summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2024-10-07Merge pull request #4134 from vyos/mergify/bp/circinus/pr-4131Christian Breunig
static: T4283: fix missing f'ormat string (backport #4131)
2024-10-07pki: T6481: auto import ACME certificate chain into CLIChristian Breunig
When using an ACME based certificate with VyOS we provide the necessary PEM files opaque in the background when using the internal tools. This however will not properly work with the CA chain portion, as the system is based on the "pki certificate <name> acme" CLI node of a certificate but CA chains reside under "pki ca". This adds support for importing the PEM data of a CA chain issued via ACME into the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by other daemons. Importing the chain only happens, when the chain was not already added manually by the user. ACME certificate chains that are automatically added to the CLI are all prefixed using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds a safeguard when the intermediate CA changes, the referenced name on the CLI stays consitent for any pending daemon updates. (cherry picked from commit 875764b07f937fc599e2e62c667e7b811ddc2ed3)
2024-10-06static: T4283: fix missing f'ormat stringChristian Breunig
This fixes the error message: Can not use both blackhole and reject for prefix "{prefix}"! Added in commit bb78f3a9ad28 ("static: T4283: support "reject" routes - emit an ICMP unreachable when matched") (cherry picked from commit 490ee3ec5ba7ea28002890841eab8e46f775a129)
2024-09-30Merge pull request #4113 from vyos/mergify/bp/circinus/pr-4024Christian Breunig
T6687: add fqdn support to nat rules. (backport #4024)
2024-09-30T6687: add fqdn support to nat rules.Nicolas Fort
(cherry picked from commit 4c3d037f036e84c77333a400b35bb1a628a1a118)
2024-09-30Merge pull request #4115 from vyos/mergify/bp/circinus/pr-4061Daniil Baturin
syslog: T5367: add format option to include timezone in message (backport #4061)
2024-09-30syslog: T5367: add format option to include timezone in messageChristian Breunig
Add CLI option to include the systems timezone in the syslog message sent to a collector. This can be enabled using: set system syslog host <hostname> format include-timezone (cherry picked from commit 042be39ccabb43a766e04a447207610ff017bd7d)
2024-09-26dhclient: T6667: Added workaround for communication with FRRzsdc
To increase the chance for dhclient to configure routes in FRR, added a workaround. Now 10 attempts are performed with 1 second delay and only after this dhclient gives up. (cherry picked from commit da64a7246e9b12d5bd84287517cfbfa59e364c28)
2024-09-26Merge pull request #4095 from vyos/mergify/bp/circinus/pr-4086Daniil Baturin
bridge: T6675: VXLAN Interface configuration lost due to improper bridge detachment (backport #4086)
2024-09-24syslog: T6719: fix the behavior of "syslog global preserve-fqdn"Nicolas Vollmar
(cherry picked from commit c196c6d9207ef112e478f44923b2d0bc8a15b3c9)
2024-09-24bridge: T6675: VXLAN Interface configuration lost due to improper bridge ↵Nataliia Solomko
detachment (cherry picked from commit 7dbd07657c914d5a46eed101ae44d73ba3b4c6f0)
2024-09-19wireless: T6496: support for EAP-MSCHAPv2 client over wifiChristopher
fix: attempt to fix indentation on `wpa_supplicant.conf.j2` fix: attempt to fix indentation on `wpa_supplicant.conf.j2` fix: incorrect bssid mapping fix: use the correct jinja templating (I think) fix: “remote blank space fix: attempt to fix the formatting in j2 fix: attempt to fix the formatting in j2 feat: rename enterprise username and password + add checks in conf mode. fix: move around `bssid` config option on `wpa_supplicant.conf.j2` and fix the security config part fix: fix indentation on `wpa_supplicant.conf.j2` (cherry picked from commit fc4263021acb72d2d8afb165922d9cb7e11b2bf1)
2024-09-18Merge pull request #4082 from vyos/mergify/bp/circinus/pr-3823Daniil Baturin
OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers (backport #3823)
