Age | Commit message (Collapse) | Author |
|
|
|
|
|
ipsec: T4593: Remove references to deleted variables
|
|
|
|
As we have the same variable name 'default_values' for container
name, port and volume, it rewrites default container parameters
with default port parameters
Fix it
|
|
Not supported with swanctl
|
|
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
|
|
T4857: snmp: Fix error when not defining client|network under community
|
|
After the RESTRICTED view was introduced snmpd requires a network to be
specified. Before adding the RESTRICTED view snmpd always assumed the default
network 0.0.0.0/0.
This commit re-adds the build in default networks for IPv4 and IPv6 and
exposes it as a proper default to the CLI so the user is informed about it:
vyos@vyos# set service snmp community foooo
Possible completions:
authorization Authorization type (default: ro)
+ client IP address of SNMP client allowed to contact system
+ network Subnet of SNMP client(s) allowed to contact system (default:
0.0.0.0/0, ::/0)
|
|
sstp-client
|
|
containers"
This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
|
|
container: T4959: Add container registry authentication config for containers
|
|
This PR adds basic Babel routing protocol support using the implementation in
FRR.
Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
|
|
|
|
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
|
|
When shaper is bound to a dialup (e.g. PPPoE) interface it is possible, that
it is yet not availbale when to QoS code runs. Skip the configuration and
inform the user.
|
|
bgp: T4817: add support for RFC9234
|
|
This reverts commit 3a6e77d479da4321b851163490a9b79ef2cef7b8.
A general solution is implemented in Commit 29a44a73 ("T4975: always sync()
filesystem after commit").
|
|
|
|
User profile files are not saved to disk after configuration is fully applied.
Because of this, after a fast system reset, profile files can be empty, and CLI
is broken.
This fix adds a `sync()` call after the user's configuration, which should
protect from data loss and fix the problem with profiles.
|
|
options for containers
|
|
|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
|
|
Removes port key from accounting server merged config dictionary.
|
|
|
|
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
|
|
After merging config dictionary with default values, radius port
the default value was merged not in a proper way.
It is added as a server.
After creating radiusclient.conf added and the illegal authserver
equal 'port'.
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
|
|
|
Some ISPs seem to use the host-uniq flag to authenticate client equipment.
Add CLI option in VyOS to allow specification of the host-uniq flag.
set interfaces pppoe pppoeN host-uniq <value>
|
|
Whenever a container is used and a folder is mounted, this happenes as
read-write which is the default in Docker/Podman - so is the default in VyOS.
A new option is added "set container name foo volume mode <ro|rw>" to specify
explicitly if rw (default) or ro should be used for this mounted folder.
|
|
config-mgmt: T4942: rewrite vyatta-config-mgmt to Python/XML
|
|
|
|
T4857: SNMP: Implement FRR SNMP Recomendations
|
|
warning message
|
|
|
|
|
|
ntp: T3008: migrate from ntpd to chrony
|
|
This prevents any stale override files when the system is beeing rebooted,
but the actual configuration was not saved. /run is a tmpfs and thus
always fresh after boot.
|
|
* Move CLI from "system ntp" -> "service ntp"
* Drop NTP server option preempt as not supported by chrony
|
|
Commit 1fc7e30f ('T4935: ospfv3: "not-advertise" and "advertise" conflict')
added a check for not-advertive and advertise in the same area but lacked a
test if the key really exists in the dict which is to be validated.
|
|
T4118: Add default value any for connection remote-id
|
|
If IPsec "peer <tag> authentication remote-id" is not set
it should be "%any" by default
https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html#_connections_conn_remote
Set XML default value in use it in the python vpn_ipsec.py script
|
|
They can't be set at the same time.
|
|
Changed restart to reload-or-restart in commit.
It allows to reload the config and not restart webporxy service
during commit.
|
|
This reverts commit 6857447bf6acba3537d5e5372cd320aef078b81e.
|
|
T4877: Added more checks if "import vrf" is used in bgp
|
|
1. Fixed: If rd and route-target are used in VRF, can not use "import vrf"
in the same VRF in the same AFI/SAFI.
2. Fixed: If rd and route-target is used in VRF, this VRF can not be in
the list of command "import vrf" in the same AFI/SAFI but in
other VRFs.
3. Fixed: Do not allow to delete vrf if it is used in import list
of other vrfs.
4. Added smoketests to check "import vrf" issues.
|