summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-01-30container: T4959: Add container registry authentication config for containersZen3515
2023-01-30Merge pull request #1761 from sever-sever/T4916-currViacheslav Hletenko
T4916: Rewrite IPsec peer authentication and psk migration
2023-01-28vrrp: T1297: improve gratuitous ARP default value handling and help stringsChristian Breunig
2023-01-28openconnect: T4955: Removed wrong acctserver in radiusclient.confJamie Austin
Removes port key from accounting server merged config dictionary.
2023-01-28T4958: ocserv: openconnect: refactor RADIUS accounting supportJamie Austin
2023-01-28T4958: ocserv: openconnect: adds support for configuring RADIUS accountingJamie Austin
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
2023-01-27Merge pull request #1785 from aapostoliuk/T4955-sagittaChristian Breunig
openconnect: T4955: Removed wrong authserver in radiusclient.conf
2023-01-27sysctl: T4928: remove outdated conntrack_helperMartin Böh
This sysctl has been removed from kernel 6.0.X onwards but its removal was skipped when upgrading the kernel. See: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/netfilter?id=b118509076b39cc5e616c0680312b5caaca535fe
2023-01-26ntp: T4961: create path ['service'] if it doesn't existJohn Estabrook
config.copy does not recursively create nodes of the path. On install image, the path ['service'] is not present in config.boot.default, so must be created before config.copy['service', 'ntp'].
2023-01-26openconnect: T4955: Removed wrong authserver in radiusclient.confaapostoliuk
After merging config dictionary with default values, radius port the default value was merged not in a proper way. It is added as a server. After creating radiusclient.conf added and the illegal authserver equal 'port'.
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2023-01-25Merge pull request #1777 from nicolas-fort/T1297-garpChristian Breunig
T1297: VRRP: add garp options to vrrp
2023-01-25T1297: VRRP: add garp options to vrrpNicolas Fort
2023-01-25T4940: new interfaces debugging command Executablemkorobeinikov
make the file (generate_interfaces_debug_archive.py ) executable
2023-01-24op-mode: T4951: bugfix InsufficientResources SyntaxError: invalid syntaxChristian Breunig
Commit b5e90197 ("op mode: T4951: add InsufficientResources error") missed out a comma when extending the op_mode_err_msg dictionary.
2023-01-24Merge pull request #1766 from erkin/igmpChristian Breunig
igmp-proxy: T4912: Rewrite show IGMP proxy commands in the new op-mode format
2023-01-24Merge pull request #1771 from mkorobeinikov/currentChristian Breunig
T4940: new interfaces debugging command
2023-01-24Merge pull request #1779 from dmbaturin/T4951-resource-errorChristian Breunig
op mode: T4951: add InsufficientResources error
2023-01-23graphql: T4953: remove convert_kwargs_to_snake_case decoratorJohn Estabrook
2023-01-23graphql: T4544: use opmode._is_op_mode_function_name instead of local copyJohn Estabrook
2023-01-23op mode: T4951: add InsufficientResources errorDaniil Baturin
2023-01-22pppoe: T4948: add CLI option to allow definition of host-uniq flagChristian Breunig
Some ISPs seem to use the host-uniq flag to authenticate client equipment. Add CLI option in VyOS to allow specification of the host-uniq flag. set interfaces pppoe pppoeN host-uniq <value>
2023-01-22T4911: op-mode: bugfix AttributeError: 'str' object has no attribute 'items'Christian Breunig
One can not always ensure that "interface" is of type list, add safeguard. E.G. Juniper Networks, Inc. ex2300-c-12t only has a dict, not a list of dicts So this is actually an upstream lldpd bug where the output depends on the amount of data transmitted.
2023-01-21container: T4947: support mounting container volumes as ro or rwChristian Breunig
Whenever a container is used and a folder is mounted, this happenes as read-write which is the default in Docker/Podman - so is the default in VyOS. A new option is added "set container name foo volume mode <ro|rw>" to specify explicitly if rw (default) or ro should be used for this mounted folder.
