summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-02-22Revert "backport: policy: T4151: remove all previous rules on edit"Christian Poessinger
This reverts commit b71a04811bd61e1faf2bc4eaceaaae8bdbf97dc6.
2022-02-22Revert "backport: policy: T4219: add local-route(6) incoming-interface"Christian Poessinger
This reverts commit 72d7152f794cfe48821797d62865024c1843096e.
2022-02-21vxlan: T4120: code cleanup for multiple remotesChristian Poessinger
(cherry picked from commit 3a605ad020d8d20b08a72cb1284f6e590d1fd7b5)
2022-02-21bridge: remove unreferenced import -> leaf_node_changedChristian Poessinger
(cherry picked from commit 25b2f2a8057260ad0d2c59823618d7c9f0fba707)
2022-02-21vxlan: T4120: add ability to set multiple remotes (PR #1127)Andreas
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command. (cherry picked from commit 0ecddff7cffa8900d351d5c15e32420f9d780c0b)
2022-02-19Merge pull request #1219 from hensur/equuleus-ipv6-local-routeChristian Poessinger
backport: T4515: T4219: policy local-route6 and inbound-interface support
2022-02-17Merge pull request #1221 from sever-sever/T3686-equChristian Poessinger
openvpn: T3686: Fix for check local-address in script and tmpl
2022-02-16backport: policy: T4219: add local-route(6) incoming-interfaceHenning Surmeier
2022-02-15dhcpv6-server: T3494: Get address from network to correct sortingDmitriyEshenko
2022-02-15openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template (cherry picked from commit 230ac0a202acd7ae9ad9bccb9e777ee5a0e0b7b7)
2022-02-14backport: policy: T4151: remove all previous rules on editHenning Surmeier
2022-02-14backport: policy: T4151: Bugfix policy ipv6-local-routeHenning Surmeier
2022-02-14backport: policy: T4151: Add policy ipv6-local-routeHenning Surmeier
Adds support for `ip -6 rule` policy based routing. Also, extends the existing ipv4 implemenation with a `destination` key, which is translated as `ip rule add to x.x.x.x/x` rules. https://phabricator.vyos.net/T4151
2022-02-14tunnel: T4154: import cleanupChristian Poessinger
(cherry picked from commit 122c7a53575f67759f157e02eca776f799658dc1)
2022-02-14tunnel: T4154: verify() no more then one GRE tunnel is used w/o "ip key" per ↵Christian Poessinger
interface It is impossible for the OS kernel to distinguish multiple GRE tunnels when no "gre key" is configured when sourcing tunnels from the same interface. (cherry picked from commit 6f1326d6b68f6dcb83843374c876407ef2922bd1)
2022-02-13vrf: T4191: bugfix for "ip rule" when VRFs are createdChristian Poessinger
We always mangled and worked on the "ip rule" singleton even when nothing needed to be changed. This resulted in a VRF hickup when the same VRF was added and removed multiple times. set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit delete interfaces ethernet eth1 vrf delete vrf commit set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit broke reachability on eth1 - a reboot was required. This change will now only alter the ip rule tables once when VRF instances are created for the first time and will not touch the Kernel "ip rule" representation afterwards. (cherry picked from commit 2cec431e5caf9df85640f707cd6dc3077c17c238)
2022-02-11conntrack-sync: T4237: Fix checks for listen-address list to strViacheslav Hletenko
Verify section conntrack_sync.py funciton 'is_addr_assigned' should checks address as string not as list
2022-02-09openvpn: T4230: Delete checks if local-host address assignedViacheslav Hletenko
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address
2022-02-08monitoring: T3872: Add new feature service monitoring telegrafViacheslav Hletenko
2022-02-05vrrp: T4226: transition-script does not work for groups containing a hypen (-)Christian Poessinger
(cherry picked from commit 11a900e706db59459314622050ced7d4117f090b)
2022-02-03firewall-bridge: T4193: Add op-mode for firewall policyViacheslav Hletenko
2022-01-15wireguard: T4183: Allow setting ipv6 link local addres for peerViacheslav
Allow setting ipv6-link-local addresses as peer address for wireguard interfaces Add validator "ipv6-link-local"
2022-01-10Merge pull request #1146 from sever-sever/T3299-equChristian Poessinger
squid: T3299: Add listen address 0.0.0.0
2022-01-09keepalived: T4128: add missing keepalived.service fileChristian Poessinger
(cherry picked from commit 5a73c946000902f6e445b0803ca090f7fc6e0954)
2022-01-09keepalived: T4128: add systemd option Type=simpleChristian Poessinger
Without this option systemd startup will hit a timeout and the kill keepalived again. (cherry picked from commit 2a279f48e208b90c91eac5d6c5855e65cee39018)
2022-01-09squid: T3299: Add listen address 0.0.0.0sever-sever
(cherry picked from commit 1a74e6b3ce061f3c866bcb3f119ee5c73b0c6796)
2021-12-30dhclient: T4121: Fixed resolv.conf generation at early boot stagezsdc
In case if a CLI configuration is not available, dhclient cannot add nameservers to a `resolv.conf` file, because `vyos-hostsd` requires that an interface be listed in the `set system name-server` option. This commit introduces two changes: * `vyos-hostsd` service will not be started before Cloud-Init fetch all remote data. This is required because all meta-data should be available for Cloud-Init before any of VyOS-related services start since it is used for configuration generation. * the `vyos-hostsd-client` in the `dhclient-script` will be used only if the `vyos-hostsd` is running. In other words - if VyOS services already started, dhclient changes `resolv.conf` using `vyos-hostsd`; in other cases - does this directly. These changes should protect us from problems with DHCP during system boot if DHCP is required by third-party utils.
