summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-04-23http-api: T5175: check value of attribute for FastAPI>=0.91.0John Estabrook
FastAPI v0.92.0 (starlette v0.24.0) sets default attribute Request._form; check for value == None instead of existence when overriding Request class. (cherry picked from commit cac55a066e1f7d7d4c0eec5ada76570a326b5ac9)
2023-04-13Merge pull request #1952 from sever-sever/T4727Christian Breunig
T4727: Add RADIUS rate-limit attribute for vpn pptp
2023-04-12T5152: Get default hostname for telegraf from FQDN or hostnameViacheslav Hletenko
Fix for Telegraf agent hostname isn't qualified Try to get the hostname from FQDN and then from the hostname Used for metrics You may have more than one machine with different domain names r1 domain-name foo.local, hostname myhost r2 domain-name bar.local, hostname myhost It helps to detect from which exactly host we get metrics for InfluxDB2
2023-04-11T4727: Add RADIUS rate-limit attribute for vpn pptpViacheslav Hletenko
Add rate-limit attribute, multiplier, vendor specific attribute for the [shaper] section
2023-04-01container: T4959: add registry authentication optionChristian Breunig
Container registry CLI node changed from leafNode to tagNode with the same defaults. In addition we can now configure an authentication option per registry. (cherry picked from commit fe82d86d3e87cb8d92ebc9d0652c08e3dd79a12c)
2023-04-01Merge pull request #1919 from c-po/equuleusChristian Breunig
container: T5047: restart only containers that changed (backport)
2023-04-01container: T5047: bugfix TypeError: argument of type 'NoneType' is not iterableChristian Breunig
Commit 52e51ffb ("container: T5047: restart only containers that changed") started to iterate over a NoneType which is invalid. This happened when a network description was changed but no container was due for restart. (cherry picked from commit 86d7b8d1d2b53b9fa93bd456abb4ea1b4f2949b6)
2023-03-29container: T5047: restart only containers that changedChristian Breunig
By default VyOS used to restart all containers it managed. This makes no sense as it will be service disrupting. Instead only restart the containers that had changes on the CLI beeing made. (cherry picked from commit 52e51ffbb84996aee9d5b94eebf64589ead31225)
2023-03-23op-mode: T5097: show interfaces should reflect cleared countersJohn Estabrook
'show interfaces counters' correctly displays counter stats after a call to 'clear interfaces counters', however, 'show interfaces detail' does not. Add missing update to counter stats.
2023-03-23T5105: Fix error message from dhcp-serverNicolas Fort
(cherry picked from commit 05e00b986a563681b038b226c86c83a29d6da820)
2023-03-15T3083: Add service event-handlerViacheslav Hletenko
Event-handler allows executing a custom script when detects some configured "pattern regex" set service event-handler event first filter pattern '.*ssh2.*' set service event-handler event first script arguments '192.0.2.5' set service event-handler event first script environment interface value 'eth0' set service event-handler event first script path '/config/scripts/hello.sh' It is the backport from 1.4
2023-03-10Merge pull request #1859 from sever-sever/T5033-eqViacheslav Hletenko
T5033: Ability to generate muliple keys from a file or link
2023-03-09T5066: Fix GRE tunnel variable name for verify check keysViacheslav Hletenko
2023-03-07openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'John Estabrook
(cherry picked from commit 779f4001a4828f1af39a5b0b861d62635fcb3726)
2023-03-07openvpn: T4381: Add tunnel ip column for status commandsrividya0208
Added the tunnel ip column to see the assigned ip address in server mode (cherry picked from commit 500c182c4fa4e0fa030b7c68139fbe948266c49b)
2023-03-01T4967: Allow setting container hostnameViacheslav Hletenko
Ability setting container hostname This host name is used as /etc/hostname set container name <tag> host-name 'mybox' (cherry picked from commit c68d73e6720a7df2b48df17ac7b9b4c906e0294c)
2023-03-01container: T4014: Add `command`, `arg` and `entrypoint` configuration ↵Zen3515
options for containers (cherry picked from commit 53aebddb4ca54b0cc4a296d6cc4c4d960c5f1d73)
2023-02-28T5033: Ability to generate muliple keys from a file or linkViacheslav Hletenko
