Age | Commit message (Collapse) | Author |
|
|
|
It makes less to zero sense to blend in the default values of an interface when
it is about to be deleted from the system anyways - this makes the entire dict
just cleaner and easier to debug.
|
|
|
|
|
|
Different types of tunnels have different keys set in get_interface_config().
Thus it should be properly verified (by e.g. using dict_search()) that the key
in question esits to not raise KeyError.
|
|
|
|
|
|
Add support for OpenVPN client mode with only the CA certificate of the server
installed.
|
|
|
|
|
|
|
|
|
|
Custom OpenVPN options moved back to the command line from a
configuration file. This should keep full compatibility with the
`crux` branch, and allows to avoid mistakes with parsing options
that contain `--` in the middle.
The only smart part of this - handling a `push` option. Because
of internal changes in OpenVPN, previously it did not require an
argument in the double-quotes, but after version update in
`equuleus` and `sagitta` old syntax became invalid. So, all the
`push` options are processed to add quotes. The solution is still
not complete, because if a single config line contains `push` with
other options, it will not work, but it is better than nothing.
|
|
(cherry picked from commit 8e6c48563d1612916bd7fcc665d70bfa77ec5667)
|
|
|
|
|
|
|
|
Commit 761631d6 ("vrrp: keepalived: T3847: migrate to get_config_dict()")
switched to the new python function get_config_dict(), when we deal with
tag nodes that can contain a hyphen, we should also set no_tag_node_value_mangle
in order to preserve it.
This caused a dict lookup error as the hyphens in the test scripts got replaced
by an _.
|
|
Rename virtual-address -> address as we always talk about an IP address.
|
|
|
|
|
|
Move keepalived configuration from /etc/keepalived to /run/keepalived.
|
|
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable
Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside
the keepalived configuration file.
|
|
This option is mandatory and must be user configurable as it needs to match
on both sides.
|
|
|
|
|
|
vyos@vyos# show service dhcp-server
shared-network-name LAN {
subnet 10.0.0.0/24 {
default-router 10.0.0.1
dns-server 194.145.150.1
lease 88
range 0 {
start 10.0.0.100
stop 10.0.0.200
}
static-route 192.168.10.0/24 {
next-hop 10.0.0.2
}
static-route 192.168.20.0/24 {
router 10.0.0.2
}
}
}
|
|
Manually set peer id and use-x509-id are mutually exclusive!
|
|
squid: squidguard: T3810: Fix template for sourcre-group and rule
|
|
|
|
Move the two implementations to get the driver name of a NIC from ethernet.py
and ethtool.py to only ethtool.py.
(cherry picked from commit 07840977834816b69fa3b366817d90f44b5dc7a7)
|
|
In order to alter rpki configuration we must also process the route-map nodes
with/for bgpd.
|
|
Add support for OpenVPN client mode with only the CA certificate of the server
installed.
|
|
|
|
|
|
|
|
|
|
|
|
This commit also extends the smoketest to verify that the exception for this
error is raised.
|
|
|
|
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP
address we wan't to use. We also have "set system name-servers-dhcp <interface>"
which does the same, but the name-server in question is retrieved via DHCP.
Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>"
to keep things as they are in real life - we need a name-server.
(cherry picked from commit 2ecf7a9f9cbe9359457bd23b4a0c45f3763123c7)
|
|
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as")
added support for a new CLI option when the local-as is changed for a specified
neighbor or peer-group.
There was an error in the CLI / design as the "replace-as" option can only be
used when "no-prepend" is defined. Thus "no-prepend" became a <node> and
the new "replace-as" leafNode is now a child of "no-prepend".
|
|
This patch allows the use of `"` in ssh public-key options which
unlocks the ability to set the `from` option in a way that sshd will
accept to limit what hosts a user can connect from.
|
|
|
|
|
|
Keys are not allowed with ipip and sit tunnels
|
|
|
|
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius:
T3192: migrate to get_config_dict()") the user-name was not excluded
from mangling (no_tag_node_value_mangle=True).
This resulted in a username "vyos-user" from CLI to be actually created as
"vyos_user" on the system.
This commit also adds respective Smoketests to prevent this in the future.
|
|
The workaround is no longer required, as the issue was resolved in
get_config_dict() so if it is a <multi/> node, a list is always returned.
|
|
|