Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-06-20 | Add `save` line | erkin | |
2021-06-20 | T3506: loadkey: Add `generate public-key-command` command | erkin | |
2021-06-07 | vti: T3588: remove interfaces not bound to IPSec tunnel | Christian Poessinger | |
A VTI interface also requires an IPSec configuration - VyOS 1.2 supported having a VTI interface in the CLI but no IPSec configuration - drop VTI configuration if this is the case for VyOS 1.4. | |||
2021-06-07 | ipsec: T3588: remove site-to-site tunnel CLI options only valid in Openswan | Christian Poessinger | |
2021-06-07 | nhrp: T3599: Update config path to new /run directory | sarthurdev | |
2021-06-06 | ipsec: T3588: remove CLI options deprecated by strongSwan | Christian Poessinger | |
- set vpn ipsec nat-traversal - set vpn ipsec nat-networks allowed-network | |||
2021-06-06 | T1168: ipsec: add copyright header to migration script | Christian Poessinger | |
2021-06-06 | Merge pull request #865 from sarthurdev/current | Christian Poessinger | |
nhrp: T3599: Migrate NHRP to XML/Python | |||
2021-06-06 | nhrp: T3599: Migrate NHRP to XML/Python | sarthurdev | |
2021-06-05 | Merge pull request #866 from sarthurdev/fix-ipsec | Christian Poessinger | |
ipsec: T2816: Fix typo from refactor | |||
2021-06-04 | ipsec: T2816: Fix typo from refactor | sarthurdev | |
2021-06-04 | vti: T3595: error out when adding VTI interface withouth IPSec | Christian Poessinger | |
2021-06-04 | flow-accounting: T3132: fix egress iptables chain | Jan-Philipp Benecke | |
(cherry picked from commit 95cc2e4b4c11414cc71749af12abb575e96e5bd4) | |||
2021-06-01 | op-mode: T3384: support UDP bandwidth testing | JACK | |
2021-05-31 | conntrack: T3579: add module disable options | Christian Poessinger | |
Some application layer gateway (ALG) modules can be disabled during runtime if requireq. | |||
2021-05-31 | ipsec: T2816: Continued refactor, added proper ipsec-interfaces handling | Simon | |
2021-05-30 | ipsec: T2816: Refactor to remove global variable and tidy up | Simon | |
2021-05-29 | vpn: ipsec: T3093: test for VTI interface availability the easy way | Christian Poessinger | |
We do not need to query the actual configuration if the VTI peer is configured or not. This can be done in a much more simples way by just checking if the desired interface exists on the running system. This is safe to do as the VTI priority is less then IPSec. | |||
2021-05-29 | ipsec: vti: T2816: Update to use correct VTI mark, code cleanup | Simon | |
2021-05-29 | vpn: ipsec: T3093: drop obsolete cleanup_vti_interfaces() function | Christian Poessinger | |
2021-05-29 | vti: T1579: only remove the interface when it exists | Christian Poessinger | |
2021-05-29 | vti: ipsec: T2816: Fix vti-up-down | sarthurdev | |
2021-05-28 | ipsec: T2816: drop absolute path on calls to iproute2 | Christian Poessinger | |
2021-05-28 | vti: ipsec: T2816: interfaces must be created using the vyos.ifconfig library | Christian Poessinger | |
2021-05-28 | ipsec: T2816: fix executable permission on vti-up-down helper | Christian Poessinger | |
2021-05-28 | vti: T1579: implement Virtual Tunnel Interfaces using XML and Python | Christian Poessinger | |
2021-05-28 | dummy: T2241: minor code cleanup | Christian Poessinger | |
No need to call .keys() on a dict when searching for a key. Also drop the unused "import os" call. | |||
2021-05-28 | ipsec: T2816: IPSec python rework, includes DMVPN and VTI support | Simon | |
2021-05-27 | dhcp-server: T2669: do not allow overlapping ranges to be created | Christian Poessinger | |
set service dhcp-server shared-network-name NET01 authoritative set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 default-router '10.0.0.1' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 lease '86400' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG01 start '10.0.0.60' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG01 stop '10.0.0.70' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG02 start '10.0.0.55' set service dhcp-server shared-network-name NET01 subnet 10.0.0.0/24 range RNG02 stop '10.0.0.65' Will result in a dhcpd.conf: shared-network NET01 { authoritative; subnet 10.0.0.0 netmask 255.255.255.0 { option routers 10.0.0.1; default-lease-time 86400; max-lease-time 86400; range 10.0.0.60 10.0.0.70; range 10.0.0.55 10.0.0.65; } on commit { set shared-networkname = "NET01"; } } This is not allowed by ISC DHCPd: dhcpd[3307]: /run/dhcp-server/dhcpd.conf line 25: lease 10.0.0.63 is declared twice! dhcpd[3307]: range 10.0.0.55 10.0.0.65; | |||
