summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-12-05Merge pull request #1693 from sever-sever/T4860Christian Poessinger
T4860: Verify if mode in openconnect ocserv dict
2022-12-04T4860: Verify if mode in openconnect ocserv dictViacheslav Hletenko
openconnect authentication mode must be set check dict that 'mode' exists in openconnect authentication
2022-12-04T4848: Fix for default route vpn openconnectViacheslav Hletenko
ocserv template expects list of routes but gets str "default" it cause wrong routes like: route = d route = e route = f route = a route = u route = l route = t Fix it
2022-12-03Merge pull request #1691 from sarthurdev/T478Christian Poessinger
firewall: T478: Fix firewall group circular dependency check
2022-12-03firewall: T478: Fix firewall group circular dependency checksarthurdev
2022-12-02Merge pull request #1685 from sever-sever/T4805Christian Poessinger
T4805: Restart pppoe-server if client pool was changed
2022-12-02Merge pull request #1687 from sever-sever/T4825Christian Poessinger
T4825: Verify if you are trying to add a new vethX to exists pair
2022-12-02http-api: T4859: correct calling of script dependencies from http-api.pyJohn Estabrook
2022-12-02T4825: Verify if you are trying to add a new vethX to exists pairViacheslav Hletenko
Verify if you are trying to add a new vethX to exists pair: set int virtual-ethernet veth0 peer-name 'veth1' set int virtual-ethernet veth1 peer-name 'veth0' set int virtual-ethernet veth12 peer-name 'veth0' Verify veth-name and peer-name cannot be the same: set interfaces virtual-ethernet veth0 peer-name veth0
2022-12-02T4805: Restart pppoe-server if client pool was changedViacheslav Hletenko
Some changes for 'service pppoe-server' require 'restart' the accel-ppp@pppoe.service But we use option 'reload-or-restart' that doesn't work correctly with 'accel-ppp' Restart pppoe-server if client pool was changed
2022-12-02op-mode: T4767: drop sudo callsChristian Poessinger
It's easier and more obvious if the script is called with sudo itself and not spawning a sudo sessionf or each individual command.
2022-12-02Merge pull request #1646 from mkorobeinikov/4767pyChristian Poessinger
T4767: Rewrite generate ipsec archive to python
2022-11-30pki: T4847: set and call dependent scriptsJohn Estabrook
2022-11-29pki: T4847: fix typosJohn Estabrook
2022-11-29mpls: T915: verify interface actually exists on the systemChristian Poessinger
2022-11-28conf-mode: T4845: add external file for dict of config-mode dependenciesJohn Estabrook
2022-11-28T4844: Set DB directory rigths 755 in the update webproxy scriptaapostoliuk
Squidguard: Set DB directory rigths 755 in the update blacklist webproxy script
2022-11-25T4825: Verify if veth interface not used in conf before deletingViacheslav Hletenko
Prevent to delete interface "vethX" which used for another interface as "vethY peer-name vethX" set interfaces virtual-ethernet veth0 peer-name 'veth1' set interfaces virtual-ethernet veth1 peer-name 'veth0' commit delete interfaces virtual-ethernet veth0 commit
2022-11-24veth: T4825: minor improvements on XML peer-name handlingChristian Poessinger
2022-11-24Merge branch 'T4825' of https://github.com/sever-sever/vyos-1x into t4825-vethChristian Poessinger
* 'T4825' of https://github.com/sever-sever/vyos-1x: T4825: Add basic smoketest for veth interfaces T4825: Add interface type veth
2022-11-24T4825: Add interface type vethViacheslav Hletenko
Add interface type veth (Virtual ethernet) One of the usecases it's interconnect different vrf's and default vrf via bridge set interfaces virtual-ethernet veth0 peer-name 'veth1010' set interfaces virtual-ethernet veth1010 address '10.0.0.10/24' set interfaces virtual-ethernet veth1010 peer-name 'veth0' set interfaces virtual-ethernet veth1010 vrf 'foo' set interfaces bridge br0 address '10.0.0.1/24' set interfaces bridge br0 member interface veth0
2022-11-24T4837: expose "show ip route summary" in the op mode APIDaniil Baturin
2022-11-21graphql: T4574: add specific error message if token has expiredJohn Estabrook
Catch expiration error and return error-specific message instead of general 'not authenticated'.
2022-11-21graphql: T4574: use Optional in func_sigJohn Estabrook
A misreading of the makefun docs seemed to indicate Optional was not supported; it is.
