summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-09-27Merge pull request #1016 from sever-sever/T3853Christian Poessinger
nat66: T3853: Change priority to 500
2021-09-27nat66: T3853: Change priority to 500Viacheslav
Service ndppd should start after tunnels.
2021-09-26vxlan: T3867: add multicast validator for group addressChristian Poessinger
The group CLI node takes a multicast IPv4 or IPv6 address - this must be input validated to not case any OS exception cpo@LR1.wue3# show interfaces vxlan vxlan vxlan0 { + group 254.0.0.1 source-address 172.18.254.201 + source-interface dum0 vni 10 } Results in OSError beeing rasied with the following context: Error: argument "254.0.0.1" is wrong: invalid group address
2021-09-26T3866: ignore interfaces without "address" in DNS forwarding migrationDaniil Baturin
2021-09-26op-mode: pki: T3826: perform input validation when listing certificatesChristian Poessinger
2021-09-26ospf: T3757: add completion help when refering to area IDChristian Poessinger
This extends commit 6f87d8c910 ("ospf: T3757: support to configure area at an interface level") with a completion helper to show which Area ID is already in use when configuring the area for an interface.
2021-09-26vyos.ifconfig: T3860: bugfix in get_mac_synthetic()Christian Poessinger
Commit 081e23996f (vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC") calculated a "stable" synthetic MAC address per the interface based on UUID and the interface name. The problem is that this calculation is too stable when run on multiple instances of VyOS on different hosts/hypervisors. Having R1 and R2 setup a connection both via "tun10" interface will become the same "synthetic" MAC address manifesting in the same link-local IPv6 address. This e.g. breaks OSPFv3 badly as both neighbors communicate using the same link-local address. As workaround one can: set interfaces tunnel tun1337 address 'fe80::1:1337/64' set interfaces tunnel tun1337 ipv6 address no-default-link-local This commit changes the way in how the synthetic MAC address is generated. It's based on the first 48 bits of a sha256 sum build from a CPU ID retrieved via DMI, the MAC address of eth0 and the interface name as used before. This should add enough entropy to get a stable pseudo MAC address.
2021-09-26ospfv3: T3859: add "log-adjacency-changes" CLI commandChristian Poessinger
2021-09-26op-mode: reboot/poweroff: T3857: send wall message to all usersChristian Poessinger
2021-09-25bgp: T3657: add "neighbor fe80::202 interface source-interface 'eth1'" commandChristian Poessinger
2021-09-25bgp: xml: T2387: use "generic-description" building block over BGP specific oneChristian Poessinger
There is no benefit in the BGP specific definition of a "description" node.
2021-09-25op-mode: bgp: "show bgp ipv4|ipv6" should display routing tableChristian Poessinger
The <command> node was missed out when adding the XML definitions.
2021-09-25ipsec: T2816: ipsec-dhclient-hook should only run if swanctl.conf existsChristian Poessinger
2021-09-25ipsec: T2816: ipsec-dhclient-hook should use exit(0)Christian Poessinger
2021-09-25ipsec: T2816: ipsec-dhclient-hook should use vyos.util.read_file() / ↵Christian Poessinger
write_file()
2021-09-25vyos.ifconfig: dhcpv6: re-use systemd_service definition variableChristian Poessinger
2021-09-25vyos.ifconfig: dhcp: T3300: always re-start dhcp client instead of startChristian Poessinger
Commit dd2eb5e5686655 ("dhcp: T3300: add DHCP default route distance") changed the logic on how the DHCP process is going to be started. The systemd unit was always "started" even if it was already running. It should rather be re-started to track changes in e.g. the DHCP hostname setting.
2021-09-23smoketest: T3850: use as complicated as possible public-key nameChristian Poessinger
2021-09-23T3850: Revert "login: T1948: add missing ssh-public key name regex"Christian Poessinger
This reverts commit 514da738173696c70440c959b9d7ec9afd77fbae.
2021-09-23smoketest: ospf: debug output only syslog and FRRChristian Poessinger
The Kernel output seemed to be not that helpful and only polluted the log. Now we only gather the syslog and FRRs configuration
2021-09-23Merge pull request #1014 from nagua/fix_smaller_openvpn_issuesChristian Poessinger
T3642: Fix smaller OpenVpn issues
2021-09-23openvpn: T3642: Openvpn does not work without dh parameter in EC modeNicolas Riebesel
2021-09-23openvpn: T3642: Fix password_protected checkNicolas Riebesel
2021-09-23openvpn: T3642: Add option for TLS 1.3Nicolas Riebesel
2021-09-22smoketest: vrrp: delete interface vifs after testChristian Poessinger
2021-09-22vrrp: keepalived: T3847: enable no_tag_node_value_mangle for get_config_dict()Christian Poessinger
Commit 761631d6 ("vrrp: keepalived: T3847: migrate to get_config_dict()") switched to the new python function get_config_dict(), when we deal with tag nodes that can contain a hyphen, we should also set no_tag_node_value_mangle in order to preserve it. This caused a dict lookup error as the hyphens in the test scripts got replaced by an _.
