summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-03-27dns: T5113: Support custom port for name-server forwardersIndrajit Raychaudhuri
Support custom port for name-server forwarders that would allow using custom ports in name server forwarders to enable forwarding to alternative name servers (unbound, stubby, dnscrypt-proxy etc.) operating on non-default port. This would also allow using DNS Over TLS in PowerDNS Recursor 4.6 onwards (pdns doesn't support certificate check for validity yet) by enabling 'dot-to-port-853'. This is set by default if compiled in with DoT support. See: https://doc.powerdns.com/recursor/settings.html#dot-to-port-853 This also partially implements T921, T2195 (DoT without certificate check). Implementation details: - In 'dns/forwarding' configuration, 'name-server' now allows optional 'port' (defaults to 53). - Instead of modifying 'name-server-ipv4-ipv6.xml.i' to add optional 'port', a new file 'name-server-ipv4-ipv6-port.xml.i' has been used to avoid impacting other places where it is reused because not all of them honor ports (mostly VPN related). - The `host:port` entries to be used by PowerDNS recursor config are normalized eagerly at the point of loading VyOS `Config` instead of doing them lazily while rendering the Jinja2 template to keep the implementation less intrusive. The alternative would entail making quite a bit of change in how 'vyos-hostsd' processes 'static' 'name_servers' entries or persists their runtime states.
2023-03-23Merge pull request #1901 from sever-sever/T5099Christian Breunig
T5099: IPoE-server add option next-pool for named ip pools
2023-03-23Merge pull request #1909 from sever-sever/T5108Christian Breunig
T5108: Add option rate-limit for l2tp pptp sstp ipoe raw format
2023-03-23T5108: Add option rate-limit for l2tp pptp sstp ipoe raw formatViacheslav Hletenko
There is a missing usefull option 'rate-limit' for L2TP/PPTP/SSTP/IPoE raw output format
2023-03-23ipsec: T2816: Cleanup dhcp hook file if not requiredsarthurdev
2023-03-23op-mode: T5107: raise error instead of calling exitJohn Estabrook
2023-03-22T5105: Fix error message from dhcp-serverNicolas Fort
2023-03-21Merge pull request #1894 from aapostoliuk/T5043-sagittaChristian Breunig
ipsec: T5043: Rewritten and fixed 'reset vpn' commands
2023-03-21ospf: T5102: do not always redistribute babel routesChristian Breunig
2023-03-21T5099: IPoE-server add option next-pool for named ip poolsViacheslav Hletenko
In cases with multiple named IP pools, it is required the option 'next' to be sure that if IP addresses ended in one pool, then they would begin to be allocated from the next named pool. For accel-ppp it requires specific order as pool must be defined before we can use it with the 'next-option' set service ipoe-server client-ip-pool name first-pool subnet '192.0.2.0/25' set service ipoe-server client-ip-pool name first-pool next-pool 'second-pool' set service ipoe-server client-ip-pool name second-pool subnet '203.0.113.0/25' [ip-pool] 203.0.113.0/25,name=second-pool 192.0.2.0/25,name=first-pool,next=second-pool
2023-03-21Merge pull request #1889 from nicolas-fort/T5050-logViacheslav Hletenko
T5050: Firewall: Add log options
2023-03-21T5050: Firewall: Add log optionsNicolas Fort
2023-03-20Merge pull request #1896 from jestabro/raw-list-openvpnDaniil Baturin
openvpn: T5095: raw output should return list instead of dict
2023-03-17T5086: Fix sflow fix default values for serverViacheslav Hletenko
We drop default values 'port' but don't set it again per server Fix it
2023-03-16Merge pull request #1895 from sever-sever/T5091Christian Breunig
T5091: IPoE-server verify RADIUS settings
2023-03-16openvpn: T5095: raw output should return list instead of dictJohn Estabrook
2023-03-16ipsec: T5043: Rewritten and fixed 'reset vpn' commandsaapostoliuk
1. Rewritten CLI of 'reset vpn' commands. 2. Created 'reset vpn ipsec remote-access' commands to reset RA IKEv2 session. 3. Created 'reset vpn ipsec site-to-site all' command to reset all configured IPSec site-to-site peers sessions. 4. Rewritten 'reset vpn l2t|pptp|sstp' commands to new opmode style.
2023-03-16T5091: IPoE-server verify RADIUS settingsViacheslav Hletenko
As we don't have global option 'gateway-address' for ipoe-server we cannot use general configverify.verify_accel_ppp_base_service Add verify radius setting for configuration mode 'radius' Radius authentication required at least one RADIUS server
2023-03-16T5086: Add sFlow feature based on hsflowdViacheslav Hletenko
Add sFlow feature based on hsflowd According to user reviews, it works more stable and more productive than pmacct I haven't deleted 'pmacct' 'system flow-accounting sflow' yet It could be migrated or deprecated later set system sflow agent-address '192.0.2.14' set system sflow interface 'eth0' set system sflow interface 'eth1' set system sflow polling '30' set system sflow sampling-rate '100' set system sflow server 192.0.2.1 port '6343' set system sflow server 192.0.2.11 port '6343'
2023-03-14T5085: Fix ipv6 route-map for ospfv3Viacheslav Hletenko
Add template to generate zebra "ipv6 protocol ospf6 route-map xxx"
2023-03-11keepalived: T5003: remove Debian default config path from ConditionFileNotEmptyChristian Breunig
Also ExecReload is a duplicate of the base service file
2023-03-11keepalived: T5003: move to Debian upstream versionChristian Breunig
2023-03-10container: T4959: add registry authentication optionChristian Breunig
Container registry CLI node changed from leafNode to tagNode with the same defaults. In addition we can now configure an authentication option per registry.
