Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-08-16 | Merge pull request #2150 from ↵ | John Estabrook | |
dmbaturin/T5271-openvpn-peer-fingerprint-restrictions T5271: allow OpenVPN peer-fingerprint to be used instead of a CA in site-to-site mode | |||
2023-08-16 | wireguard: T1843: add peer description CLI option | Christian Breunig | |
2023-08-15 | T5483: clean up tmp config file | John Estabrook | |
2023-08-15 | T5271: allow the user to specify either CA or peer fingerprint | Daniil Baturin | |
in OpenVPN site-to-site mode | |||
2023-08-15 | T5271: correct dict path in the template for OpenVPN peer fingerprint | Daniil Baturin | |
2023-08-15 | T5270: generate 'dh none' unconditionally when dh-params is no present | Daniil Baturin | |
The condition is useless since OpenVPN simply switches to ECDH in all modes when the classic DH prime is not specified | |||
2023-08-14 | pki: T5477: use Config instead of ConfigTreeQuery for defaults | John Estabrook | |
2023-08-13 | smoketest: T5467: verify OSPF(v3) interface removal in VRF context | Christian Breunig | |
Testcases after the bugfix in commit 011697508 ("T5467: removing ospf(v3) or isis interface in VRF context did not clear FRR config"). For ISIS change in the tests - do not run self_commit() in a for loop if not really necessary, this will slow down the tests. | |||
2023-08-13 | smoketest: openvpn: T5270: | Christian Breunig | |
This fixes the smoketest after the change in commit e7d7bd20b ("openvpn: T5270: do not require classic DH params in any more Generate 'dh none' instead and let OpenVPN use ECDH") ... as there is no exception raised 05:47:26 DEBUG - ====================================================================== 05:47:26 DEBUG - FAIL: test_openvpn_server_verify (__main__.TestInterfacesOpenVPN.test_openvpn_server_verify) 05:47:26 DEBUG - ---------------------------------------------------------------------- 05:47:26 DEBUG - Traceback (most recent call last): 05:47:26 DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_interfaces_openvpn.py", line 342, in test_openvpn_server_verify 05:47:26 DEBUG - with self.assertRaises(ConfigSessionError): 05:47:26 DEBUG - AssertionError: ConfigSessionError not raised | |||
2023-08-12 | smoketest: T5465: add config migration test for VLAN interface | Christian Breunig | |
2023-08-12 | Merge pull request #2117 from zdc/T5410-sagitta | Daniil Baturin | |
utils: T5410: Extended supported types in `convert_data()` | |||
2023-08-12 | T5160: fix merge regression | John Estabrook | |
2023-08-12 | T5467: removing ospf(v3) or isis interface in VRF context did not clear FRR ↵ | Christian Breunig | |
config To reproduce: set vrf name red table 2000 set vrf name red protocols ospf interface eth1 area 0 set vrf name red protocols ospf parameters router-id 1.1.1.1 set interfaces ethernet eth1 vrf red commit FRR now has an interface config vyos@vyos# vtysh -c "show run" no-header | sed -n "/^interface eth1/,/!/p" interface eth1 ip ospf area 0 ip ospf dead-interval 40 exit Now delete the interface from the OSPF(v3) or ISIS process delete vrf name red protocols ospf interface commit It's still there vyos@vyos# vtysh -c "show run" no-header | sed -n "/^interface eth1/,/!/p" interface eth1 ip ospf area 0 ip ospf dead-interval 40 exit ! Issue was caused in the FRR vtysh representation of an interface. It used to have a "vrf <name>" marker in earlier versions but FRR 8.5 and later no longer have the marker. So "interface eth1 vrf red" became "interface eth1" in vtysh, but our regex expected the "vrf" identifier when modifying FRR config. | |||
2023-08-11 | ipv6: T5464: add support for per-interface dad (duplicate address detection) ↵ | Christian Breunig | |
setting | |||
2023-08-11 | ipv6: T5464: use proper XML default for DAD transmits | Christian Breunig | |
This is only a cosmetic change so that the default value is properly retrieved from the defaultValue XML node. | |||
2023-08-11 | Merge pull request #2016 from nicolas-fort/T5160 | Christian Breunig | |
T5160: Firewall refactor | |||
2023-08-11 | Merge pull request #2148 from sever-sever/T5448 | Daniil Baturin | |
T5448: Move zabbix-agent to node monitoring | |||
2023-08-11 | interface: T5465: adjust-mss: config migration fails if applied to a VLAN or ↵ | Christian Breunig | |