2021-12-30Merge pull request #1125 from DmitriyEshenko/eq-1x-29122021-01Daniil Baturin
l2tp-server: T4117: Add dae-server configuration to template
2021-12-29configd: T4086: use 'copy' on mutable global var default_config_dataJohn Estabrook
(cherry picked from commit d2ca2ac1cf9cacd44a04fbb6da9a884c23f043f6)
2021-12-29l2tp-server: T4117: Add dae-server configuration to templateDmitriyEshenko
2021-12-27snmp: T4093: add missing verify() step for required group per snmp v3 userChristian Poessinger
(cherry picked from commit a70a4001fe0b3a91a7d86191ff32dcc7205d2eae)
2021-12-26http: api: T4055: add VRF supportChristian Poessinger
(cherry picked from commit 4aaf0ba69139d84f89e5c3feee6edd845af8d1e5)
2021-12-24conntrack-sync: T3854: Add missed statistics for op-modeViacheslav
After rewriting conntrack-sync to XML/python, part of op-mode parameters was missed Add "status" and "statistics" for conntrack-sync
2021-12-19T4084: dehardcode the post-login bannerDaniil Baturin
2021-12-16http-api: T4076: allow setting CORS option 'Access-Control-Allow-Origin'John Estabrook
(cherry picked from commit 55f8ede2d09a9ad095f9ec5c2a729f8c5fb6aafa)
2021-12-16T3354: Backport strip-private scripterkin
2021-12-16T3006: add a range validatorDaniil Baturin
(cherry picked from commit 45d2429aa5d2ffafacdc5d9d00b7097169592427)
2021-12-15pppoe-server: T3006: Add range to regex generatorDmitriyEshenko
2021-12-14http-api: T4071: allow API to bind to unix domain socketJohn Estabrook
(cherry picked from commit 0e3c35e6517f5cfebb4206c735a2ea976a7fd383)
2021-12-12graphql: T3993: add requests for firewall ipv6-address-groupJohn Estabrook
(cherry picked from commit 92c4cc5e1248b3c7ffda03e23eeb21e2073ba7f0)
2021-12-12graphql: T3993: distinguish queries and mutations; update README.graphqlJohn Estabrook
(cherry picked from commit 30311db5a00c78872c9ad9b29e7081e0d81a5362)
2021-12-12validator: T4036: validate if multicast address is single (no netmask)Christian Poessinger
(cherry picked from commit c3471fe9d4cf0aab46feae94618925a95bcd5411)
2021-12-11T3912: migrate "Welcome to VyOS" from issue file to motd to not silently ↵Christian Poessinger
expose OS (cherry picked from commit 9ccc353893a3a9a1dc7dfd59463d34449bf05afb)
2021-12-11vyos.util: T4061: fix typo in function nameJohn Estabrook
(cherry picked from commit 86ab3b7dad7f2ad2c39a8b110e4a845195cda32e)
2021-12-10wwan: T3795: remove superfluous import (render)Christian Poessinger
2021-12-10wwan: T3795: only enable cron helper when interface is in useChristian Poessinger
2021-12-10wwan: T3795: only run ModemManager when interface is in useChristian Poessinger
2021-12-09https: T4055: add vrf supportChristian Poessinger
(cherry picked from commit 955f260ce682d64d27b3b11e618b1ae0176e4b91)
2021-12-09Revert "vrrp: T4059: do "late" read of the CLI configuration as this fails ↵Christian Poessinger
in __init__" This reverts commit f168e409acb314d1c15a4343643be7c07ce79b44.
2021-12-09conntrack: T3535: add keepalived notifications for node transitionsChristian Poessinger
(cherry picked from commit d7f0cbdc102a1186cec80d0ebf29b8f4ef415435)