Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-10-10 | update writer to nicer read write | Kim Hagen | |
2021-10-08 | tunnel: T3893: harden logic when validating tunnel parameters | Christian Poessinger | |
Different types of tunnels have different keys set in get_interface_config(). Thus it should be properly verified (by e.g. using dict_search()) that the key in question esits to not raise KeyError. | |||
2021-10-07 | Merge branch 'current' into 2fa | Kim | |
2021-10-07 | openvpn: T3642: Fix password_protected check | Nicolas Riebesel | |
2021-10-07 | openvpn: T3805: fix bool logic in verify_pki() for client mode | Christian Poessinger | |
Add support for OpenVPN client mode with only the CA certificate of the server installed. | |||
2021-10-07 | openvpn: T3805: drop privileges using systemd - required for rtnetlink | Christian Poessinger | |
2021-10-07 | openvpn: T3805: use vyos.util.makedir() to create system directories | Christian Poessinger | |
2021-10-07 | openvpn: T3805: use vyos.util.write_file() to store certificates | Christian Poessinger | |
2021-10-07 | pull request fixes | Kim Hagen | |
2021-10-04 | bgp: T3741: "parameter default no-ipv4-unicast" is now a default option | Christian Poessinger | |
2021-10-04 | T3889: Revert "dhcpv6-pd: T421: disable wide dhcpv6 client debug messages" | Christian Poessinger | |
This reverts commit 6b48900358ce9b01eaa78e3a086e95a26064f0df. | |||
2021-10-04 | OpenVPN: T3350: Changed custom options for OpenVPN processing | zsdc | |
Custom OpenVPN options moved back to the command line from a configuration file. This should keep full compatibility with the `crux` branch, and allows to avoid mistakes with parsing options that contain `--` in the middle. The only smart part of this - handling a `push` option. Because of internal changes in OpenVPN, previously it did not require an argument in the double-quotes, but after version update in `equuleus` and `sagitta` old syntax became invalid. So, all the `push` options are processed to add quotes. The solution is still not complete, because if a single config line contains `push` with other options, it will not work, but it is better than nothing. | |||
2021-10-02 | dns: forwarding: T3882: remove deprecated code to work with PowerDNS 4.5 | Christian Poessinger | |
(cherry picked from commit 8e6c48563d1612916bd7fcc665d70bfa77ec5667) | |||
2021-09-30 | interface-names: T3869: update udev rules | John Estabrook | |
2021-09-27 | interface-names: T3869: add vyos_net_name | John Estabrook | |
2021-09-27 | interface-names: T3869: add vyos_interface_rescan | John Estabrook | |
2021-09-27 | nat66: T3863: ndppd requires interfaces to be present | Christian Poessinger | |
2021-09-27 | frr: T2175: rename daemon Jinja2 templates to match (d)aemon suffix | Christian Poessinger | |
2021-09-26 | T3866: ignore interfaces without "address" in DNS forwarding migration | Daniil Baturin | |
2021-09-26 | op-mode: pki: T3826: perform input validation when listing certificates | Christian Poessinger | |
2021-09-26 | op-mode: reboot/poweroff: T3857: send wall message to all users | Christian Poessinger | |
2021-09-25 | ipsec: T2816: ipsec-dhclient-hook should only run if swanctl.conf exists | Christian Poessinger | |
2021-09-25 | ipsec: T2816: ipsec-dhclient-hook should use exit(0) | Christian Poessinger | |
2021-09-25 | ipsec: T2816: ipsec-dhclient-hook should use vyos.util.read_file() / ↵ | Christian Poessinger | |
write_file() | |||
2021-09-23 | openvpn: T3642: Fix password_protected check | Nicolas Riebesel | |
2021-09-22 | vrrp: keepalived: T3847: enable no_tag_node_value_mangle for get_config_dict() | Christian Poessinger | |
Commit 761631d6 ("vrrp: keepalived: T3847: migrate to get_config_dict()") switched to the new python function get_config_dict(), when we deal with tag nodes that can contain a hyphen, we should also set no_tag_node_value_mangle in order to preserve it. This caused a dict lookup error as the hyphens in the test scripts got replaced by an _. | |||