2023-03-10Merge pull request #1876 from jestabro/codegenChristian Breunig
graphql: T5068: generate client operations for code generation tools
2023-03-10T4973: DHCP server fix output for long leasesViacheslav Hletenko
With long lease time for example lease '4294967295' seconds it is impossible to get end lease as value is 'ends never;' It cause error to get timestamp() from 'ends never' and remaining time 'lease.end - datetime.utcnow()' Set default remaining and end lease to '-' if we cannot get this info
2023-03-09xml: T4952: improve interface completion helper CLI experienceChristian Breunig
2023-03-09qos: T5018: Use configdep to fix interface mirror/redirect issuesarthurdev
This will check if mirror/redirect is present on a QoS interface and use `vyos.configdep` module to update the interface again after QoS is applied.
2023-03-09T5063: IPoE-server ethX vlan must not be used with client-subnetViacheslav Hletenko
IPoE-server 'interface ethX vlan xxx' (aka vlan-mon) must not be used with 'interface ethX client-subnet' So instead of shared pool accel-ppp uses the same pool for each dynamically added VLAN eth1 client-subnet '192.0.2.0/24' eth1 vlan '2000-2021' It cause this issue: eth1.2000 range 192.0.2.0/24 (the first client gets address from 192.0.2.2) eth2.2001 range 192.0.2.0/24 (the first client gets address from 192.0.2.2) Only named pools with vlan option must be used.
2023-03-08graphql: T5068: generate client operations for code generation toolsJohn Estabrook
2023-03-08T5066: Fix GRE tunnel variable name which checks keysViacheslav Hletenko
2023-03-07frr: T5045: lift LimitNOFILE 1024 -> 4096Christian Breunig
Lift the amount of allowed open file descriptors for the FRR process tree. Required if there are hundreds to thousands interfaces on a system.
2023-03-05op-mode: T5051: use typing.Literal in op-mode scriptsJohn Estabrook
2023-03-05op-mode: T5051: interpret Literal types as enumsJohn Estabrook
2023-03-04Merge pull request #1862 from jestabro/schema-generateChristian Breunig
graphql: T5040: generate schema on installation, rather than dynamically
2023-03-03graphql: T5040: use path from defaultsJohn Estabrook
2023-03-02Merge pull request #1865 from jbordongit/T4916-sagittaChristian Breunig
ipsec: T4916: Fixed migrations script
2023-03-03ipsec: T4916: Fixed migrations scriptjbordongit
* removed unused `re` from imports * replaced `return_value()` to `return_values()` for `remote-address` because this is a multi-value configuration node
2023-03-02login: T5039: catch error on 'my_set' for auth plaintext-passwordJohn Estabrook
2023-03-01graphql: T5040: generate schema in vyos-1x.postinstJohn Estabrook
2023-03-01graphql: T5040: use nullable key field to allow schema static generationJohn Estabrook
Schema had been dynamically generated, based on configuration setting for authentication. Add nullable field 'key' for static generation of schema regardless of key/token use.
2023-02-28Merge pull request #1857 from nicolas-fort/nft_queueChristian Breunig
T5037: Firewall: Add queue action and options to firewall
2023-02-28T4967: Allow setting container hostnameViacheslav Hletenko
Ability setting container hostname This host name is used as /etc/hostname set container name <tag> host-name 'mybox'
2023-02-28T5037: Firewall: Add queue action and options to firewallNicolas Fort
2023-02-28Merge pull request #1800 from vfreex/feature-babelChristian Breunig
T4977: Add Babel routing protocol support
2023-02-28Merge pull request #1784 from Zen3515/current-add-container-command-argChristian Breunig
container: T4014: Add `command`, `arg` and `entrypoint` configuration options for containers
2023-02-28Merge pull request #1853 from sever-sever/T5033Christian Breunig
T5033: Ability to generate muliple keys from a file or link
2023-02-27openvpn: T4770: fix tabulate output in _format_openvpnJohn Estabrook
2023-02-27openconnect: T4955: Renamed function and changed error messagesaapostoliuk
Renamed local function to be identical to 1.3 ver Changed error messages after commit to be identical to 1.3 ver
2023-02-27Merge pull request #1644 from aapostoliuk/T4790-sagittaViacheslav Hletenko
T4790: Added check of the sum of radius timeouts
2023-02-27T5033: Ability to generate muliple keys from a file or linkViacheslav Hletenko
We generate only one public key (string) from a file xxx.pub op-mode with 'generate public-key-command user vyos lik_to_key_file' Add ability to generate configuration (from op-mode) for multiple keys As github keys don't use identifiers, generate uuid4 id for them