Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-08-16 | Merge pull request #2150 from ↵ | John Estabrook | |
dmbaturin/T5271-openvpn-peer-fingerprint-restrictions T5271: allow OpenVPN peer-fingerprint to be used instead of a CA in site-to-site mode | |||
2023-08-16 | netplug: T5476: rewrite dhclient helper from Perl -> Python | Christian Breunig | |
There are two hooks called for bridge, ethernet and bond interfaces if the link-state changes up -> down or down -> up. The helpers are: * /etc/netplug/linkdown.d/dhclient * /etc/netplug/linkup.d/dhclient As those helpers use Linux actions to start/restart the dhclient process in Perl it's time to rewrite it. First goal is to get rid of all Perl code and the second is that we now have a Proper Python library. Instead of checking if the process is running the then restarting it without even systemd noticing (yeah we might get two processes beeing alive) we should: * Add a Python helper that can be used for both up and down (see man 8 netplugd FILES section) * Query the VyOS CLI config if the interface in question has DHCP(v6) configured and is not disabled * Add IPv6 DHCPv6 support MAN page: https://linux.die.net/man/8/netplugd | |||
2023-08-15 | T5483: clean up tmp config file | John Estabrook | |
2023-08-15 | T5271: allow the user to specify either CA or peer fingerprint | Daniil Baturin | |
in OpenVPN site-to-site mode | |||
2023-08-15 | T5478: remove config-trap configuration parser in firewall | Nicolas Fort | |
2023-08-14 | pki: T5477: use Config instead of ConfigTreeQuery for defaults | John Estabrook | |
2023-08-12 | T5160: fix merge regression | John Estabrook | |
2023-08-12 | T5467: removing ospf(v3) or isis interface in VRF context did not clear FRR ↵ | Christian Breunig | |
config To reproduce: set vrf name red table 2000 set vrf name red protocols ospf interface eth1 area 0 set vrf name red protocols ospf parameters router-id 1.1.1.1 set interfaces ethernet eth1 vrf red commit FRR now has an interface config vyos@vyos# vtysh -c "show run" no-header | sed -n "/^interface eth1/,/!/p" interface eth1 ip ospf area 0 ip ospf dead-interval 40 exit Now delete the interface from the OSPF(v3) or ISIS process delete vrf name red protocols ospf interface commit It's still there vyos@vyos# vtysh -c "show run" no-header | sed -n "/^interface eth1/,/!/p" interface eth1 ip ospf area 0 ip ospf dead-interval 40 exit ! Issue was caused in the FRR vtysh representation of an interface. It used to have a "vrf <name>" marker in earlier versions but FRR 8.5 and later no longer have the marker. So "interface eth1 vrf red" became "interface eth1" in vtysh, but our regex expected the "vrf" identifier when modifying FRR config. | |||
2023-08-11 | Merge pull request #2016 from nicolas-fort/T5160 | Christian Breunig | |
T5160: Firewall refactor | |||
2023-08-11 | Merge pull request #2148 from sever-sever/T5448 | Daniil Baturin | |
T5448: Move zabbix-agent to node monitoring | |||
2023-08-11 | interface: T5465: adjust-mss: config migration fails if applied to a VLAN or ↵ | Christian Breunig | |
Q-in-Q interface When migration from 1.3 to 1.4 and a user hat the following configured: options { interface eth0.10{ adjust-mss 1452 adjust-mss6 1432 } } The configuration was wrongly migrated to: interfaces { ethernet eth0.10 { ipv6 { adjust-mss "1432" } ip { adjust-mss "1452" } } Instead of interfaces { ethernet eth0 { vif 10 { ipv6 { adjust-mss "1432" } ip { adjust-mss "1452" } } } | |||
2023-08-11 | T5440: Restore pre/postconfig scripts if user deleted them | Apachez | |
Using variable ${vyos_rootfs_dir} instead of wildcard for both restore_if_missing_preconfig and restore_if_missing_postconfig. | |||
2023-08-11 | T5460: remove config-trap from firewall | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵ | Nicolas Fort | |
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip. | |||
2023-08-11 | T5160: firewall refactor: fix firewall template for correct rule parsing ↵ | Nicolas Fort | |
that contains fqnd and/or geo-ip in base chains. Fix mig script | |||
2023-08-11 | T5160: T5250: while refactoring, fix reference column for op-mode command ↵ | Nicolas Fort | |
