summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-01-01vyos-configd: T4942: include config-management scriptChristian Breunig
2024-01-01vyos-configd: T563: include webproxy scriptChristian Breunig
2024-01-01vyos-configd: T4222: include SLA (OWAMP and TWAMP) scriptChristian Breunig
2024-01-01vyos-configd: T5261: include AWS GLB scriptChristian Breunig
2024-01-01Merge pull request #2731 from jestabro/copy-preserve-ownerJohn Estabrook
image-tools: T5883: preserve file owner in /config on add system update
2024-01-01Merge pull request #2728 from c-po/verify-T5880Viacheslav Hletenko
T5880: verify_source_interface() should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces
2024-01-01Merge pull request #2726 from c-po/login-T5875-part2Christian Breunig
login: T5875: restore home directory permissions only when needed
2024-01-01Merge pull request #2724 from sever-sever/T3476Christian Breunig
T3476: Add option latest to add system image
2023-12-31image-tools: T5883: preserve file owner in /config on add system updateJohn Estabrook
2024-01-01tunnel: T5879: properly verify source-interface used for tunnelsChristian Breunig
A tunnel interface can not properly be sourced from a pppoe0 interface when such interface is not (yet) connected to the BRAS. It might work on a running system, but subsequent reboots will fail as the source-interface most likely does not yet exist.
2024-01-01configverify: T5880: raise exception if interfaces sourced form dynamic ↵Christian Breunig
interfaces Interfaces matching the following regex (ppp|pppoe|sstpc|l2tp|ipoe)[0-9]+ can not be used as source-interface for e.g. a tunnel. The main reason is that these are dynamic interfaces which come and go from a kernel point of view, thus it's not possible to bind an interface to them.
2024-01-01login: T5875: restore home directory permissions only when neededChristian Breunig
This improves commit 3c990f49e ("login: T5875: restore home directory permissions when re-adding user account") in a way that the home directory owner is only altered if it differs from the expected owner. Without this change on every boot we would alter the owner which could increase the boot time if the home of a user is cluttered.
2024-01-01Merge pull request #2729 from c-po/rename-T5474Christian Breunig
T5474: establish common file name pattern for XML conf mode commands
2023-12-31T5474: establish common file name pattern for XML conf mode commandsChristian Breunig
We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in
2023-12-31Merge pull request #2696 from indrajitr/kea-lfc-fixChristian Breunig
dhcp: T3316: Adjust kea lease files' location and permissions
2023-12-30Merge pull request #2707 from lucasec/t5870Christian Breunig
T5870: ipsec remote access VPN: add x509 ("pubkey") authentication.
2023-12-30T5870: ipsec remote access VPN: add x509 ("pubkey") authentication.Lucas Christian
2023-12-30T3476: Add option latest to add system imageViacheslav Hletenko
Add option `latest` for op-mode command `add system image` If the update check is configured we can get the remote `latest` version from conrfgure URL ``` set system update-check url 'https://example.com/version.json' ``` This way we can use "latest" option for image update: ``` add system image latest ```
2023-12-30ipsec: T1210: extend remote-access smoketest with IP pool configurationChristian Breunig
This extends commit 1a84c4d0e ("ipsec: T1210: add smoketest for remote-access (road-warrior) users") in a way that also the IPv4 pool and its DNS servers get validated. There is no separate IPv6 test, as both address families behave the same way when configuring these.
2023-12-30Merge pull request #2722 from c-po/t1210-ipsec-smoketestViacheslav Hletenko
ipsec: T1210: add smoketest for remote-access (road-warrior) users
2023-12-30ipsec: T1210: add smoketest for remote-access (road-warrior) usersChristian Breunig
2023-12-30Merge pull request #2716 from c-po/login-t5875Christian Breunig
login: T5875: restore home directory permissions when re-adding user account
2023-12-30Merge pull request #2718 from indrajitr/shorten-domain-search-pathChristian Breunig
system: T5877: Shorten system domain-search config path
2023-12-30smoketest: remove base accel-ppp testcase function commentsChristian Breunig
Python unittest framework treads the comments as test names during execution: Example: test_accel_ipv4_pool (__main__.TestVPNPPTPServer.test_accel_ipv4_pool) Test accel-ppp IPv4 pool ... ok
2023-12-30Merge pull request #2711 from aapostoliuk/T5688-fixes-2Christian Breunig
T5688: Fixed ip pool migration scripts for l2tp, sstp, pppoe
2023-12-29system: T5877: Update smoketests for domain-search and related configIndrajit Raychaudhuri
In addition to testing for shortening the domain-search path, add and improve tests for other resolv.conf entries.
2023-12-29system: T5877: Shorten system domain-search config pathIndrajit Raychaudhuri
Shorten and simplify `system domain-search` config path from: ``` set system domain-search domain <domain1> ``` to: ``` set system domain-search <domain1> ``` This will shorten the path and also make consistent with `domain-search` config in other places (like `dhcp-server`).
