veeos-1x.git/interface-definitions/include/constraint, branch current

Merge pull request #4402 from c-po/wireguard-key-T7246

2025-03-20T21:05:04+00:00

wireguard: T7246: verify Base64 encoded 32byte boundary on keys

2025-03-20T21:00:10+00:00

Not 31 bytes or 33 bytes, but exactly 32. This matters, because 32 does not divide evenly by .75, so there's a padding character and the penultimate character does not include the whole base64 alphabet. Extend the base64 validator with an optional argument to define the length to match of the decrypted Base64 encoded string. Source: https://lists.zx2c4.com/pipermail/wireguard/2020-December/006222.html

T7252: Allow vpptun and vpptap for constraint validator

2025-03-17T10:38:15+00:00

It fixes cases whey we want to use VPP kernel interfaces for OSPF But VPP kernel interface is not exists on this step set vpp interfaces loopback lo0 kernel-interface 'vpptun0' set protocols ospf interface vpptun0 area '0' Incorrect path /sys/class/net/vpptun0: no such file or directory

firewall: T7177: update interface-name.xml.i constraint and smoketest to support pod interfaces from containers

2025-02-19T16:30:14+00:00

xml: T7161: provide re-usable building block for alternative routing tables

2025-02-13T16:00:01+00:00

T6214: T6213: change constraint in order to not allow string starting with dot character; use such constraint in firewall group definitions.

2024-04-09T16:50:36+00:00

xml: T5738: extend VRF building blocks with common constraint definition

2024-04-01T18:27:24+00:00

xml: T5738: use common constraint include for container network

2024-03-24T19:30:33+00:00

dhcp-client: T6093: extend regex for client class-id's with DOT

2024-03-10T19:06:42+00:00

The regex used is not working if the string contains dots. Originally authored by: Lucas

pki: T5886: add support for ACME protocol (LetsEncrypt)

2024-01-06T07:33:33+00:00

The "idea" of this PR is to add new CLI nodes under the pki subsystem to activate ACME for any given certificate. vyos@vyos# set pki certificate NAME acme Possible completions: + domain-name Domain Name email Email address to associate with certificate listen-address Local IPv4 addresses to listen on rsa-key-size Size of the RSA key (default: 2048) url Remote URL (default: https://acme-v02.api.letsencrypt.org/directory) Users choose if the CLI based custom certificates are used set pki certificate EXAMPLE acme certificate or if it should be generated via ACME. The ACME server URL defaults to LetsEncrypt but can be changed to their staging API for testing to not get blacklisted. set pki certificate EXAMPLE acme url https://acme-staging-v02.api.letsencrypt.org/directory Certificate retrieval has a certbot --dry-run stage in verify() to see if it can be generated. After successful generation, the certificate is stored in under /config/auth/letsencrypt. Once a certificate is referenced in the CLI (e.g. set interfaces ethernet eth0 eapol certificate EXAMPLE) we call vyos.config.get_config_dict() which will (if with_pki=True is set) blend in the base64 encoded certificate into the JSON data structure normally used when using a certificate set by the CLI. Using this "design" does not need any change to any other code referencing the PKI system, as the base64 encoded certificate is already there. certbot renewal will call the PKI python script to trigger dependency updates.