2021-05-27 | Merge branch 't3579-conntrack' into current | Christian Poessinger | |
* t3579-conntrack: conntrack: T3535: add conntrack-sync supported vyos-configd services conntrack: T3579: initial implementation with XML and Python | |||
2021-05-27 | conntrack: T3579: initial implementation with XML and Python | Christian Poessinger | |
2021-05-25 | firewall: T3568: add XML definitions for firewall | Viacheslav Hletenko | |
Add XML for configuration mode firewall. Used for future rewriting it to Python style. | |||
2021-05-24 | tunnel: T3555: add "ignore-df" support for GRE tunnels | Christian Poessinger | |
2021-05-24 | isis: T3417: implement domain-password md5 | Christian Poessinger | |
2021-05-24 | pseudo-ethernet: T3575: verify parent interface MTU | Christian Poessinger | |
2021-05-24 | router-advert: T3561: fix inconsistent use of tabs and spaces in indentation | Christian Poessinger | |
Commit c17f259d ("router-advert: T3561: add support for specific routes") used tabs over spaces in the Migration script which triggered a TabError (inconsistent use of tabs and spaces in indentation"). | |||
2021-05-23 | router-advert: T3561: add support for specific routes | Mark Royds | |
Co-authored-by: Mark Royds <mark.royds@vitaminit.co.uk> | |||
2021-05-23 | op-mode: disks: T1621: bugfix no disk output | Christian Poessinger | |
(cherry picked from commit 51899c362f2eba1dd067414f2dfa8e78f30ca408) | |||
2021-05-22 | nat66: T2518: op-mode typo fixup | JACK | |
2021-05-20 | sysctl: T3565: initial implementation in XML and Python | Christian Poessinger | |
migrate from old vyatta-cfg-system / Perl implementation. | |||
2021-05-18 | openconnect-server: T3559: Add restart op-command | DmitriyEshenko | |
2021-05-18 | ddns: T3254: fix incorrect update time | FileGo | |
This fixes a bug when show dynamic dns status returned (formatted) UNIX time 0. I have changed the code to use ddclient's mtime value in the cache file, which is updated on every successful sync with DDNS service as opposed to atime, which was previously used. | |||
2021-05-18 | vmware: T3525: fix invocation of resume script | Christian Poessinger | |
Commit dce67433 ("util: T2226: rewrite resume-vm to use run") changed the way in which the script executed system binaries in a way which could not be processes by the underlayin infrastructure (lists are not supported, only strings). | |||
2021-05-18 | vmware: T1028: properly expose syslog identity | Christian Poessinger | |
2021-05-17 | ddclient: T3557: fix FileNotFoundError when querying status information | Christian Poessinger | |
If ddclient is not problery configured it will start up but no status file is generated. This commit checks if the status file exists before reading it. | |||
2021-05-15 | conntrack: T3535: add op-mode commands for tracked connections" | Christian Poessinger | |
2021-05-15 | dhcp-server: T3544: fix FileNotFoundError on first invokation | Christian Poessinger | |
The problem of using the move() operation over render() is that render will silently create the directory tree in the background and move() does not. This means that on first boot when /run/dhcp-server does not exist, move will fail with a FileNotFoundError. Instead of using move() we render() the configuration two times, one for validating it via dhcpd -t and the other time to really apply it to the service. The performance impact should be little as the config should still be cached in the system RAM. | |||
2021-05-15 | conntrack: T3535: add keepalived notifications for node transitions | Christian Poessinger | |
2021-05-14 | conntrack: T3535: check for VRRP group definition | Christian Poessinger | |
2021-05-14 | conntrack: T3535: remove cluster CLI nodes | Christian Poessinger | |