Q-in-Q interface When migration from 1.3 to 1.4 and a user hat the following configured: options { interface eth0.10{ adjust-mss 1452 adjust-mss6 1432 } } The configuration was wrongly migrated to: interfaces { ethernet eth0.10 { ipv6 { adjust-mss "1432" } ip { adjust-mss "1452" } } Instead of interfaces { ethernet eth0 { vif 10 { ipv6 { adjust-mss "1432" } ip { adjust-mss "1452" } } } | |||
2023-08-11 | T5440: Restore pre/postconfig scripts if user deleted them | Apachez | |
Using variable ${vyos_rootfs_dir} instead of wildcard for both restore_if_missing_preconfig and restore_if_missing_postconfig. | |||
2023-08-11 | T5460: remove config-trap from firewall | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: fix regexep for connection-status. Create new file ↵ | Nicolas Fort | |
with common matcher for ipv4 and ipv6, and use include on all chains for all this comman matchers | |||
2023-08-11 | T5160: firewall refactor: change default value for <default-action> from ↵ | Nicolas Fort | |
<drop> to <accept> if default-action is not specified in base chains | |||
2023-08-11 | T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵ | Nicolas Fort | |
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip. | |||
2023-08-11 | T5160: firewall refactor: fix firewall template for correct rule parsing ↵ | Nicolas Fort | |
that contains fqnd and/or geo-ip in base chains. Fix mig script | |||
2023-08-11 | T5160: firewal refactor: fix tabulation for geo-ip parsing code. Typo fix in ↵ | Nicolas Fort | |
firewall smoketest | |||
2023-08-11 | T5160: T5250: while refactoring, fix reference column for op-mode command ↵ | Nicolas Fort | |
show_firewall_group. | |||
2023-08-11 | T5160: firewall refactor: change firewall ip to firewall ipv4 | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor. Update op-mode commands to new syntax. | Nicolas Fort | |
2023-08-11 | T5160: firewall refactor: re-add missing code in template.py which was ↵ | Nicolas Fort | |
accidentaly removed. Update smokestest: remove zone test and fix test_sysfs test | |||
2023-08-11 | T5160: firewall refactor: new cli structure. Add migration script and update ↵ | Nicolas Fort | |
smoketest | |||
2023-08-11 | T5160: firewall refactor: new cli structure. Update jinja templates, python ↵ | Nicolas Fort | |
scripts and src firewall | |||
2023-08-11 | T5160: firewall refactor: new cli structure. Update only all xml | Nicolas Fort | |
2023-08-11 | T5448: Move zabbix-agent to node monitoring | Viacheslav Hletenko | |
Move 'service zabbix-agent' => 'service monitoring zabbix-agent' | |||
2023-08-11 | Merge pull request #2147 from jestabro/remaining-defaults | Viacheslav Hletenko | |
T5434: remove reamining calls to incorrect defaults | |||
2023-08-11 | Merge pull request #2146 from dmbaturin/T5270-openvpn-dh-optional | Christian Breunig | |
openvpn: T5270: do not require classic DH params in any mode | |||
2023-08-10 | T5319: remove defaults workarounds in vyos-domain-resolver.py | John Estabrook | |
2023-08-10 | T5434: use package specific cache in nosetests | John Estabrook | |
2023-08-10 | T5434: drop unneeded cache generation from old lib | John Estabrook | |
2023-08-10 | T5434: use get_defaults instead of defaults | John Estabrook | |
2023-08-10 | T5434: use auto-defaults in op-mode pki.py | John Estabrook | |
2023-08-10 | T5434: remove unneeded import | John Estabrook | |
2023-08-10 | T5434: replace import of component_version | John Estabrook | |
2023-08-10 | xml: T5218: fix typo in component_version | John Estabrook | |
2023-08-10 | T5319: remove workaround in op-mode show_openconnect_otp.py | John Estabrook | |
2023-08-10 | Merge pull request #2140 from sever-sever/T5448 | Daniil Baturin | |
T5448: Add service zabbix-agent | |||
2023-08-10 | openvpn: T5270: do not require classic DH params in any more | Daniil Baturin | |
Generate 'dh none' instead and let OpenVPN use ECDH | |||
2023-08-10 | tunnel: T5223: clear GRE key id after deletion | srividya0208 | |
2023-08-10 | Merge pull request #2144 from dmbaturin/T5271-openvpn-peer-fingerprint | Christian Breunig | |
openvpn: T5271: add peer certificate fingerprint option | |||
2023-08-09 | openvpn: T5271: add peer certificate fingerprint option | Daniil Baturin | |
2023-08-09 | Merge pull request #2143 from dmbaturin/T5273-cert-fingerprint | Viacheslav Hletenko | |
pki: T5273: add a certificate fingerprint command |