2021-09-21 | vrrp: keepalived: T3847: migrate/streamline CLI options | Christian Poessinger | |
Rename virtual-address -> address as we always talk about an IP address. | |||
2021-09-21 | vrrp: keepalived: T3847: remove "transition-script mode-force" option | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T3847: migrate to get_config_dict() | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T616: move configuration to volatile /run directory | Christian Poessinger | |
Move keepalived configuration from /etc/keepalived to /run/keepalived. | |||
2021-09-21 | vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks feature | Christian Poessinger | |
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file. | |||
2021-09-19 | ipsec: T1441: Clean up vti-up-down script for XFRM interfaces | Lucas Christian | |
2021-09-19 | dhcp-server: T3672: migrate failover name option | Christian Poessinger | |
Commit 2985035b (dhcp-server: T3672: re-add missing "name" CLI option) unfortunately did not add the name option to the migration script. | |||
2021-09-19 | dhcp-server: T3672: re-add missing "name" CLI option | Christian Poessinger | |
This option is mandatory and must be user configurable as it needs to match on both sides. | |||
2021-09-19 | dhcp-server: T3672: only one failover peer is supported | Christian Poessinger | |
2021-09-19 | op-mode: nat: T3648: Fix NAT script errors | jack9603301 | |
2021-09-18 | container: T2216: add IPv6 support to container networks | Christian Poessinger | |
2021-09-18 | dhcp-server: T3838: rename dns-server to name-server node | Christian Poessinger | |
IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6. | |||
2021-09-18 | dhcp-server: T1968: allow multiple static-routes to be configured | Christian Poessinger | |
vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } } | |||
2021-09-18 | validator: T2417: bugfix on Python3 f'ormat strings | Christian Poessinger | |
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword. | |||
2021-09-17 | Merge pull request #1007 from erkin/current | Christian Poessinger | |
T3823: Stop strip-private regexp from swallowing quotes | |||
2021-09-17 | T3823: Stop strip-private regexp from swallowing quotes | erkin | |
2021-09-15 | ipsec: T3830: "authentication id|use-x509-id" are mutually exclusive | Christian Poessinger | |
Manually set peer id and use-x509-id are mutually exclusive! | |||
2021-09-14 | dhcpv6-pd: T421: disable wide dhcpv6 client debug messages | Christian Poessinger | |
2021-09-11 | Fix inconsistent capitalization in the show version output | Daniil Baturin | |
2021-09-10 | wireguard: T3642: directly import keys to CLI when run in config mode | Christian Poessinger | |
vyos@vyos# run generate pki wireguard key-pair install interface wg10 "generate" CLI command executed from config session. Generated private-key was imported to CLI! Use the following command to verify: show interfaces wireguard wg10 Corresponding public-key to use on peer system is: 'hGaWcoG7f+5sPAUY/MNQH1JFhsYdsGTecYA9S2J8xGs=' vyos@vyos# run generate pki wireguard preshared-key install interface wg10 peer vyos "generate" CLI command executed from config session. Generated preshared-key was imported to CLI! Use the following command to verify: show interfaces wireguard wg10 vyos@vyos# show interfaces wireguard wg10 +peer vyos { + preshared-key OwTALZy8w6VIBMxUwbOv6Ys7QMyhrtY4aw+0cUjmmCw= +} +private-key 0Pu95CejvCUCCwrTW39TCYnitESWAdIIFTVJb7UgxVU= [edit] | |||
2021-09-10 | frr: T1514: refactor restart script and drop duplicated code | Christian Poessinger | |
2021-09-10 | Merge pull request #1000 from sever-sever/T3810 | Christian Poessinger | |
squid: squidguard: T3810: Fix template for sourcre-group and rule | |||
2021-09-10 | squidguard: T3810: Set DB directory rigths 755 | Viacheslav | |
2021-09-10 | ethernet: T3802: use only one implementation for get_driver_name() | Christian Poessinger | |
Move the two implementations to get the driver name of a NIC from ethernet.py and ethtool.py to only ethtool.py. (cherry picked from commit 07840977834816b69fa3b366817d90f44b5dc7a7) |