summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-02-14strongSwan: T4593: move to charon-systemdChristian Breunig
2023-02-14ipsec: T4985: Fixed 'reset vpn ipsec-peer {peer}' commandaapostoliuk
Fixed 'reset vpn ipsec-peer {peer}' command. The op-mode script uses value 'None' in the 'tunnel' parameter to clear all CHILD SAs.
2023-02-13debian: T5003: Fixes dynamic DNS for Bookwormsarthurdev
2023-02-13debian: T5003: Update XDP for latest libbpfsarthurdev
2023-02-13debian: T5003: Fixes for Debian Bookwormsarthurdev
* DH params of 256 length no longer supported
2023-02-12T5001: Replace links to the phabricator siteChristian Breunig
Replace links to the phabricator site from https://phabricator.vyos.net to https://vyos.dev
2023-02-11qos: T4284: migration script must ensure bandwidth is converted to lower caseChristian Breunig
tc acccepts the bandwidth value/unit pairs as lowercase - so does the VyOS CLI validator work, too.
2023-02-10Merge pull request #1805 from nicolas-fort/T4857-frr-fixChristian Breunig
T4857: snmp: Fix error when not defining client|network under community
2023-02-10snmp: T4857: explicitly define default community networks 0.0.0.0/0 and ::/0Christian Breunig
After the RESTRICTED view was introduced snmpd requires a network to be specified. Before adding the RESTRICTED view snmpd always assumed the default network 0.0.0.0/0. This commit re-adds the build in default networks for IPv4 and IPv6 and exposes it as a proper default to the CLI so the user is informed about it: vyos@vyos# set service snmp community foooo Possible completions: authorization Authorization type (default: ro) + client IP address of SNMP client allowed to contact system + network Subnet of SNMP client(s) allowed to contact system (default: 0.0.0.0/0, ::/0)
2023-02-10interfaces: T4995: rename user -> username CLI node for pppoe, wwan and ↵Christian Breunig
sstp-client
2023-02-09Merge pull request #1793 from aapostoliuk/T4905-sagittaDaniil Baturin
nhrp: T4905: Rewritten nhrp op-mode in new style
2023-02-09Revert "container: T4959: Add container registry authentication config for ↵Christian Breunig
containers" This reverts commit b17251334c57c2f6875c19ad4e6c6127aa9e1811.
2023-02-09Merge pull request #1790 from Zen3515/current-add-container-loginChristian Breunig
container: T4959: Add container registry authentication config for containers
2023-02-08T4977: Add Babel routing protocol supportYuxiang Zhu
This PR adds basic Babel routing protocol support using the implementation in FRR. Signed-off-by: Yuxiang Zhu <vfreex@gmail.com>
2023-02-06graphql: T4979: add query show_user_infoJohn Estabrook
2023-02-04dhcp-relay: T2408: use Warning() on deprecated interface CLI nodeChristian Breunig
2023-02-04Merge pull request #1603 from nicolas-fort/T2408Christian Breunig
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
2023-02-04qos: T4284: add safeguard for non existing interfacesChristian Breunig
When shaper is bound to a dialup (e.g. PPPoE) interface it is possible, that it is yet not availbale when to QoS code runs. Skip the configuration and inform the user.
2023-02-04Merge pull request #1797 from ServerForge/currentChristian Breunig
bgp: T4817: add support for RFC9234
2023-02-04Revert "login: T4975: Fixed broken CLI commands"Christian Breunig
This reverts commit 3a6e77d479da4321b851163490a9b79ef2cef7b8. A general solution is implemented in Commit 29a44a73 ("T4975: always sync() filesystem after commit").
2023-02-04T4975: always sync() filesystem after commitChristian Breunig
2023-02-04T4817 added support for RFC 9234Kyle McClammy
2023-02-02login: T4975: Fixed broken CLI commandszsdc
User profile files are not saved to disk after configuration is fully applied. Because of this, after a fast system reset, profile files can be empty, and CLI is broken. This fix adds a `sync()` call after the user's configuration, which should protect from data loss and fix the problem with profiles.