2023-12-29login: T5875: restore home directory permissions when re-adding user accountChristian Breunig
After deleting a user account and working with a newly added account, we see that after rebooting in the previously saved configuration, the user is re-added but it's home directory might have an old UID set on the filesystem. This is due to the fact that vyos config does not store UIDs. When adding a user account to the system we now check if the home directory already exists and adjust the ownership to the new UID.
2023-12-29Merge pull request #2715 from indrajitr/shell-quote-fixChristian Breunig
tacacs: T141: Wrap string in double quotes to allow expansion
2023-12-29tacacs: T141: Wrap string in double quotes to allow expansionIndrajit Raychaudhuri
2023-12-29smoketest: T5688: pppoe-server support multiple client-ip-pool subnetsChristian Breunig
2023-12-29dhcp: T3316: Add `_kea` user as vyattacfg group memberIndrajit Raychaudhuri
Allowing `_kea` to be a member of `vyattacfg` group allows kea-dhcp{4,6}-server to have access to DHCP lease directory under `/config/` and thus have ability to manipupate the leases files.
2023-12-29Merge pull request #2704 from c-po/template-t5869Christian Breunig
vyos.template: T5869: first_host_address() does not honor RFC4291 section 2.6.1
2023-12-29Merge pull request #2709 from c-po/nat-T5681Christian Breunig
nat: T5681: relax wording on non existing interface Warning message
2023-12-29Merge pull request #2710 from c-po/container-smoketestViacheslav Hletenko
smoketest: T5867: extend container tests for IPv4 and IPv6 networks
2023-12-29T5688: Fixed ip pool migration scripts for l2tp, sstp, pppoeaapostoliuk
Fixed migration 'subnet' option in l2tp, sstp, pppoe. 'subnet' option can contain several values.
2023-12-29smoketest: T5867: extend container tests for IPv4 and IPv6 networksChristian Breunig
2023-12-29nat: T5681: relax wording on non existing interface Warning messageChristian Breunig
Remove the word "error" from a Warning only message to not irritate the user.
2023-12-29tests: T5869: consolidate duplicated test casesChristian Breunig
We have had duplicated test cases in test_jinja_filters.py and test_template.py, They have been consolidated into test_template.py.
2023-12-29vyos.template: T5869: first_host_address() does not honor RFC4291 section 2.6.1Christian Breunig
The subnet router anycast address is predefined. Its format is as follows: | n bits | 128-n bits | +------------------------------------------------+----------------+ | subnet prefix | 00000000000000 | +------------------------------------------------+----------------+ The "subnet prefix" in an anycast address is the prefix that identifies a specific link. This anycast address is syntactically the same as a unicast address for an interface on the link with the interface identifier set to zero. Packets sent to the Subnet-Router anycast address will be delivered to one router on the subnet. All routers are required to support the Subnet-Router anycast addresses for the subnets to which they have interfaces. The Subnet-Router anycast address is intended to be used for applications where a node needs to communicate with any one of the set of routers. Our code as of now returns the subnet router anycast address as the first_host_address().
2023-12-29smoketest: T5840: fix for latest CLI changes in mac address nodeChristian Breunig
2023-12-29dhcp: T3316: Adjust kea lease files' location and permissionsIndrajit Raychaudhuri
Move the kea lease file to a separate directory `/config/dhcp` that `kea` process can write to so that subprocesses spawned by `kea` process can operate on the lease files. To allow `kea` process to write to `/config/dhcp`, add `_kea` user to `vyattacfg` group. And the lease files are owned completely by `_kea` user to play well with `kea-lfc` process. Specifically, this is necessary for `kea-lfc` which is spawned by `kea` process to clean up expired leases. Since `kea-lfc` creates additional backup lease files, it needs write access to the lease file directory. Additionally, change the extension of the lease file from `.leases` to `.csv` to reflect the actual file format.
2023-12-28Merge pull request #2703 from c-po/ddclient-t5852Daniil Baturin
ddclient: T5852: add missing priority
2023-12-28ddclient: T5852: add missing priorityChristian Breunig
Running ddclient on a VLAN interface will fail during reboot as there is no discrete priority to tell that the dynamic DNS service needs to be started after the interfaces.
2023-12-28Merge pull request #2699 from c-po/container-t5867Christian Breunig
container: T5867: disable healthchecks due to upstream issue
2023-12-28Merge pull request #2698 from c-po/t5866-radvdChristian Breunig
op-mode: T5866: Add command to restart IPv6 RA daemon
2023-12-28container: T5867: disable healthchecks due to upstream issueChristian Breunig
conmon 402de34b31388b5a2e1c <error>: Unable to send container stderr message to parent Broken pipe https://github.com/containers/conmon/issues/438
2023-12-28op-mode: T5866: Add command to restart IPv6 RA daemonChristian Breunig
vyos@vyos:~$ restart router-advert
2023-12-28container: T5829: fix base key "container" re-use in for loopChristian Breunig
2023-12-28container: T5829: verify container network used supports the given AFIChristian Breunig