show_firewall_group. | |||
2023-08-11 | T5160: firewall refactor: change firewall ip to firewall ipv4 | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor. Update op-mode commands to new syntax. | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: new cli structure. Add migration script and update ↵ | Nicolas Fort | |
smoketest | |||
2023-08-11 | T5160: firewall refactor: new cli structure. Update jinja templates, python ↵ | Nicolas Fort | |
scripts and src firewall | |||
2023-08-11 | T5448: Move zabbix-agent to node monitoring | Viacheslav Hletenko | |
Move 'service zabbix-agent' => 'service monitoring zabbix-agent' | |||
2023-08-11 | Merge pull request #2147 from jestabro/remaining-defaults | Viacheslav Hletenko | |
T5434: remove reamining calls to incorrect defaults | |||
2023-08-11 | Merge pull request #2146 from dmbaturin/T5270-openvpn-dh-optional | Christian Breunig | |
openvpn: T5270: do not require classic DH params in any mode | |||
2023-08-10 | T5319: remove defaults workarounds in vyos-domain-resolver.py | John Estabrook | |
2023-08-10 | T5434: use package specific cache in nosetests | John Estabrook | |
2023-08-10 | T5434: use auto-defaults in op-mode pki.py | John Estabrook | |
2023-08-10 | T5319: remove workaround in op-mode show_openconnect_otp.py | John Estabrook | |
2023-08-10 | Merge pull request #2140 from sever-sever/T5448 | Daniil Baturin | |
T5448: Add service zabbix-agent | |||
2023-08-10 | openvpn: T5270: do not require classic DH params in any more | Daniil Baturin | |
Generate 'dh none' instead and let OpenVPN use ECDH | |||
2023-08-10 | tunnel: T5223: clear GRE key id after deletion | srividya0208 | |
2023-08-09 | pki: T5273: add a certificate fingerprint command | Daniil Baturin | |
2023-08-09 | T5448: Add service zabbix-agent version 2 | Viacheslav Hletenko | |
Add service zabbix-agent set service zabbix-agent directory '/config/zabbix/' set service zabbix-agent limits buffer-flush-interval '8' set service zabbix-agent limits buffer-size '120' set service zabbix-agent log debug-level 'warning' set service zabbix-agent log size '1' set service zabbix-agent server '192.0.2.5' set service zabbix-agent server-active 192.0.2.5 port '10051' set service zabbix-agent server-active 2001:db8::123 | |||
2023-08-09 | Merge pull request #2136 from jestabro/with-defaults | Christian Breunig | |
T5319: remove workarounds for incorrect defaults in config-mode scripts | |||
2023-08-08 | Merge pull request #2119 from nicolas-fort/T5014-dnat | Christian Breunig | |
T5014: nat: add source and destination nat options for configuring lo… | |||
2023-08-07 | dhcp: T5428: always release lease from default VRF | Christian Breunig | |
Otherwise packet can be received in a VRF that was already deleted. Image of the following CLI commands: del interface ethernet eth0 address dhcp del interface ethernet eth0 vrf red del vrf name red VRF could be deleted even if dhclient release was not yet completely processed. | |||
2023-08-07 | T5319: remove workarounds for defaults in vpp.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in vpn_openconnect.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in vpn_ipsec.py | John Estabrook | |
2023-08-07 | T5434: use auto-defaults in tftp_server.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in system-syslog.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in system_sflow.py | John Estabrook | |
2023-08-07 | T5434: use auto-defaults in system-option.py | John Estabrook | |
2023-08-07 | T5434: use auto-defaults in system-logs.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in system-login.py | John Estabrook | |
2023-08-07 | T5434: use auto-defaults in system-ipv6.py | John Estabrook | |
2023-08-07 | T5434: use auto-defaults in system-ip.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in system_console.py | John Estabrook | |
2023-08-07 | T5434: use merge_defaults in ssh.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in snmp.py | John Estabrook | |
2023-08-07 | T5319: remove workarounds for defaults in service_webproxy.py | John Estabrook | |