We generate only one public key (string) from a file xxx.pub op-mode with 'generate public-key-command user vyos lik_to_key_file' Add ability to generate configuration (from op-mode) for multiple keys As github keys don't use identifiers, generate uuid4 id for them
2023-02-24Merge pull request #1794 from aapostoliuk/T4955-equuleusChristian Breunig
openconnect: T4955: Removed wrong authserver in radiusclient.conf
2023-02-21T4978: Default values of port rewrite default container valuesViacheslav Hletenko
As we have the same variable name 'default_values' for container name, port and volume, it rewrites default container parameters with default port parameters Fix it (cherry picked from commit 679efe8ac7998ba1b8f3c7c4bfc7508d8869907d)
2023-02-20openconnect: T4955: Removed wrong authserver in radiusclient.confaapostoliuk
After merging config dictionary with default values, radius port the default value was merged not in a proper way. It is added as a server. After creating radiusclient.conf added and the illegal authserver equal 'port'. Backported from 1.4
2023-02-14T5009: relay: correct service name for restarting dhcp relay serviceNicolas Fort
2023-02-13Merge pull request #1813 from sever-sever/T4971-eqChristian Breunig
T4971: PPPoE server add named ip pool and attr Framed-Pool
2023-02-12T5001: Replace links to the phabricator siteChristian Breunig
Replace links to the phabricator site from https://phabricator.vyos.net to https://vyos.dev (cherry-picked form commit bd9416a6aa9d5d0a746dc2cebc8d0330fd27d1a2)
2023-02-12T4999: Backport vyos util dict_search_recursiveViacheslav Hletenko
Backport "dict_search_recursive" from vyos.util 1.4 to 1.3 data = { 'interfaces': {'dummy': {'dum0': {'address': ['192.0.2.17/29']}}, 'ethernet': {'eth0': {'address': ['2001:db8::1/64', '192.0.2.1/29'], 'description': 'Test123', 'duplex': 'auto', 'hw_id': '00:00:00:00:00:01', 'speed': 'auto'}, 'eth1': {'address': ['192.0.2.9/29'], 'description': 'Test456', 'duplex': 'auto', 'hw_id': '00:00:00:00:00:02', 'speed': 'auto'}}} } dict_search_recursive(data, 'hw_id') will yield both '00:00:00:00:00:01' and '00:00:00:00:00:02' as generator object.
2023-02-04Revert "login: T4975: Fixed broken CLI commands"Christian Breunig
This reverts commit 7b36c363cd5b0168bd83c399f50a0a360ba3ee58. A general solution is implemented in Commit ae9dde04 ("T4975: always sync() filesystem after commit").
2023-02-04T4975: always sync() filesystem after commitChristian Breunig
(cherry picked from commit 29a44a73c638cb22839aa32986de367231b6efe9)
2023-02-02login: T4975: Fixed broken CLI commandszsdc
User profile files are not saved to disk after configuration is fully applied. Because of this, after a fast system reset, profile files can be empty, and CLI is broken. This fix adds a `sync()` call after the user's configuration, which should protect from data loss and fix the problem with profiles.
2023-01-25container: T4947: backport missing port-range validatorChristian Breunig
2023-01-24Merge pull request #1773 from c-po/equuleusChristian Breunig
container: T4947: support mounting container volumes as ro or rw (equuleus backport)
2023-01-21validators: T4875: use file-path to replace validator 'interface-name'Christian Breunig
(cherry picked from commit f0bc6c62016d285f0645c4b3ba8b1451c40c637f)
2023-01-21container: T4947: support mounting container volumes as ro or rwChristian Breunig
Whenever a container is used and a folder is mounted, this happenes as read-write which is the default in Docker/Podman - so is the default in VyOS. A new option is added "set container name foo volume mode <ro|rw>" to specify explicitly if rw (default) or ro should be used for this mounted folder. (cherry picked from commit 275ea7303cfdb79c042da1b710622aee17a488a8)
2023-01-17T4906: Fix show vpn ipsec connections dataViacheslav Hletenko
We get incorrect data when shows connections As we get list of all connections we should compare the connection name with entries in list and set correct data if they match
2023-01-11webproxy: T4927: Changed restart to reload-or-restart in commitaapostoliuk
Changed restart to reload-or-restart in the commit. It allows to reload the config and not restart webproxy service during the commit. Backported from 1.4
2023-01-08ssh: T4922: extend verify() when both source-address and source-interface is ↵Christian Poessinger
