch 'current' into 2fa | Kim | |
| 2021-10-07 | openvpn: T3642: Fix password_protected check | Nicolas Riebesel | |
| 2021-10-07 | openvpn: T3805: fix bool logic in verify_pki() for client mode | Christian Poessinger | |
| Add support for OpenVPN client mode with only the CA certificate of the server installed. | |||
| 2021-10-07 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
| 2021-10-07 | openvpn: T3805: use vyos.util.makedir() to create system directories | Christian Poessinger | |
| 2021-10-07 | openvpn: T3805: use vyos.util.write_file() to store certificates | Christian Poessinger | |
| 2021-10-07 | pull request fixes | Kim Hagen | |
| 2021-10-02 | dns: forwarding: T3882: remove deprecated code to work with PowerDNS 4.5 | Christian Poessinger | |
| (cherry picked from commit 8e6c48563d1612916bd7fcc665d70bfa77ec5667) | |||
| 2021-09-27 | nat66: T3863: ndppd requires interfaces to be present | Christian Poessinger | |
| 2021-09-27 | frr: T2175: rename daemon Jinja2 templates to match (d)aemon suffix | Christian Poessinger | |
| 2021-09-23 | openvpn: T3642: Fix password_protected check | Nicolas Riebesel | |
| 2021-09-22 | vrrp: keepalived: T3847: enable no_tag_node_value_mangle for get_config_dict() | Christian Poessinger | |
| Commit 761631d6 ("vrrp: keepalived: T3847: migrate to get_config_dict()") switched to the new python function get_config_dict(), when we deal with tag nodes that can contain a hyphen, we should also set no_tag_node_value_mangle in order to preserve it. This caused a dict lookup error as the hyphens in the test scripts got replaced by an _. | |||
| 2021-09-21 | vrrp: keepalived: T3847: migrate/streamline CLI options | Christian Poessinger | |
| Rename virtual-address -> address as we always talk about an IP address. | |||
| 2021-09-21 | vrrp: keepalived: T3847: remove "transition-script mode-force" option | Christian Poessinger | |
| 2021-09-21 | vrrp: keepalived: T3847: migrate to get_config_dict() | Christian Poessinger | |
| 2021-09-21 | vrrp: keepalived: T616: move configuration to volatile /run directory | Christian Poessinger | |
| Move keepalived configuration from /etc/keepalived to /run/keepalived. | |||
| 2021-09-21 | vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks feature | Christian Poessinger | |
| This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file. | |||
| 2021-09-19 | dhcp-server: T3672: re-add missing "name" CLI option | Christian Poessinger | |
| This option is mandatory and must be user configurable as it needs to match on both sides. | |||
| 2021-09-19 | dhcp-server: T3672: only one failover peer is supported | Christian Poessinger | |
| 2021-09-18 | container: T2216: add IPv6 support to container networks | Christian Poessinger | |
| 2021-09-18 | dhcp-server: T1968: allow multiple static-routes to be configured | Christian Poessinger | |
| vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } } | |||
| 2021-09-15 | ipsec: T3830: "authentication id|use-x509-id" are mutually exclusive | Christian Poessinger | |
| Manually set peer id and use-x509-id are mutually exclusive! | |||
| 2021-09-10 | Merge pull request #1000 from sever-sever/T3810 | Christian Poessinger | |
| squid: squidguard: T3810: Fix template for sourcre-group and rule | |||
| 2021-09-10 | squidguard: T3810: Set DB directory rigths 755 | Viacheslav | |
| 2021-09-10 | ethernet: T3802: use only one implementation for get_driver_name() | Christian Poessinger | |
| Move the two implementations to get the driver name of a NIC from ethernet.py and ethtool.py to only ethtool.py. (cherry picked from commit 07840977834816b69fa3b366817d90f44b5dc7a7) | |||
| 2021-09-09 | policy: T3812: FRR bgpd also knows about route-maps because of rpki | Christian Poessinger | |
| In order to alter rpki configuration we must also process the route-map nodes with/for bgpd. | |||
| 2021-09-08 | openvpn: T3805: fix bool logic in verify_pki() for client mode | Christian Poessinger | |
| Add support for OpenVPN client mode with only the CA certificate of the server installed. | |||
| 2021-09-08 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
| 2021-09-08 | openvpn: T3805: use vyos.util.makedir() to create system directories | Christian Poessinger | |
| 2021-09-08 | openvpn: T3805: use vyos.util.write_file() to store certificates | Christian Poessinger | |
| 2021-09-06 | pki: eapol: T3642: only add "pki" key to interface dict if pki is configured | Christian Poessinger | |