2024-09-18OpenVPN CLI-option: T6571: rename ncp-ciphers with data-cipherssrividya0208
(cherry picked from commit b62b2f5f8a9c4f0a7dc26bce1f15843651119256)
2024-09-18T6486: generate OpenVPN use data-ciphers instead of ncp-ciphers (#3930)Viacheslav Hletenko
In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers were replaced with `data-ciphers` fix template for "generate openvpn client-config" (cherry picked from commit ffbc04c591b534188cb08bf3991fadac4aa386a8)
2024-09-18T6716: don't automatically set ethernet offload (#4078)mergify[bot]
Remove the lines of code that checked if the kernel had offloading enabled and was then forcing the config to set it to "on." The behavior now mirrors the config and offloading will only be enabled if the config is explicitly set to enabled. Note: the code is still present to disable the offloading, in the config, if the kernel doesn't support it. Note(2): Allow the previous behavior where the offload settings get set, based on the Kernel, if the boot is a live boot. (cherry picked from commit b6c2a7476bbd20bebc3e901cc55c17965ebfc423) Co-authored-by: Dave Vogel <dvogel@greylogic.com>
2024-09-17bond: T6709: add EAPoL support (backport #4069) (#4076)mergify[bot]
* ethernet: T6709: move EAPoL support to common framework Instead of having EAPoL (Extensible Authentication Protocol over Local Area Network) support only available for ethernet interfaces, move this to common ground at vyos.ifconfig.interface making it available for all sorts of interfaces by simply including the XML portion #include <include/interface/eapol.xml.i> (cherry picked from commit 0ee8d5e35044e7480dac6a23e92d43744b8c5d36) * bond: T6709: add EAPoL support (cherry picked from commit 8eeb1bdcdfc104ffa77531f270a38cda2aee7f82) --------- Co-authored-by: Christian Breunig <christian@breunig.cc>
2024-09-15op-mode: T6682: Fix for show vpn ike sa peer always shows all SAsNataliia Solomko
(cherry picked from commit 8c6a57124af37ba410dd01797e9242b3a79f171a)
2024-09-15Merge pull request #4058 from vyos/mergify/bp/circinus/pr-4046Christian Breunig
T6703: Adds option to configure AMD pstate driver (backport #4046)
2024-09-13Merge pull request #4056 from vyos/mergify/bp/circinus/pr-4054Daniil Baturin
T6711: Fix restart vrrp missed comma between services (backport #4054)
2024-09-12policy: T6676: Invalid route-map caused bgpd to crashNataliia Solomko
(cherry picked from commit 595f35bbdda732883ce0b8b0721061bb3a40a715)
2024-09-12T6703: fix unrelated lint issuesNicolas Vollmar
(cherry picked from commit f00d43381516326061db5287d841ad52e79d6271)
2024-09-12T6703: Adds option to configure AMD pstate driverNicolas Vollmar
(cherry picked from commit 333672bee041f0f2b8e1b698a8eb2108694ad812)
2024-09-12Merge pull request #4050 from jestabro/revise-migration-circinusDaniil Baturin
T6007: revise migration system
2024-09-12T6711: Fix restart vrrp missed comma between servicesViacheslav Hletenko
Missing comma in the list between services 'ssh', 'suricata' 'vrrp', 'webproxy' Fix it (cherry picked from commit a3ddd2cb8994deefd378951806b5dc35067d06a7)
2024-09-12container: T6701: add support to disable container network DNS supportDave Vogel
Add ability to set the container network with a disable-dns setting to disable the DNS plugin that is on be default. set container network <network> no-name-server (cherry picked from commit 1d5625d572cc25a9d53247b7c41177f17845b052)
2024-09-11migration: T6007: update run-config-migration scriptJohn Estabrook
(cherry picked from commit 08d4fcbc6243022cda0e889d99817d8e4e0ead78)
2024-09-11migration: T6007: add util add_system_version to replace *_system_footerJohn Estabrook
(cherry picked from commit 51865448599ec40283fffe4dc15729f88f389886)
2024-09-11migration: T6007: update vyos_net_nameJohn Estabrook
(cherry picked from commit cd347713196cc8b48ea394365501e54a04d5e6e4)
2024-09-11migration: T6007: update vyos-merge-config.pyJohn Estabrook
(cherry picked from commit f67753bf10ac217040aa7d86117fb44c7b743327)