used We need to ensure that source-address is assigned on source-interface before applying the configuration, else SSH client will have a hard time talking to someone. (cherry picked from commit d1ef90e1eb51334b99ad716969e17c7f257e1a39)
2023-01-08ssh: T4922: add source-interface support ssh-clientChristian Poessinger
(cherry picked from commit 87cc636bd2baf576a2a5ece7a4f8318eb4f69c2e)
2023-01-08ssh: T2651: use Debian style include directve for ssh_config.dChristian Poessinger
Commit 846e306700a ("ssh: T2651: add cli options for source address") added support for a basic SSH client option, but it grabbed the entire /etc/ssh/ssh_config file without the ability to make custom user adjustments via the /etc/ssh/ssh_config.d/ folder. This commit places the VyOS SSH options under /etc/ssh/ssh_config.d/ leaving the common override system alive. (cherry picked from commit 7763de6c4b93d3372ab3f4572d9fa6b7536102b3)
2022-12-30container: T578: backport podman from 1.4 development branchChristian Poessinger
2022-12-22Merge pull request #1722 from aapostoliuk/webproxybackportChristian Poessinger
T3810: Fixed all issues in T3810
2022-12-22T3810: Fixed all issues in T3810aapostoliuk
1. Added in script update webproxy blacklists generation of all DBs 2. Fixed: if the blacklist category does not have generated db, the template generates an empty dest category in squidGuard.conf and a Warning message. 3. Added template generation for local's categories in the rule section. 4. Changed syntax in the generation dest section for blacklist's categories 5. Fixed generation dest local sections in squidGuard.conf 6. Fixed bug in syntax. The word 'allow' changed to the word 'any' in acl squidGuard.conf 7. Backported all changes from 1.4 to 1.3 which were made in T3810 8. Fixed webproxy smoketest
2022-12-17Merge pull request #1259 from hensur/equuleus-ipv6-local-routeChristian Poessinger
backport: T4515: T4219: policy local-route6 and inbound-interface support
2022-12-17Merge pull request #1557 from initramfs/equuleus-fix-tcp-mssChristian Poessinger
firewall: T4709: fix firewall MSS clamping issues
2022-11-21T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states.
2022-11-15backport: T4815: Fix various name server config issuesYuxiang Zhu
This is a backport of https://github.com/vyos/vyos-1x/pull/1656. Note I also changed `ip-down.script.tmpl` to not wait for `systemctl stop dhcp6c@$iface.service`, because that command is slow and pppd will kill the ip-down script if it times out. I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch. Not sure if there is another mechanism to handle that functionality or it is missed.
2022-11-05dns: T4799: fix bug with not reloading powerdns configinitramfs
PowerDNS version 4.7 and above has changed the main process name from 'pdns-r/worker' to 'pdns_recursor'. This commit updates the process name check to use the new name. (cherry picked from commit ff09d4f47e5f54fad8258cd27fb0adfaa4c552b3)
2022-11-01strip-private: T4177: Fix for hiding private data token/url/bucketViacheslav
Add URL, token and bucket hidind data when is used function "strip-private" (cherry picked from commit f12d8b5a575f4b454426fe11f65b5add966ca53c)
2022-10-30keepalived: T4526: keepalived-fifo.py unable to load configSander Klein
keepalived-fifo.py cannot load the VyOS config because the script is started before the commit is completely finished. This change makes sure the script waits for the commit to be completed. It retries every 0.5 seconds. If the commit is still not completed it will continue as did the original implementation.
2022-09-26firewall: T4709: adjust TCP MSS clamping ranges and optionsinitramfs
This commit fixes MSS clamping ranges as well as reintroduces the clamp-mss-to-pmtu option value to clamp to PMTU instead.
2022-09-17wireguard: T4702: actively revoke peer if it gets disabledChristian Poessinger
When any configured peer is set to `disable` while the Wireguard tunnel is up and running it does not get actively revoked and removed. This poses a security risk as connections keep beeing alive. Whenever any parameter of a peer changes we actively remove the peer and fully recreate it on the fly. (cherry picked from commit a4feb96af9ac45aff41ded1744cf302b5c5a9e7e)
2022-09-15Merge pull request #1519 from c-po/t4630-equuleus-peth-macsecDaniil Baturin
T4630: disallow same source-interface for macsec and pseudo-ethernet