summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-12-19T4879: IPsec migration script remote-id for peer name eq addressViacheslav Hletenko
Migration for "remote-id" where peer is IPv4 or IPv6 address was missed It was only migration if peer starts with "@" It cause that you must manualy set 'remote-id' to get it working correctly replace 'vpn ipsec site-to-site peer 192.0.2.2' => 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'
2022-12-17sstp: T4384: disable compression and creacke exclusive lock fileChristian Poessinger
2022-12-17sstp: T4384: remote server is mandatory in client modeChristian Poessinger
2022-12-17Merge pull request #1669 from vfreex/dhcp-v6-only-option-1.4Christian Poessinger
T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
2022-12-17Merge pull request #1715 from c-po/currentChristian Poessinger
op-mode: T707: remove dedicated calls to sudo in vpn_ipsec
2022-12-17op-mode: T707: remove dedicated calls to sudo in vpn_ipsecChristian Poessinger
As the script itself (vpn_ipsec.py) is already invoked using sudo, there is no further need to also call sudo inside the script again.
2022-12-17Merge pull request #1714 from c-po/currentChristian Poessinger
op-mode: T707: explicitly use sudo when working with RAID devices
2022-12-17op-mode: T707: explicitly use sudo when working with RAID devicesChristian Poessinger
2022-12-17Merge pull request #1713 from c-po/currentChristian Poessinger
op-mode: T4767: drop sudo calls when working with QAT/acceleration subsystem
2022-12-17op-mode: T4767: drop sudo calls when working with QAT/acceleration subsystemChristian Poessinger
As the API daemon has the proper permissions and also the CLI op-mode calls the script already with "sudo", there is no need to call "sudo" inside this script, again.
2022-12-17GitHub: use private access token for review assignmentChristian Poessinger
2022-12-17GitHub: update access tokenChristian Poessinger
Required to solve Use of team reviewers results in: "Could not resolve to a node with the global id of..." error as mentioned by: https://github.com/shufo/auto-assign-reviewer-by-files
2022-12-17GitHub: fix team reviewer assignmentChristian Poessinger
Unfortunately we always used the wrong syntax. According to https://github.com/shufo/auto-assign-reviewer-by-files we should use: ` - team: baz`
2022-12-17bonding: T4878: use more is_node_changed() over leaf_node_changed()Christian Poessinger
The implementation of is_node_changed() is less error prone and should always be favoured.
2022-12-17Merge pull request #1626 from nicolas-fort/fwall_group_interfaceChristian Poessinger
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
2022-12-17Merge pull request #1599 from goodNETnick/goodnetnick-loginotpgenerator-T4751Christian Poessinger
login: T4751: 2FA OTP key generator in VyOS CLI
2022-12-17Merge pull request #1711 from roedie/T4884Christian Poessinger
T4884: snmpd: add community6 fallback
2022-12-17Merge pull request #1709 from initramfs/current-T4882Christian Poessinger
firewall: T4882: add missing ICMPv6 type names
2022-12-17webproxy: T3810: multiple squidGuard fixesaapostoliuk
1. Added in script update webproxy blacklists generation of all DBs 2. Fixed: if the blacklist category does not have generated db, the template generates an empty dest category in squidGuard.conf and a Warning message. 3. Added template generation for local's categories in the rule section. 4. Changed syntax in the generation dest section for blacklist's categories 4. Fixed generation dest local sections in squidGuard.conf 5. Fixed bug in syntax. The word 'allow' changed to the word 'any' in acl squidGuard.conf
2022-12-17Merge pull request #1712 from roedie/T4809-2Christian Poessinger
T4809: radvd: Allow the use of AdvRASrcAddress
2022-12-17Merge pull request #1358 from sever-sever/T1237Christian Poessinger
routing: T1237: Add new feature failover route
2022-12-16T4809: radvd: Allow the use of AdvRASrcAddressSander Klein
This add the AdvRASrcAddress configuration option to configure a source address for the router advertisements. The source address still must be configured on the system. This is useful for VRRP setups where you want fe80::1 on the VRRP interface for cleaner VRRP failovers.