2021-09-21vrrp: keepalived: T3847: migrate/streamline CLI optionsChristian Poessinger
Rename virtual-address -> address as we always talk about an IP address.
2021-09-21vrrp: keepalived: T3847: add common transition-script building blockChristian Poessinger
This is used for both VRRP groups and sync-groups.
2021-09-21vrrp: keepalived: T3847: remove "transition-script mode-force" optionChristian Poessinger
2021-09-21vrrp: keepalived: T616: use common description building blockChristian Poessinger
2021-09-21vrrp: keepalived: T3847: migrate to get_config_dict()Christian Poessinger
2021-09-21vrrp: keepalived: T616: enable script securityChristian Poessinger
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived.
2021-09-21smoketest: vrrp: T616: add basic smoketest to verify keepalived configurationChristian Poessinger
2021-09-21xml: vrrp: T616: add missing valueHelp for "authentication type"Christian Poessinger
2021-09-21vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks featureChristian Poessinger
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file.
2021-09-21dhcp-server: T3839: support domain-search and ntp-server config per ↵Christian Poessinger
shared-network
2021-09-21xml: ospf: fix routing-passive-interface-xml.i includeChristian Poessinger
Commit a8b2e52148d ("xml: Update routing-passive-interface-xml.i file extension to standard .xml.i") only altered the RIP include statement but did not alter the OSPF include.
2021-09-21Merge pull request #1013 from sarthurdev/currentChristian Poessinger
github: Add .gitattributes to correct language detection
2021-09-21smoketest: ipsec: T1441: adjust to latest VTI/XFRM interface changesChristian Poessinger
Commit d768aee9 ("ipsec: T1441: Clean up vti-up-down script for XFRM interfaces") removed a parameter from the updown scripts which is no longer necessary as XFRM interfaces are superior to VTI interfaces b/c they use dynamic endpoints by default.
2021-09-20smoketest: use assertNotIn() in base interface testChristian Poessinger
2021-09-20ifconfig: T2104: cleanup IPv6 EUI-64 handling in update()Christian Poessinger
2021-09-20vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC"Christian Poessinger
Commit b7d30137b1 ("vyos.ifconfig: provide generic get_mac_synthetic() method") provided a common helper to generate MAC addresses used by EUI64 addresses for interfaces not having a layer2 interface (WireGuard or ip tunnel). The problem is that every call to the helper always yielded a new MAC address. This becomes problematic when IPv6 link-local addresses are generated and modified on the interface as multiple link-local (fe80::/64) addresses can easily be added to the interface leaving ... a mess. This commit changes the way how the "synthetic" MAC is generated, we generate a UUID which is stable as it is based on the interface name. We take out the last 48 bits of the UUID and form the "MAC" address.
2021-09-20xml: Update routing-passive-interface-xml.i file extension to standard .xml.isarthurdev
2021-09-20github: Add .gitattributes to override language detectionsarthurdev
2021-09-20vyos.ifconfig: T2738: can only read from a file when it existsChristian Poessinger
When IPv6 is disbaled on an interface also the sysfs files related to IPv6 for this interface vanish. We need to check if the file exists before we read it.
2021-09-20Merge pull request #1012 from lucasec/vti-enhancementsChristian Poessinger
ipsec: T1441: Clean up vti-up-down script for XFRM interfaces
2021-09-19ipsec: T1441: Clean up vti-up-down script for XFRM interfacesLucas Christian
2021-09-19vyos.ifconfig: T2738: do not remove OS assigned IP addresses from interfaceChristian Poessinger
When using VRRP on any given interface and performing an action against that interface - be it even only changing the alias - will trigger a removal of the VRRP IP address. The issue is caused by: # determine IP addresses which are assigned to the interface and build a # list of addresses which are no longer in the dict so they can be removed cur_addr = self.get_addr() for addr in list_diff(cur_addr, new_addr): When the script calls into the library - we will drop all IP addresses set on the adapter but not available in the config dict. We should only remove the IP addresses marked by the CLI to be deleted!
2021-09-19vyos.configdict: bugfix: leaf_node_changed() must return empty dict when ↵Christian Poessinger
node is added Commit f476e456 ("vyos.configdict: leaf_node_changed() must return empty dict when node is added") returned [''] as "empty" dict - but this is not empty. >>> if ['']: ... print('foo') ... foo It should rather be: []