summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-06-19openconnect: T6500: add support for multiple ca-certificatesChristian Breunig
Add possibility to provide a full CA chain to the openconnect server. * Support multiple CA certificates * For every CA certificate specified, always determine the full certificate chain in the background and add the necessary SSL certificates
2024-06-18Merge pull request #3576 from alainlamar/T6425Christian Breunig
wireless: T6425: Fixing VHT beamforming for 802.11ac
2024-06-18wireless: T6425: adjust to latest country-code changesChristian Breunig
Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide configuration") removed the per wifi interface setting for a country-code. This commit adjust the smoketests to the new design.
2024-06-18wireless: T6425: Add smoketests for VHT beamformingAlain Lamar
2024-06-18wireless: T6425: Fix broken VHT beamformingAlain Lamar
2024-06-17Merge pull request #3652 from c-po/T6489-unionfsChristian Breunig
T6489: Add support for CLI config scripts that change the underlaying working configuration
2024-06-17Merge pull request #3675 from vyos/T6318-wireless-config-testsChristian Breunig
wireless: T6318: add quotes for console speed in config-tests
2024-06-17wireless: T6318: add quotes for console speed in config-testsChristian Breunig
2024-06-17Merge pull request #3657 from c-po/pki-T6241-no-debugChristian Breunig
pki: T6241: remove debug print statement about updated subsystems
2024-06-17Merge pull request #3655 from talmakion/bugfix/T4026Daniil Baturin
pki: T4026: Only emit private keys when available
2024-06-17Merge pull request #3656 from c-po/wireless-regdomainDaniil Baturin
wireless: T6318: move country-code to a system wide configuration
2024-06-16Revert T6494: Update sonarcloud.yml and add more branches for scanning" (#3663)Yuriy Andamasov
2024-06-16Merge pull request #3661 from vyos/update-sonarcloud-settingsYuriy Andamasov
T6494: Update sonarcloud.yml and add more branches for scanning
2024-06-16T6494: Update sonarcloud.yml and add more branches for scanningYuriy Andamasov
2024-06-16Merge pull request #3659 from natali-rs1985/openvpn-fix-smoketestsChristian Breunig
openvpn: T5487: Fix migration smoketests commands
2024-06-16openvpn: T5487: Fix migration smoketests commandsNataliia Solomko
2024-06-16wireless: T6318: move country-code to a system wide configurationChristian Breunig
Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code"
2024-06-16pki: T4026: Only emit private keys when availableAndrew Topp
* install_certificate() code path handles private_key=None & key_passphrase=None OK already * file and console output paths will error trying to encode None as a key * This is only an issue for a couple of the generate_*_sign() functions, where having a null private key is possible * Self-signing and CA creation always generate a private key * Certreqs will generate a private key if not already provided * Do not prompt for a private key passphrase if we aren't giving back a private key
2024-06-15pki: T6241: remove debug print statement about updated subsystemsChristian Breunig
Commit 9f9891a2099 ("pki: T6241: Fix dependency updates on PKI changes") added a print() statement which notified the users about the subsystems which got supplied with an updated certificate. Example: > PKI: Updating config: interfaces openvpn vtun0 tls certificate openvpn_vtun0 > PKI: Updating config: interfaces openvpn vtun0 tls ca_certificate openvpn_vtun0_1 This is an informational message which should maybe (if needed) be sent to syslog. But the main issue is that CLI paths are mangled (- to _) which makes the about print output wrong and could potentially confuse users. Statement has been commented to be re-enabled for debugging.
2024-06-15Merge pull request #3653 from c-po/openvpn-migration-permission-fixChristian Breunig
openvpn: T5487: make migration script executable
2024-06-15openvpn: T5487: make migration script executableChristian Breunig
Migration script introduced in commit 0f669a226 ("openvpn: T5487: Remove eprecated option --cipher for server and client mode") lacked executable permission.