2023-02-01nhrp: T4905: Rewritten nhrp op-mode in new styleaapostoliuk
1. Formatted output of 'show nhrp' commands to table view 2. Rewritten nhrp op-mode in new style
2023-01-31container: T4014: Add `command`, `arg` and `entrypoint` configuration ↵Zen3515
options for containers
2023-01-30container: T4959: Add container registry authentication config for containersZen3515
2023-01-30Merge pull request #1761 from sever-sever/T4916-currViacheslav Hletenko
T4916: Rewrite IPsec peer authentication and psk migration
2023-01-28vrrp: T1297: improve gratuitous ARP default value handling and help stringsChristian Breunig
2023-01-28openconnect: T4955: Removed wrong acctserver in radiusclient.confJamie Austin
Removes port key from accounting server merged config dictionary.
2023-01-28T4958: ocserv: openconnect: refactor RADIUS accounting supportJamie Austin
2023-01-28T4958: ocserv: openconnect: adds support for configuring RADIUS accountingJamie Austin
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
2023-01-27Merge pull request #1785 from aapostoliuk/T4955-sagittaChristian Breunig
openconnect: T4955: Removed wrong authserver in radiusclient.conf
2023-01-27sysctl: T4928: remove outdated conntrack_helperMartin Böh
This sysctl has been removed from kernel 6.0.X onwards but its removal was skipped when upgrading the kernel. See: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/netfilter?id=b118509076b39cc5e616c0680312b5caaca535fe
2023-01-26ntp: T4961: create path ['service'] if it doesn't existJohn Estabrook
config.copy does not recursively create nodes of the path. On install image, the path ['service'] is not present in config.boot.default, so must be created before config.copy['service', 'ntp'].
2023-01-26openconnect: T4955: Removed wrong authserver in radiusclient.confaapostoliuk
After merging config dictionary with default values, radius port the default value was merged not in a proper way. It is added as a server. After creating radiusclient.conf added and the illegal authserver equal 'port'.
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2023-01-25Merge pull request #1777 from nicolas-fort/T1297-garpChristian Breunig
T1297: VRRP: add garp options to vrrp
2023-01-25T1297: VRRP: add garp options to vrrpNicolas Fort
2023-01-25T4940: new interfaces debugging command Executablemkorobeinikov
make the file (generate_interfaces_debug_archive.py ) executable
2023-01-24op-mode: T4951: bugfix InsufficientResources SyntaxError: invalid syntaxChristian Breunig
Commit b5e90197 ("op mode: T4951: add InsufficientResources error") missed out a comma when extending the op_mode_err_msg dictionary.
2023-01-24Merge pull request #1766 from erkin/igmpChristian Breunig
igmp-proxy: T4912: Rewrite show IGMP proxy commands in the new op-mode format
2023-01-24Merge pull request #1771 from mkorobeinikov/currentChristian Breunig
T4940: new interfaces debugging command
2023-01-24Merge pull request #1779 from dmbaturin/T4951-resource-errorChristian Breunig
op mode: T4951: add InsufficientResources error
2023-01-23graphql: T4953: remove convert_kwargs_to_snake_case decoratorJohn Estabrook
2023-01-23graphql: T4544: use opmode._is_op_mode_function_name instead of local copyJohn Estabrook
2023-01-23op mode: T4951: add InsufficientResources errorDaniil Baturin
2023-01-22pppoe: T4948: add CLI option to allow definition of host-uniq flagChristian Breunig
Some ISPs seem to use the host-uniq flag to authenticate client equipment. Add CLI option in VyOS to allow specification of the host-uniq flag. set interfaces pppoe pppoeN host-uniq <value>
2023-01-22T4911: op-mode: bugfix AttributeError: 'str' object has no attribute 'items'Christian Breunig
One can not always ensure that "interface" is of type list, add safeguard. E.G. Juniper Networks, Inc. ex2300-c-12t only has a dict, not a list of dicts So this is actually an upstream lldpd bug where the output depends on the amount of data transmitted.
2023-01-21container: T4947: support mounting container volumes as ro or rwChristian Breunig
Whenever a container is used and a folder is mounted, this happenes as read-write which is the default in Docker/Podman - so is the default in VyOS. A new option is added "set container name foo volume mode <ro|rw>" to specify explicitly if rw (default) or ro should be used for this mounted folder.
2023-01-21T4911: op-mode: bugfix TypeError: 'NoneType' object is not iterableChristian Breunig