| Age | Commit message (Collapse) | Author |
|---|
|
When using an ACME based certificate with VyOS we provide the necessary PEM
files opaque in the background when using the internal tools. This however will
not properly work with the CA chain portion, as the system is based on the
"pki certificate <name> acme" CLI node of a certificate but CA chains reside
under "pki ca".
This adds support for importing the PEM data of a CA chain issued via ACME into
the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by
other daemons. Importing the chain only happens, when the chain was not already
added manually by the user.
ACME certificate chains that are automatically added to the CLI are all prefixed
using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds
a safeguard when the intermediate CA changes, the referenced name on the CLI
stays consitent for any pending daemon updates.
|
|
|
|
|
|
T861: op-mode: initial parts for UEFI secure boot CLI
|
|
Support getting current system secure boot state.
In addition add optional suppor tto list all enrolled MOK (Machine Owner Keys)
in the UEFI variable store.
|
|
vyos@vyos:~$ show ver
...
Architecture: x86_64
Boot via: installed image
System type: KVM guest
Secure Boot: enabled
...
|
|
op-mode: T6682: Fix for show vpn ike sa peer that always shows all SAs
|
|
openfabric: T6652: Add support for OpenFabric protocol
|
|
|
|
Missing comma in the list between services
'ssh', 'suricata' 'vrrp', 'webproxy'
Fix it
|
|
op-mode: T6694: Move some op-mode commands to the "execute" family
|
|
'force netns' — move to 'execute shell netns'.
'force vrf'— move to 'execute shell vrf'.
'force owping' — move to 'execute owping'.
'force twping' — move to 'execute twping'.
'monitor bandwidth-test' — move to 'execute bandwidth-test`.
'telnet' — move to 'execute telnet'
|
|
|
|
OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks.
FRR implements OpenFabric in a daemon called fabricd
|
|
|
|
T5743: HTTPS API ability to import PKI certificates
|
|
|
|
|
|
In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers
were replaced with `data-ciphers`
fix template for "generate openvpn client-config"
|
|
T6617: T6618: vpn ipsec remote-access: fix profile generators
|
|
Removed unused pprint module
|
|
T6486: T6379: Rewrite generate openvpn client-config
|
|
system: op-mode: T3334: allow delayed getty restart when configuring serial ports
|
|
ports
* Created op-mode command "restart serial console"
* Relocated service control to vyos.utils.serial helpers, used by conf- and
op-mode serial console handling
* Checking for logged-in serial sessions that may be affected by getty reconfig
* Warning the user when changes are committed and serial sessions are active,
otherwise restart services as normal. No prompts issued during commit,
all config gen/commit steps still occur except for the service restarts
(everything remains consistent)
* To apply committed changes, user will need to run "restart serial console"
to complete the process or reboot the whole router
* Added additional flags and target filtering for generic use of helpers.
|
|
|
|
Strongswan does not initiate session after termination via vici.
Added an CHILD SAs initialization on the initiator side
of the tunnel.
|
|
|
|
|
|
interfaces that don't exist
|
|
|
|
T6578: Fix unhandled exception in "show openconnect-server sessions"
|
|
op-mode: T6586: add a distinct exception for unconfigured objects (as opposed to entire subsystems)
|
|
|
|
as opposed to entire subsystems
|
|
Right now we have multiple restart helpers (e.g. dhcp server, ssh, ntp) that
all do the same (more or less):
* Check if service is configured on CLI
* Restart if configured
* Error out if unconfigured
This is not available via the op-mode API. Create a new restart.py op-mode
helper that takes the service name and possible VRF as argument so it's also
exposed via API.
|
|
Commit dc60fe99350 ("op-mode: T6537: include hostname in the reboot/shutdown
warning message") added a more local import of vyos.utils.process.cmd() that
made the fglobal import obsolete and trigger a linter warning.
$ make unused-imports
--------------------------------------------------------------------
Your code has been rated at 10.00/10 (previous run: 10.00/10, +0.00)
|
|
|
|
|
|
dmbaturin/T6498-machine-readable-tech-support-report
op-mode: T6498: add machine-readable tech support report script
|
|
|
|
This command helps to generate users `.ovpn` files
Rewrite `generate openvpn client-config` to use Config()
It needs to get the default values as `ConfigTreeQuery` is
not supporting default values.
Fixed "ignores configured protocol type" if TCP is used
Fixed lzo, was used even if lzo not configured
Fixed encryption is not parse the dict
|
|
T6527: add legacy Vyatta interpreter files still in use
|
|
|
|
op-mode: T6524: rewrite "release dhcp(v6) interface" to new op-mode format
|
|
* T6452: Add QoS Op Commands
Added the following commands:
show qos shaping
show qos shaping detail
show qos shaping interface <int name>
show qos shaping interface <int name> detail
show qos shaping interface <int name> class <class name>
show qos shaping interface <int name> class <class name> detail
show qos cake interface <int name>
|
|
new cli syntax (#3731)
|
|
(#3681)
* T6488: firewall: extend op-mode command to show global state-policy counters.
|
|
|
|
T6313: Add "NAT" to "generate" command for rule resequence
|
|
|
