summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2024-05-01pppoe-server: T6234: fix permissions on migration scriptJohn Estabrook
2024-05-01Merge pull request #3392 from c-po/bgp-evpn-T6189Christian Breunig
bgp: T6189: L3VPN connectivity is broken after re-enabling VRF
2024-05-01bgp: T6189: explicitly call vtysh to remove VRF L3VNI configurationChristian Breunig
After e7bb65894 ("vrf: T6189: render FRR L3VNI configuration when creating VRF instance") we need to ensure that the VRF L3VNI configuration is removed in FRR prior to removing the BGP VRF instance. The reason is [1] where FRR only allows VRF BGP instance to be removed when there is NO VNI configured anymore. 1: https://github.com/FRRouting/frr/blob/064c3494527b9e84260410006768ed38e57e1de7/bgpd/bgp_vty.c#L1646-L1650
2024-05-01vrf: T6189: render FRR L3VNI configuration when creating VRF instanceChristian Breunig
When adding and removing VRF instances on the fly it was noticed that the vni statement under the VRF instance in FRR vanishes. This was caused by a race condition which was previously designed to fix another bug. The wierd design of a Python helper below the VRF tree to only generate the VNI configuration nodes is now gone and all is rendered in the proper place.
2024-05-01Merge pull request #3364 from natali-rs1985/T6234-currentDaniil Baturin
pppoe-server: T6234: PPPoE-server pado-delay refactoring
2024-05-01Merge pull request #3384 from sever-sever/T6287Daniil Baturin
T6287: Config-sync add the ability to configure API port
2024-05-01T6056: Change static-host-mapping shold not restart snmpdViacheslav Hletenko
We have several config XML definitions that use the same python3 script `system_host-name.py` https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_name-server.xml.in https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_host-name.xml.in https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_static-host-mapping.xml.in https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_domain-name.xml.in https://github.com/vyos/vyos-1x/blob/current/interface-definitions/system_domain-search.xml.in Any change in these scripts calls to restart the `service snmpd` The service `snmpd` should be restarted only if `host-name` or `domain-name` was changed. It is a good idea to rewrite it to `get_config_dict` in the future.
2024-05-01Merge pull request #3369 from sarthurdev/T6257Christian Breunig
firewall: T6257: Show member information for dynamic groups in op-mode
2024-05-01T6287: Config-sync add the ability to configure API portViacheslav Hletenko
Add the ability to configure the API port if the API on the secondary server works on a non-default port. The primary node will connect to configured port for config-sync ``` set service config-sync secondary address '192.0.2.11' set service config-sync secondary port '8443' ```
2024-04-30Merge pull request #3368 from sever-sever/T6267Christian Breunig
T6267: Check interface wireless module before apply config
2024-04-30Merge pull request #3371 from Embezzle/T4982Christian Breunig
openconnect: T4982: Support defining minimum TLS version in openconnect VPN
2024-04-30T6267: Check interface wireless module before apply configViacheslav Hletenko
Check if the wireless device/modem exists in the system and the module `ieee802111` was loaded In cases where we do not have wireless devices, it prevents the unexpected traceback ``` set interfaces wireless wlan0 address 192.0.2.5/32 commit Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/interfaces_wireless.py", line 269, in <modu> c = get_config() ^^^^^^^^^^^^ File "/usr/libexec/vyos/conf_mode/interfaces_wireless.py", line 104, in get_cg tmp = find_other_stations(conf, base, wifi['ifname']) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/libexec/vyos/conf_mode/interfaces_wireless.py", line 54, in find_os for phy in os.listdir('/sys/class/ieee80211'): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ FileNotFoundError: [Errno 2] No such file or directory: '/sys/class/ieee80211' ```
2024-04-29openconnect: T4982: Support defining minimum TLS version in openconnect VPNAlex W
2024-04-29T6272: Changed interface existence verification in pppoe/ipoe to Warningaapostoliuk
Throwing Warning message instead of Error if interface which is used in pppoe/ipoe does not exist.
2024-04-28configdep: T6276: do not call dependencies on script errorJohn Estabrook
2024-04-26firewall: T6257: Show member information for dynamic groups in op-modesarthurdev
2024-04-25Merge pull request #3363 from sever-sever/T6263Christian Breunig
T6263: Groups 224.0.0.0/24 are reserved and cannot be joined
2024-04-25Merge pull request #3316 from HollyGurza/T4248Daniil Baturin
qos: T4248: Allow to remove the only rule from the qos class
2024-04-25pppoe-server: T6234: PPPoE-server pado-delay refactoringNataliia Solomko
2024-04-25T6263: Groups 224.0.0.0/24 are reserved and cannot be joinedViacheslav Hletenko
The join addresses within the multicast group 224.0.0.0/24 are reserved and cannot be joined FRR ``` r4(config)# interface eth2 r4(config-if)# ip igmp join 224.0.0.0 224.0.0.10 % Configuration failed. Error type: validation Error description: Groups within 224.0.0.0/24 are reserved and cannot be joined r4(config-if)# ``` Add verify check
2024-04-24T5833: Not all AFIs compatible with VRF add verify checkViacheslav Hletenko
Not all FRR address-families compatibe with VRF ``` r4# conf t r4(config)# router bgp 65001 vrf bgp r4(config-router)# r4(config-router)# address-family ipv4 flowspec Only Unicast/Multicast/EVPN SAFIs supported in non-core instances. r4(config-router)# r4(config-router)# address-family ipv4 labeled-unicast Only Unicast/Multicast/EVPN SAFIs supported in non-core instances. r4(config-router)# r4(config-router)# address-family ipv4 vpn Only Unicast/Multicast/EVPN SAFIs supported in non-core instances. r4(config-router)# ``` Add verify AFI for VRF