| 2021-09-06 | pki: eapol: T3642: use write_file() to store certificates | Christian Poessinger | |
| 2021-09-06 | ifconfig: T3806: "ipv6 address no_default_link_local" required for MTU < 1280 | Christian Poessinger | |
| This commit also extends the smoketest to verify that the exception for this error is raised. | |||
| 2021-09-06 | pki: T3642: verify() that we can not delete certificates still referenced in CLI | Christian Poessinger | |
| 2021-09-05 | name-server: T3804: merge "system name-servers-dhcp" into "system name-server" | Christian Poessinger | |
| We have "set system name-server <ipv4|ipv6>" to specify a name-server IP address we wan't to use. We also have "set system name-servers-dhcp <interface>" which does the same, but the name-server in question is retrieved via DHCP. Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>" to keep things as they are in real life - we need a name-server. (cherry picked from commit 2ecf7a9f9cbe9359457bd23b4a0c45f3763123c7) | |||
| 2021-09-04 | bgp: T3798: "replace-as" option can only be used when "no-prepend" is defined | Christian Poessinger | |
| Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as") added support for a new CLI option when the local-as is changed for a specified neighbor or peer-group. There was an error in the CLI / design as the "replace-as" option can only be used when "no-prepend" is defined. Thus "no-prepend" became a <node> and the new "replace-as" leafNode is now a child of "no-prepend". | |||
| 2021-09-03 | login: T971 allow quoting in public-keys options | Paul Lettington | |
| This patch allows the use of `"` in ssh public-key options which unlocks the ability to set the `from` option in a way that sshd will accept to limit what hosts a user can connect from. | |||
| 2021-09-03 | bgp: T3798: add support for neighbor local-as <n> replace-as | Christian Poessinger | |
| 2021-09-03 | fix file location and use correct variable | Kim Hagen | |
| 2021-09-02 | tunnel: T3788: Add check keys for ipip and sit | Viacheslav | |
| Keys are not allowed with ipip and sit tunnels | |||
| 2021-09-02 | remove secrets file if the tunnel is deleted and fix opmode commands | Kim Hagen | |
| 2021-09-02 | login: T3792: bugfix for usernames containing a hyphen | Christian Poessinger | |
| While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius: T3192: migrate to get_config_dict()") the user-name was not excluded from mangling (no_tag_node_value_mangle=True). This resulted in a username "vyos-user" from CLI to be actually created as "vyos_user" on the system. This commit also adds respective Smoketests to prevent this in the future. | |||
| 2021-09-02 | login: radius: T3192: drop workaround required by get_config_dict() | Christian Poessinger | |
| The workaround is no longer required, as the issue was resolved in get_config_dict() so if it is a <multi/> node, a list is always returned. | |||
| 2021-09-02 | update 2fa qr generation and user creation procedure | Kim Hagen | |
| 2021-09-01 | Merge pull request #986 from sever-sever/T2920 | Christian Poessinger | |
| tunnel: T2920: Add checks tun with same source addr and keys | |||
| 2021-09-01 | more 2fa changes | Kim Hagen | |
| 2021-09-01 | tunnel: T2920: Add checks tun with same source addr and keys | Viacheslav | |
| 2 tunnels with the same local-address should has different keys Check existing tunnels (source-address key) with new tunnel. | |||
| 2021-08-31 | vyos.ethtool: T3163: purify code to read and change flow-control settings | Christian Poessinger | |
| It makes no sense to have a parser for the ethtool values in ethtool.py and ethernet.py - one instance ios more then enough! | |||
| 2021-08-31 | ethernet: T3163: only change ring-buffer settings if required | Christian Poessinger | |
| Only update the RX/TX ring-buffer settings if they are different from the ones currently programmed to the hardware. There is no need to write the same value to the hardware again - this could cause traffic disruption on some NICs. | |||
| 2021-08-31 | ethernet: T2241: check if interface supports changing speed/duplex settings | Christian Poessinger | |
| Not all interface drivers have the ability to change the speed and duplex settings. Known drivers with this limitation are vmxnet3, virtio_net and xen_netfront. If this driver is detected, an error will be presented to the user. | |||
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) |
| summaryrefslogtreecommitdiff |