Age | Commit message (Collapse) | Author |
|
ipsec.py
|
|
|
|
Our python scripts use the shebang logic to set an intepreter - we should
rely on this and not use an external interpreter in front of the helper.
|
|
|
|
|
|
script
Sorting DHCP pools and filtering for state can now be done using the new op-mode
mode scripts in DHCP. This allows us to drop the old helpers show_dhcp.py and
show_dhcpv6.py.
|
|
script
Remaining functionality to filter NAT translations for a given address
got implemented to nat.py - with this cahnge we can drop the old files
show_nat*.py
|
|
T4890: Fixed op_mode show conntrack table ipv4
|
|
Fixed op_mode show conntrack table ipv4
Created check on empty column "mark"
|
|
T4866: rewrite show_interfaces.py show* functions to standardized op-mode
|
|
|
|
|
|
|
|
|
|
- show log router-advert
- monitor log router-advert
|
|
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new
feature to set the RA source-address. Unfortunately it missed a semicolon.
|
|
|
|
T4886: Firewall and route policy: Add connection-mark feature to vyos.
|
|
T4879: IPsec migration script remote-id for peer name eq address
|
|
Migration for "remote-id" where peer is IPv4 or IPv6 address
was missed
It was only migration if peer starts with "@"
It cause that you must manualy set 'remote-id' to get it working
correctly
replace 'vpn ipsec site-to-site peer 192.0.2.2'
=> 'vpn ipsec site-to-site peer peer_192-0-2-2 authentication remote-id 192.0.2.2'
|
|
Commit cca7ec3e ("T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)")
extended the smoketests but used int over str when calilng the CLI wrapper.
This led to:
TypeError: sequence item 7: expected str instance, int found
|
|
|
|
|
|
|
|
T4832: dhcp: Add IPv6-only dhcp option support (RFC 8925)
|
|
op-mode: T707: remove dedicated calls to sudo in vpn_ipsec
|
|
As the script itself (vpn_ipsec.py) is already invoked using sudo, there is no
further need to also call sudo inside the script again.
|
|
op-mode: T707: explicitly use sudo when working with RAID devices
|
|
|
|
op-mode: T4767: drop sudo calls when working with QAT/acceleration subsystem
|
|
As the API daemon has the proper permissions and also the CLI op-mode calls the
script already with "sudo", there is no need to call "sudo" inside this script,
again.
|
|
|
|
Required to solve Use of team reviewers results in: "Could not resolve to a
node with the global id of..." error as mentioned by:
https://github.com/shufo/auto-assign-reviewer-by-files
|
|
Unfortunately we always used the wrong syntax.
According to https://github.com/shufo/auto-assign-reviewer-by-files
we should use: ` - team: baz`
|
|
The implementation of is_node_changed() is less error prone and should always
be favoured.
|
|
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
|
|
login: T4751: 2FA OTP key generator in VyOS CLI
|
|
T4884: snmpd: add community6 fallback
|
|
firewall: T4882: add missing ICMPv6 type names
|
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
4. Fixed generation dest local sections in squidGuard.conf
5. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
|
|
T4809: radvd: Allow the use of AdvRASrcAddress
|
|
routing: T1237: Add new feature failover route
|
|
This add the AdvRASrcAddress configuration option to configure
a source address for the router advertisements. The source
address still must be configured on the system. This is useful
for VRRP setups where you want fe80::1 on the VRRP interface
for cleaner VRRP failovers.
|
|
If no client and network is defined only a `community` config
is created. This also adds the `community6` part
|
|
bonding: T4878: Fixed unnecessary bonding flapping during commit
|
|
|
|
There was a mistake in a config level that caused triggering the
`shutdown_required` flag, even if there were no new interfaces added to a
bonding.
This commit sets the proper config level to avoid the problem.
|
|
Failover route allows to install static routes to the kernel routing
table only if required target or gateway is alive
When target or gateway doesn't respond for ICMP/ARP checks this route
deleted from the routing table
Routes are marked as protocol 'failover' (rt_protos)
cat /etc/iproute2/rt_protos.d/failover.conf
111 failover
ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover
$ sudo ip route show proto failover
203.0.113.1 via 192.0.2.1 dev eth0 metric 1
So we can safely flush such routes
|
|
ocserv: T4881: return vyos.opmode.Errors on failure
|
|
|