2022-12-16T4884: snmpd: add community6 fallbackSander Klein
If no client and network is defined only a `community` config is created. This also adds the `community6` part
2022-12-15Merge pull request #1708 from zdc/T4878-sagittaViacheslav Hletenko
bonding: T4878: Fixed unnecessary bonding flapping during commit
2022-12-15firewall: T4882: add missing ICMPv6 type namesinitramfs
2022-12-15bonding: T4878: Fixed unnecessary bonding flapping during commitzsdc
There was a mistake in a config level that caused triggering the `shutdown_required` flag, even if there were no new interfaces added to a bonding. This commit sets the proper config level to avoid the problem.
2022-12-14routing: T1237: Add new feature failover routeViacheslav Hletenko
Failover route allows to install static routes to the kernel routing table only if required target or gateway is alive When target or gateway doesn't respond for ICMP/ARP checks this route deleted from the routing table Routes are marked as protocol 'failover' (rt_protos) cat /etc/iproute2/rt_protos.d/failover.conf 111 failover ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover $ sudo ip route show proto failover 203.0.113.1 via 192.0.2.1 dev eth0 metric 1 So we can safely flush such routes
2022-12-14Merge pull request #1707 from jestabro/op-mode-openconnectViacheslav Hletenko
ocserv: T4881: return vyos.opmode.Errors on failure
2022-12-14ocserv: T4881: return vyos.opmode.Errors on failureJohn Estabrook
2022-12-14Merge pull request #1706 from jestabro/validator-file-existsJohn Estabrook
validators: T4798: replace python file-exists validator with file-path
2022-12-14Merge pull request #1705 from jestabro/validator-interface-nameJohn Estabrook
validators: T4875: use file-path to replace validator 'interface-name'
2022-12-14validators: T4875: use file-path to replace validator 'interface-name'John Estabrook
2022-12-13validators: T4798: replace python file-exists validator with file-pathJohn Estabrook
2022-12-12Merge pull request #1699 from jestabro/op-mode-openvpnJohn Estabrook
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode
2022-12-12openvpn: T4770: add openvpn.py to op-mode-standardized.jsonJohn Estabrook
2022-12-12openvpn: T4770: update op-mode definition openvpn.xml.in for show/resetJohn Estabrook
2022-12-12openvpn: T4770: add reset function to openvpn.pyJohn Estabrook
2022-12-12opmode: T4770: add CommitInProgess errorJohn Estabrook
2022-12-12openvpn: T4770: add openvpn.py with standardized show commandJohn Estabrook
2022-12-11Merge branch 't4792-sstpc' into currentChristian Poessinger
* t4792-sstpc: sstp: T4384: initial implementation of SSTP client CLI pppoe: T4384: remove unused import of leaf_node_changed pppoe: xml: T4792: split "no-peer-dns" CLI node into building block xml: ddns: T4792: split "server" CLI node into building block
2022-12-11sstp: T4384: initial implementation of SSTP client CLIChristian Poessinger
vyos@vyos# show interfaces sstpc sstpc sstpc10 { authentication { password vyos user vyos } server sstp.vyos.net ssl { ca-certificate VyOS-CA } }
2022-12-11pppoe: T4384: remove unused import of leaf_node_changedChristian Poessinger
2022-12-11pppoe: xml: T4792: split "no-peer-dns" CLI node into building blockChristian Poessinger
2022-12-11xml: ddns: T4792: split "server" CLI node into building blockChristian Poessinger
2022-12-11sstp: T4792: add sstp-client package dependencyChristian Poessinger
2022-12-10vyos.util: T4770: add precision arg, fix typo in bytes_to_humanJohn Estabrook
This is useful in general, but we will add in this context to replace the use of 'bytes2HR' in show_openvpn.py with util.bytes_to_human, while maintaining compatability with original precision=1.
2022-12-10Merge pull request #1703 from jestabro/bug-tunnel-ipJohn Estabrook
openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'
2022-12-09openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'John Estabrook
2022-12-09Merge pull request #1701 from sever-sever/T4865Christian Poessinger
T4865: Fix to generate container image from the file
2022-12-09T4865: Fix to generate container image from the fileViacheslav Hletenko
In case if we want generate own container image from a Dockerfile and if it requires update or install packages in container we get error. As it tries to use default network 'podman' and do own NAT translations via 'iptables'. If fact we don't use iptables in 1.4 As result it cannot build such image. Use '--net host' to fix it.