summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-06-10http-api: T5263: path validator should provide messageJohn Estabrook
2023-06-10Merge pull request #2015 from sever-sever/T5231Christian Breunig
T5231: Add op-mode for show reverse-proxy
2023-06-10Merge pull request #2034 from erkin/currentChristian Breunig
T3472: Print warning when commit-confirm is run as regular user
2023-06-10Merge pull request #2035 from indrajitr/ddclient-improvement-round-4Christian Breunig
dns: T5144: Improve dynamic dns monitor and log and miscellaneous updates
2023-06-10dhcpv6-relay: T5277: service does not start on bootJohn
2023-06-09dns: T5144: Force systemd daemon-reload on ddclient config changeIndrajit Raychaudhuri
2023-06-09T3472: Print warning when commit-confirm is run as regular usererkin
2023-06-07Merge pull request #2029 from indrajitr/ddclient-improvement-round-3Christian Breunig
dns: T5144: Refactor smoke tests for dynamic dns operation
2023-06-06dns: T5144: Update copyright yearIndrajit Raychaudhuri
2023-06-06dns: T5144: Handle partial conf mode CLI gracefullyIndrajit Raychaudhuri
Prevent failure when the user enters a partial CLI command without any address specified. Also, apply some minor formatting changes.
2023-06-06op-mode: T5262: use module function instead of methodJohn Estabrook
2023-06-06op mode: T5262: add a warning message about unsaved config changesDaniil Baturin
on reboot and shutdown attempts
2023-06-06Merge pull request #2027 from cuongdt1994/patch-1Daniil Baturin
T5260: Do not use deprecated python crypt module
2023-06-06T5260: Do not use deprecated python crypt modulecuongdt1994
Remove the quotes, this will always return the hash for string "password".
2023-06-06Don't use deprecated crypt module.cuongdt1994
2023-06-05Merge pull request #2005 from indrajitr/ddclient-improvement-round-2Christian Breunig
dns: T5144: Modernize dynamic dns operation (round 2)
2023-06-05openconnect: T5259: fix migration logic in delete_value radius|localJohn Estabrook
Incorrect logic of node deletion now raises error, after T5251.
2023-06-04dns: T5144: Streamline ddclient systemd service overrideIndrajit Raychaudhuri
Templatize systemd override for ddclient service and move the generated override files in /run. This ensures that the override files are always generated afresh after boot. Additionally, simplify the systemd override file by removing the redundant/superfluous overrides.
2023-06-04dns: T5144: Add pid and cache config as ddclient globalIndrajit Raychaudhuri
2023-06-04dns: T5144: Relocate ddclient op-mode config files for consistency with ↵Indrajit Raychaudhuri
config path
2023-06-04dns: T5144: Relocate ddclient template path for consistency with config pathIndrajit Raychaudhuri
2023-06-04dns: T5144: Apply migration for dynamic dns path updateIndrajit Raychaudhuri
Create migration and bump package version from 0 -> 1 for dynamic dns
2023-06-04dns: T5144: Restrict dualstack for dyndns2 protocol to dyn.comIndrajit Raychaudhuri
ddclient implementation of dualstack for dyndns2 protocol is targeted for dyn.com (dyndns.org) only. Dualstack won't work for other servers supporting dyndns2 protocol (for example, dyn.dns.he.net).
2023-06-03dns: T5144: Modernize dynamic dns operationIndrajit Raychaudhuri
Apply next round of configuration tree updates to 'service dns dynamic' with the following changes: - Migrate `service dns dynamic interface <interface> [use-web]` to `service dns dynamic address <interface>` or `service dns dynamic address web [web-options]` This communicates the intent that dynamic dns IP address is detected in only one way - using the `<interface>` or using an external web request, not both. - When using external web request, (`service dns dynamic address web`), external url is optional (`web-options url`). Ddclient defaults are used when unspecified, - Rename all config `login` to `username` for consistency and also to align better with alternative ddclient backends in consideration. - Apply global 'ipv6-enable' to per service 'ip-version: ipv6'. Selecting usage of IPv4 or IPv6 (or both simultaneously) is now at per service (protocol) level instead of global level. This allows more control on the ability to select IPv4 in some cases and IPv6 in some other cases wherever supported by the underlying ddclient protocol. - While the IP address (and by extension, the detection mechanism) is global, the way it is applied to a particular ddclient protocol depends on whether it supports IPv4 or IPv6 or both. - Related to the above, this also prevents generating incorrect config file (`ddclient.conf`) with multiple global sections leading to an unpredictable behavior of ddclient. - Implement provider (protocol) specific custom tweaks whenever possible (e.g., `zone`, `username`, `server` are not necessary in all cases). - Move service name from a combination of 'protocol' (with protocol config autodetected) and custom (with protocol config specified) to a single 'service' key. This allows for consisent setup of multiple config for the same ddclient protocol (with different options and credentials). This also avoid ambiguity with usual networking term 'protocol' and ddclient specific term 'protocol' (and can change with a move to a different backend). - Apply upfront XML constraints and validations consistently wherever applicable. - RFC2136 specific change: Rename rfc2136 config `record` to `host-name` for consistency. - Cloudflare specific change: While ddclient still supports authenticating with email and global auth key, skipping `username` in config will indicate the intent to use API token authentication (with special 'token' literal as `username`).