2023-01-21T4911: op-mode: bugfix TypeError: 'NoneType' object is not iterableChristian Breunig
2023-01-21T4911: op-mode: bugfix TypeError: string indices must be integersChristian Breunig
One can not always ensure that "capability" is of type list, add a safeguard. E.G. Unify US-24-250W only has a dict, not a list of dicts.
2023-01-20Merge pull request #1767 from jestabro/config-mgmtJohn Estabrook
config-mgmt: T4942: rewrite vyatta-config-mgmt to Python/XML
2023-01-20config-mgmt: T4942: add op_mode scriptJohn Estabrook
2023-01-20config-mgmt: T4942: add conf_mode scriptJohn Estabrook
2023-01-20T4940: new interfaces debugging commandКоробейников Михаил Валерьевич
The new command will allow you to get full detailed information on the system interfaces.
2023-01-19igmp-proxy: T4912: Switch away from Jinja2 to Tabulate, remove undocumented ↵erkin
"show MFC" command
2023-01-19Merge pull request #1697 from nicolas-fort/snmp_reworkChristian Breunig
T4857: SNMP: Implement FRR SNMP Recomendations
2023-01-18T4857: change description in cli, and change word oid to uppercase OIDs in ↵Nicolas Fort
warning message
2023-01-18igmp-proxy: T4912: Rewrite show IGMP proxy commands in the new op-mode formaterkin
2023-01-18T4857: Cleaning prNicolas Fort
2023-01-17Merge pull request #1739 from aapostoliuk/T4864-sagittaChristian Breunig
firewall: T4864: Fixed show zone-policy command output
2023-01-17ifb: T4938: add Python implementation for input function block interfacesChristian Breunig
2023-01-16opmode: T4837: add VRF option for route summaryDaniil Baturin
2023-01-16firewall: T4864: Fixed show zone-policy command outputaapostoliuk
1. Fixed "show zone-policy" command output 2. Rewritten zone-policy op-mode to new style
2023-01-15Merge pull request #1753 from dmbaturin/ipv6-route-summaryDaniil Baturin
opmode: T4837: add family and table arguments for ShowRoute
2023-01-15ntp: T3008: TypeError bugfix when calling rename()Christian Breunig
2023-01-15Merge pull request #1758 from c-po/t3008-chronyChristian Breunig
ntp: T3008: migrate from ntpd to chrony
2023-01-14systemd: T2185: always place generated override files in /runChristian Breunig
This prevents any stale override files when the system is beeing rebooted, but the actual configuration was not saved. /run is a tmpfs and thus always fresh after boot.
2023-01-14ntp: T3008: migrate from ntpd to chronyChristian Breunig
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony
2023-01-13T4935: ospfv3: bugfix KeyError: 'range'Christian Breunig
Commit 1fc7e30f ('T4935: ospfv3: "not-advertise" and "advertise" conflict') added a check for not-advertive and advertise in the same area but lacked a test if the key really exists in the dict which is to be validated.
2023-01-12Merge pull request #1756 from c-po/t4911-lldp-op-modeChristian Breunig
T4911: op-mode: rewrite LLDP in standardised op-mode format
2023-01-12opmode: T4837: add family and table arguments for ShowRouteDaniil Baturin
2023-01-12Merge pull request #1752 from sever-sever/T4118Christian Breunig
T4118: Add default value any for connection remote-id
2023-01-12T4911: op-mode: rewrite LLDP in standardised op-mode formatChristian Breunig
2023-01-12T4118: Add default value any for connection remote-idViacheslav Hletenko
If IPsec "peer <tag> authentication remote-id" is not set it should be "%any" by default https://docs.strongswan.org/docs/5.9/swanctl/swanctlConf.html#_connections_conn_remote Set XML default value in use it in the python vpn_ipsec.py script