2024-04-24Merge pull request #3345 from Embezzle/T6259Daniil Baturin
PKI: T6259: Support RFC822 names in certificate generation
2024-04-23Merge pull request #3354 from sever-sever/T6217Christian Breunig
T6217: Conntrack-sync change the actual name of the script
2024-04-23T6109: Fix remote logging for sudo commandsViacheslav Hletenko
This fix for bug when `sudo` commands were not send to the remote syslog server. They stop before the directive that includes all configurations `$IncludeConfig /etc/rsyslog.d/*.conf`
2024-04-23T6217: Conntrack-sync change the actual name of the scriptViacheslav Hletenko
The actual name of the script is `vyos-vrrp-conntracksync.sh`
2024-04-23Merge pull request #3346 from jestabro/add-image-enospcChristian Breunig
image-tools: T6260: remove persistence image directory if no space error
2024-04-22connect_disconnect: T6261: correction to typo in check_ppp_running functionGinko
Connect_disconnect: T6261: correction to typo in check_ppp_running function Changes include: 1. Replaces "beeing" -> being in print statement for check_ppp_running 2. Replaces "can not" -> cannot in print statement on lines 61 and 93
2024-04-22ntp: T4909: Rewrite NTP op mode in new formatGinko
ntp: T4909: Rewrite NTP op mode in new format Adapts ntp.xml.in to reference new ntp.py file Add ntp.py Adds a check to ntp.py to verify if the ntp service is configured Adds raw mode to ntp.py For raw output, replaces the original method of parsing the command line output FROM re.split+regex TO csv.reader. Separates chrony commands into equivalent functions show_tracking, show_sources, source_sourcestats and show_activity Revises the names of raw dictionary keys variables to be lowercase Corrects a comment typo and renames function name used for raw mode
2024-04-22image-tools: T6260: remove persistence image directory if no space errorJohn Estabrook
2024-04-22PKI: T6259: Support RFC822 names in certificate generationAlex W
2024-04-22Merge pull request #3336 from c-po/t6244-seconds_to_humanDaniil Baturin
vyos.utils: T6244: add whitespace after time unit in uptime
2024-04-21smoketest: support dynamic enable of smoketest debuggingChristian Breunig
$ touch /tmp/vyos.smoketest.debug will enable dynamic debugging of the smoketests - showing the appropriate CLI commands on stdout
2024-04-21op-mode: T6244: add whitespace after time unit in "show system uptime"Christian Breunig
2024-04-21T6246: improve haproxy http check configurationNicolas Vollmar
2024-04-18openvpn: T6245: return 'n/a' if client info not availableJohn Estabrook
2024-04-18Merge pull request #3326 from sever-sever/T6221Daniil Baturin
T6221: Return default ip rule values after deleting VRF
2024-04-18pki: T6241: do not call dependency before its initializationJohn Estabrook
2024-04-18T6221: Return default ip rule values after deleting VRFViacheslav Hletenko
Fix for restoring default ip rule values after deleting VRF Defult values: ``` $ ip rule 0: from all lookup local 32766: from all lookup main 32767: from all lookup default ``` After adding and deleting a VRF we get unexpected values: ``` $ ip rule 1000: from all lookup [l3mdev-table] 2000: from all lookup [l3mdev-table] unreachable 32765: from all lookup local 32766: from all lookup main 32767: from all lookup default ```
2024-04-16image-tools: T6154: installer prompts to confirm a non-default passwdJohn Estabrook
2024-04-16Merge pull request #3313 from sever-sever/T5722Daniil Baturin
T5722: Failover route add option onlink
2024-04-16Merge pull request #3315 from Embezzle/T6242Daniil Baturin
T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify server certificates
2024-04-16qos: T4248: Allow to remove the only rule from the qos classkhramshinr
2024-04-15T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify ↵Alex W
server certificates
2024-04-15Merge pull request #3311 from sarthurdev/T6241John Estabrook
pki: T6241: Fix dependency updates on PKI changes
2024-04-15T5722: Failover route add option onlinkViacheslav Hletenko
onlink pretend that the nexthop is directly attached to this link, even if it does not match any interface prefix. Useful when gateway not in the same interface network set interfaces ethernet eth0 vif 10 address '10.20.30.1/32' set protocols static route 10.20.30.0/32 interface eth0.10 set protocols failover route 192.0.2.11/32 next-hop 10.20.30.0 onlink ``` vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 metric 1 proto failover Error: Nexthop has invalid gateway. [edit] vyos@r4# [edit] vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 onlink metric 1 proto failover [edit] vyos@r4# ```
2024-04-15Merge pull request #3309 from nicolas-fort/T5535Daniil Baturin
T5535: firewall: migrate command <set system ip disable-directed-broadcast> to firewall global-optinos
2024-04-15pki: T6241: Fix dependency updates on PKI changessarthurdev
2024-04-15T5535: firewall: migrate command <set system ip disable-directed-broadcast> ↵Nicolas Fort
to firewall global-optinos
2024-04-15T5734: OpenVPN check PKI DH name exists if DH configuredViacheslav Hletenko
Check if DH is configured for OpenVPN but does not exist in the PKI section ``` set pki dh dh-correct parameters 'xxxx' set interfaces openvpn vtun10 tls dh-params 'dh-fake' File "/usr/libexec/vyos/conf_mode/interfaces_openvpn.py", line 208, in verify_pki pki_dh = pki['dh'][tls['dh_params']] ~~~~~~~~~^^^^^^^^^^^^^^^^^^ KeyError: 'dh-fake' ```
2024-04-12Merge pull request #3291 from aapostoliuk/T6100-circinusChristian Breunig
T6100: Added NAT migration from IP/Netmask to Network/Netmask