2024-09-11migration: T6007: update vyos-load-config.pyJohn Estabrook
(cherry picked from commit 271fcff986c11e3300f3abd66c603a125abd8dd1)
2024-09-11migration: T6007: convert all migration scripts to load as moduleJohn Estabrook
(cherry picked from commit 26740a8d583f64dc0a27b59dd4ae303056972c0b)
2024-09-10op_mode: T6181: A feature for checking portsNataliia Solomko
(cherry picked from commit 7d20a52e02bec76474ca060fcb1eaeca52c52001)
2024-09-09container: T6702: re-add missing UNIX API socketChristian Breunig
During podman upgrade and a build from the original source the UNIX socket definition for systemd got lost in translation. This commit re-adds the UNIX socket which is started on boot to interact with Podman. Example: curl --unix-socket /run/podman/podman.sock -H 'content-type: application/json' \ -sf http://localhost/containers/json (cherry picked from commit f67e217f2716937115a3bdf6d316b172bbec75e5)
2024-08-26configd: T6671: track scripts proposed and scripts calledJohn Estabrook
(cherry picked from commit d4b6bed84e5ac4214f2eae0e6ee7c1f4e0852222)
2024-08-24sysctl: T3204: restore sysctl setttings overwritten by tunedChristian Breunig
(cherry picked from commit 8500e8658ff10f52739143fd7814cf60c9195f16)
2024-08-24Merge pull request #4005 from vyos/mergify/bp/circinus/pr-4000Daniil Baturin
T6672: Fix system option ssh-client source-interface (backport #4000)
2024-08-23Merge pull request #4012 from vyos/mergify/bp/circinus/pr-3656Christian Breunig
wireless: T6318: move country-code to a system wide configuration (backport #3656)
2024-08-23wireless: T6318: move country-code to a system wide configurationChristian Breunig
Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code" (cherry picked from commit 9e22ab6b2aee48029d3455f65880e45c558cf1da)
2024-08-23T6561: Add vrf aware for show ntp (#4009)mergify[bot]
(cherry picked from commit 5f780ebb7f1799eb9a93218bb83561db509c7e56) Co-authored-by: Viacheslav Hletenko <v.gletenko@vyos.io>
2024-08-22T6672: Fix system option ssh-client source-interfaceViacheslav Hletenko
Fix for system option ssh-client source-interface For the `verify_source_interface` the key `ifname` if required (cherry picked from commit f453b33a6056de8fc5145ca9e680361fbce68348) # Conflicts: # smoketest/scripts/cli/test_system_option.py
2024-08-18op_mode: T3961: Generate PKI expect 2 character country codeNataliia Solomko
(cherry picked from commit 71d6d0fe31db13f4ddf5c75209b9bba88a1e0a32)
2024-08-16T6649: Accel-ppp separate vlan-mon from listen interfacesNataliia Solomko
(cherry picked from commit 663e468de2b431f771534b4e3a2d00a5924b98fe)
2024-08-15op_mode: T6651: Add a top level op mode word "execute"Nataliia Solomko
(cherry picked from commit 69ab44309d56d73d92c2f8a7b0b4ca3016e61ff6)
2024-08-13Merge pull request #3974 from vyos/mergify/bp/circinus/pr-3937Daniil Baturin
configd: T6633: inject missing env vars for configfs utility (backport #3937)
2024-08-13Merge pull request #3972 from vyos/mergify/bp/circinus/pr-3961Christian Breunig
configverify: T6642: verify_interface_exists requires config_dict arg (backport #3961)
2024-08-13configd: T6633: inject missing env vars for configfs utilityJohn Estabrook
(cherry picked from commit a9024f302fd9657a0e6ef274cfc1dedccaf9d1a3)
2024-08-12Merge pull request #3959 from vyos/mergify/bp/circinus/pr-3955Christian Breunig
configd: T6640: enforce in_session returns False under configd (backport #3955)
2024-08-12configverify: T6642: verify_interface_exists requires config_dict argJohn Estabrook
The function verify_interface_exists requires a reference to the ambient config_dict rather than creating an instance. As access is required to the 'interfaces' path, provide as attribute of class ConfigDict, so as not to confuse path searches of script-specific config_dict instances. (cherry picked from commit 5f23b7275564cfaa7c178d320868b5f5e86ae606)
2024-08-09qos: T6638: require interface state existence in verify conditionalJohn Estabrook
(cherry picked from commit ed63c9d1896a218715e13e1799fc059f4561f75e)