2023-06-03T5257: add verify_vrf() check for flow-accountingChristian Breunig
2023-06-03T5257: import cleanup for flow-accountingChristian Breunig
2023-06-03T5257: Fix netflow VRF and bracketize v6 source addresses for netflow/sflowWered
2023-06-02Merge pull request #2023 from jestabro/error-passingViacheslav Hletenko
configtree: T5251: catch/raise errors in functions delete and delete_value
2023-05-31migration: T5251: fix incorrect logic in calling configtree.deleteJohn Estabrook
The node was already deleted in the 'if path exists' branch; attempt to delete in 'else' branch will now raise an error.
2023-05-31Merge pull request #2021 from blank0608/T5210Christian Breunig
T5210:VPN:Fix typo in Warning
2023-05-31T5210: VPN: Fix typo in WarningJohn Landicho
2023-05-29netns: T3829: remove debug print() statemementChristian Breunig
2023-05-29T5234: add bash prompt identifier for given Network namespaceChristian Breunig
2023-05-29T5234: extend color prompt with VRF instance nameChristian Breunig
2023-05-28ipsec: T5042: fix remote-access "Tunnel IP" columnChristian Breunig
Connection ID Username Protocol State Uptime Tunnel IP --------------- ---------- ---------- ------- -------- ----------------- 27 cpo IKEv2 UP 11s ['172.16.222.17'] "Tunnel IP" should be a string over list.
2023-05-28router-advert: T5240: verify() that no more then 3 IPv6 name-servers configuredChristian Breunig
This is a radvd limitation.
2023-05-26bridge: T4579: fix error message for bridge and bond membershipChristian Breunig
2023-05-25T5231: Add op-mode for show reverse-proxyViacheslav Hletenko
Add op-mode CLI for reverse-proxy "show reverse-proxy" Ability to get JSON and formatted output
2023-05-21T5234: add bash prompt identifier for given VRF instanceChristian Breunig
2023-05-19T5222: reverse-proxy add send-proxy option for backend serverViacheslav Hletenko
To accept a Proxy Protocol header on incoming TCP connections, add an accept-proxy parameter to the bind line in a frontend section. This parameter detects both Proxy Protocol version 1 (text format) and Proxy Protocol version 2 (binary format). set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
2023-05-19T5222: Refactoring load-balancing reverse-proxyViacheslav Hletenko
Improve and refactoring "load-balancing reverse-proxy" - replace 'reverse-proxy server <tag>' => 'reverse-proxy service <tag>' - replace 'reverse-proxy global-parameters tls <xxx>' => 'reverse-proxy global-parameters tls-version-min xxx' => 'reverse-proxy global-parameters ssl-bind-ciphers xxx' - replace 'reverse-proxy service https rule <tag> set server 'xxx' => 'reverse-proxy service https rule <tag> set backend 'xxx' 'service https rule <tag> domain-name xxx' set as multinode
2023-05-17Merge pull request #2004 from sever-sever/T5222Christian Breunig
T5222: Add load-balancing for web traffic
2023-05-17T5222: Add load-balancing for web trafficViacheslav Hletenko
2023-05-14T5224: Stop syslog.socket alongside syslog.serviceJoe Groocock
Avoids the following warning, and any external service from re-activating syslog via systemd socket activation: frebib@vyos# commit [ system syslog ] DEBUG/COMMAND returned (err): Warning: Stopping syslog.service, but it can still be activated by: syslog.socket DEBUG/COMMAND cmd 'systemctl stop syslog.service' Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-14T5224: Fix `del system syslog`Joe Groocock
os.unlink() is the correct function: Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 146, in <module> generate(c) File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 114, in generate os.path.unlink(rsyslog_conf) ^^^^^^^^^^^^^^ AttributeError: module 'posixpath' has no attribute 'unlink' Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-12ethernet: T3891: add conditional code-path when doing speed/duplex changesChristian Breunig
There is no need for the backend code to call ethtool and try to change speed or duplex settings every time there is a change in the interface configuration, but no change for the speed/duplex subnodes. This also makes the commit itself faster when working with ethernet interfaces. Bonus: no repeating CLI messages that the driver does not support speed/duplex changes, as we do not change anything here. Extension to commit f2ecc9710 ("ethernet: T3891: honor auto-negotiation support per NIC")
2023-05-12ocserv: T3896: improve XML definition and add warning about 3rd party configsChristian Breunig
When enabling identity-based-config, users can add arbitrary config keys that are processed by ocserv. The user "must know" what he is been doing, as invalid config option will make the ocserv daemon go ... whoop! Thus add a warning and inform the user about this setting.
2023-05-12Merge pull request #1783 from PeppyH/T3896-ocserv-config-per-xChristian Breunig
ocserv: T3896: add CLI options to configure ocserv config-per-user/group
2023-05-12Merge pull request #2002 from Zen3515/fix-cloudflare-ddnsChristian Breunig
T5219: ddclient: Allow not set login for Cloudflare API token
2023-05-12T5219: ddclient: Cloudflare doesn't require loginZen3515