2022-11-21graphql: T4544: use load_as_module from vyos.utilJohn Estabrook
load_as_module was added to util.py for T4821; prefer over local copy
2022-11-20IPsec: T4829: use type hint Optional for arg tunnel in reset_peerJohn Estabrook
2022-11-20IPsec: T4829: add missing import TimeoutExpiredJohn Estabrook
2022-11-20Merge pull request #1657 from sever-sever/T4812Daniil Baturin
T4812: Add op-mode Show vpn ipsec connections
2022-11-20op-mode: dns-forwarding: T4578: drop sudo callsChristian Poessinger
Commit 66288ccfee ("dns-forwarding: T4578: Rewrite show dns forwarding") added the implementation for the new standardized op-mode definitions/implementation. As the API daemon has the proper permissions and also the CLI op-mode calls the script already with "sudo", there is no need to call "sudo" inside this script, again. Also add dns.py to data/op-mode-standardized.json for the GraphQL schema to be generated.
2022-11-20T4827: Route-map state continue must be with action permit onlyViacheslav Hletenko
route-map action 'deny' cannot be used for "continue" as FRR does not validate it r14(config)# route-map FOO permit 100 r14(config-route-map)# route-map FOO deny 50 r14(config-route-map)# on-match goto 100 % Configuration failed. Error type: validation r14(config-route-map)#
2022-11-20vrf: T4562: no need to invode "sudo" when retrieving VRf informationChristian Poessinger
2022-11-18IPsec: T4828: raise op-mode error on incorrect valueJohn Estabrook
2022-11-18Merge pull request #1662 from jestabro/config-script-dependencyDaniil Baturin
firewall: T4821: correct calling of conf_mode script dependencies
2022-11-18Merge pull request #1645 from aapostoliuk/T4793-sagittaChristian Poessinger
T4793: Added warning about disable-route-autoinstall
2022-11-18T4793: Added warning about disable-route-autoinstallaapostoliuk
Added warning message about disable-route-autoinstall when ipsec vti is used.
2022-11-17Merge pull request #1654 from sarthurdev/pbr_refactorChristian Poessinger
policy: T2199: T4605: Migrate policy route interface node
2022-11-17firewall: T4821: correct calling of conf_mode script dependenciesJohn Estabrook
2022-11-16T4794: Fix show show firewall nameSander Klein
show firewall name <name> will output an error as explained in https://phabricator.vyos.net/T4794
2022-11-16bridge: T4673: remove "sudo" as there is no need to elevate permissionsChristian Poessinger
2022-11-16Revert "Revert "dns: T4799: fix bug with not reloading powerdns config""Christian Poessinger
This reverts commit 44df1cea1ebc3296844c5c35cf053a92cda4b944.
2022-11-15T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states. Ability to get --raw data
2022-11-15T4815: ip-up/down scripts needs the executable bitYuxiang Zhu
ip-up/down scripts added in https://github.com/vyos/vyos-1x/pull/1656 need the executable bit.
2022-11-14T4815: Fix various name server config issuesYuxiang Zhu
1. When a PPPoE session is connected, `pppd` will update `/etc/resolv.conf` regardless of `system name-server` option unless `no-peer-dns` is set. This is because `pppd` vendors scripts `/etc/ppp/ip-up.d/0000usepeerdns` and `/etc/ppp/ip-down.d/0000usepeerdns`, which updates `/etc/resolv.conf` on PPPoE connection and reverts the change on disconnection. This PR removes those scripts and adds custom scripts to update name server entries through `vyos-hostsd` instead. 2. There is a typo in `/etc/dhcp/dhclient-enter-hooks.d/04-vyos-resolvconf, which misspells variable name `new_dhcp6_name_servers` as `new_dhcpv6_name_servers`. This causes IPv6 name server entries in `vyos-hostsd` not updated when dhclient receives nameservers from DHCPv6. 3. Regular expressions in scripts under `/etc/dhcp/dhclient-enter-hooks.d` and `/etc/dhcp/dhclient-exit-hooks.d/` are not enclosed in `^$`, so those IPv4 related branches (like `BOUND`) could be mistakenly executed when an IPv6 reason (like `BOUND6`) is given.
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle
2022-11-10Merge pull request #1652 from aapostoliuk/T4496-sagittaChristian Poessinger
T4496: Refactoring vrf_list function in ping command
2022-11-10Merge pull request #1643 from sever-sever/T4789Christian Poessinger
T4789: Ability to get op-mode raw data for PPPoE L2TP SSTP IPoE
2022-11-10T4789: Ability to get op-mode raw data for PPPoE L2TP SSTP IPoEViacheslav Hletenko
Ability to get 'raw' data sessions and statistics for accel-ppp protocols IPoE/PPPoE/L2TP/PPTP/SSTP server
2022-11-10T4496: Refactoring vrf_list function in ping commandaapostoliuk
Changed the function code of vrf_list to using the function from vyos.util
2022-11-09Merge pull request #1647 from aapostoliuk/T4807-sagittaChristian Poessinger
T4807: Fixed traceroute help completion
2022-11-09T4807: Fixed traceroute help completionaapostoliuk
Changes in traceroute command: Added list of possible VRFs in the help. Added list of possible interfaces in the help. Changed, if an option was selected before, it does not appear in possible completion. Added error message when an unexpected option was selected