2024-06-15T6489: add abstraction vyos.utils.configfs to work natively with the config ↵Christian Breunig
filesystem
2024-06-15T6489: add abstraction vyos.utils.auth.get_current_user()Christian Breunig
2024-06-15login: T6489: add smarter way to interact with the working config instead of ↵Christian Breunig
my_set/my_delete
2024-06-15T6489: add vyos_configdir to the dictionary of default directoriesChristian Breunig
2024-06-14Merge pull request #3645 from c-po/pki-T6480Christian Breunig
op-mode: T6480: must call pki.py helper as root to work with ACME certificates
2024-06-14Merge pull request #3646 from c-po/pki-T6407Christian Breunig
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required
2024-06-14Merge pull request #3647 from vyos/T6487-update-central-workflow-branchChristian Breunig
T6487: updated central workflows to use current branch
2024-06-14T6487: updated central workflows to use current branchkumvijaya
2024-06-14op-mode: T6407: "generate pki" missed to mangle in ACME certificates when ↵Christian Breunig
required If the requested certificate to generate an Apple IOS profile was based on an ACME certificate, we also need to mangle in the ACME certs content to retrieve the certificates issuer name.
2024-06-14op-mode: T6480: must call pki.py helper as root to work with ACME certificatesChristian Breunig
This is an addition to commit 65fba1cd2 ("op-mode: T6377: must call pki.py helper as root to work with ACME certificates") which missed out the basic "show pki" command, as the <command> XML node was deep down in the view.
2024-06-13Merge pull request #3639 from natali-rs1985/T5487-currentDaniil Baturin
openvpn: T5487: Remove deprecated option --cipher for server and client mode
2024-06-13Merge pull request #3601 from talmakion/bugfix/T6456Daniil Baturin
T6456: Convert "monitor traffic" to modern op-mode wrapper
2024-06-13Merge pull request #3590 from talmakion/feature/T6045Daniil Baturin
T6045: Recreate show lldp detail views & improve remote port selection
2024-06-13Merge pull request #3644 from natali-rs1985/T6227-currentChristian Breunig
op_mode: T6227: Rewrite show conntrack-sync cache internal to use tabulate output
2024-06-12Merge pull request #3642 from vyos/T6476-sonar-cloud-workflowChristian Breunig
T6476: added sonarcloud workflow
2024-06-12op_mode: T6227: Rewrite show conntrack-sync cache internal to use tabulate ↵Nataliia Solomko
output
2024-06-12T6476: added sonarcloud workflowVijayakumar A
2024-06-12Merge pull request #3638 from c-po/bgp-vrf-completion-helperChristian Breunig
bgp: T6473: missing completion helper for peer-groups inside a VRF
2024-06-11bgp: T6473: missing completion helper for peer-groups inside a VRFChristian Breunig
Using BGP peer-groups inside a VRF instance will make use if the global VRFs peer-group list during tab-completion and not the peer-groups defined within the BGP instance of the given VRF.
2024-06-11openvpn: T5487: Remove eprecated option --cipher for server and client modeNataliia Solomko
2024-06-11T6456: Convert "monitor traffic" to modern op-mode wrapperAndrew Topp
The old "monitor traffic" definition had misaligned arguments under the verbose node and manually offered the same parameter keyword in multiple positions to emulate flexible parameters. I've wrapped tcpdump for op-mode and replicated the "varargs" style from mtr.py/mtr.xml.in to present a few more parameters in a more flexible manner. Changes to the Makefile were required for recursive varargs lookup.
2024-06-11T6045: Recreate show lldp detail views & improve remote port selectionAndrew Topp
If the remote device has explicitly sent the interface name as the portID, we should use that first as the interface name, before working through the previous priority order. I've brought back LLDP detail views directly calling lldpcli. This can be extended to render a template from op_mode/lldp.py, but lldpcli isn't bad at rendering readable info. Raw mode (including detailed raw) is still accessible for programmatic access.
2024-06-11Merge pull request #3632 from c-po/fixup-firewallChristian Breunig
firewall: T3900: fix migration and smoketests
2024-06-11Merge pull request #3611 from c-po/op-mode-wifiChristian Breunig
wireless: T6462: add op-mode command for hostapd and wpa_supplicant logs
2024-06-11Merge pull request #3628 from jestabro/op-mode-config-dictChristian Breunig
op-mode: T6471: add optimized get_config_dict
2024-06-11firewall: T3900: fix migration and smoketestsChristian Breunig
Commit 770edf016838523 ("T3900: T6394: extend functionalities in firewall") changed the position in the CLI for conntrack timeout. This lead to failing smoketests because of a regression in the migrator.
2024-06-10op-mode: T6471: add optimized get_config_dictJohn Estabrook
2024-06-11T6469: remove j2 lint workflow (#3626)Vijayakumar A
2024-06-10Merge pull request #3621 from sever-sever/T6442Christian Breunig
T6442: CGNAT add log for address allocation