summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-07-31bgp: vrf: T3694: cannot delete default BGP instance when VRF BGP instance existsChristian Poessinger
2021-07-31sysctl: T3716: remove IPv4/6 routes from FIB when link goes downChristian Poessinger
For more information see: * https://programmersought.com/article/62242485344/ * https://www.spinics.net/lists/netdev/msg332453.html * https://github.com/FRRouting/frr/blob/master/doc/user/Useful_Sysctl_Settings.md
2021-07-31sysctl: T671: add missing net.ipv6.route.skip_notify_on_dev_down settingChristian Poessinger
Recommended by FRR best deafults https://github.com/FRRouting/frr/blob/master/doc/user/Useful_Sysctl_Settings.md
2021-07-30Merge pull request #949 from sever-sever/T1176-currChristian Poessinger
bgp: T1176: Add solo option for neighbor
2021-07-30router-advert: T2745: use template common coding style in for loopsChristian Poessinger
2021-07-30bgp: T1176: Add solo option for neighborViacheslav
2021-07-30Merge pull request #947 from bstepler/T3694Christian Poessinger
configd: T3694: always set script.argv
2021-07-30vyos.util: drop custom implementations in favor of is_systemd_service_running()Christian Poessinger
Commit f520182b ("vyos.util: add is_systemd_service_running() helper function") added a new helper function that can be used to check if a systemd service is running. Drop all custom implementations in favor of this library call.
2021-07-30vyos.util: add is_systemd_service_running() helper functionChristian Poessinger
Test is a specified systemd service is actually running. Returns True if service is running, false otherwise.
2021-07-29configd: T3694: always set script.argvBrandon Stepler
Several scripts imported by vyos-configd (including src/conf_mode/protocols_static.py) rely on argv for operating on VRFs. Always setting script.argv in src/services/vyos-configd ensures those scripts will operate on the default VRF when called with no arguments. Otherwise, a stale argv might cause those scripts to operate on the last modified VRF instead of the default VRF.
2021-07-29ipsec: T1210: add op-mode command to print Windows connection profileChristian Poessinger
2021-07-29Merge pull request #945 from DmitriyEshenko/1x-29072021-01Daniil Baturin
dhcp-server: T2432: Run dhcpd in group vyattacfg to allow recreate le…
2021-07-29dhcp-server: T2432: Run dhcpd in group vyattacfg to allow recreate lease filesDmitriyEshenko
2021-07-27ipsec: T3705: bugfix for VTI interfaces no honoring default-esp-groupChristian Poessinger
2021-07-26smoketest: config: azure: also utilize "default-esp-group" featureChristian Poessinger
2021-07-26ipsec: T1210: remote-access connections only work with IKEv2Christian Poessinger
2021-07-26ipsec: T1210: extend support for iOS profile generationChristian Poessinger
$ generate ipsec mac-ios-profile <connection> remote <ip>
2021-07-25tunnel: T3366: re-order migration scriptsChristian Poessinger
The migrator from 20-to-21 is required as 19-to-20 on VyOS 1.3 - thus simply rename/reorder the two migrators to not break things the hard way when upgrading from 1.3 -> 1.4.
2021-07-25ifconfig: T2653: obey conding styleChristian Poessinger
2021-07-25xml: tunnel: use source-interface building blockChristian Poessinger
2021-07-25ipsec: T1210: add RADIUS authentication for remote-access IKEv2 VPNChristian Poessinger
set vpn ipsec remote-access connection rw authentication client-mode 'eap-radius' set vpn ipsec remote-access connection rw authentication id '192.0.2.1' set vpn ipsec remote-access connection rw authentication server-mode 'x509' set vpn ipsec remote-access connection rw authentication x509 ca-certificate 'CAcert_Class_3_Root' set vpn ipsec remote-access connection rw authentication x509 certificate 'vyos' set vpn ipsec remote-access connection rw esp-group 'ESP-RW' set vpn ipsec remote-access connection rw ike-group 'IKE-RW' set vpn ipsec remote-access connection rw local-address '192.0.2.1' set vpn ipsec remote-access connection rw pool 'ra-rw-ipv4' set vpn ipsec remote-access connection rw unique 'never' set vpn ipsec remote-access pool ra-rw-ipv4 name-server '192.0.2.2' set vpn ipsec remote-access pool ra-rw-ipv4 prefix '192.168.22.0/24' set vpn ipsec remote-access radius nas-identifier 'fooo' set vpn ipsec remote-access radius server 172.16.100.10 key 'secret'
2021-07-25xml: add building block for RADIUS nas-identifierChristian Poessinger
2021-07-25ipsec: T1210: move DHCP server configuration unter remote-access nodeChristian Poessinger
As this is only related to remote-access, keeping it under "options" simply feels wrong.
2021-07-23Merge pull request #939 from sarthurdev/pki_fileChristian Poessinger
pki: T3642: Add ability to write generated certificates/keys to files
2021-07-23frr: T2175: remove no longer required loop when removing routing protocolsChristian Poessinger
2021-07-23login: T3699: verify system username does not conflict with Linux base usersChristian Poessinger
(cherry picked from commit 7292631373ea50f9908796ef2eda32e672d1df2e)
2021-07-23pki: T3642: Add ability to write generated certificates/keys to specified ↵sarthurdev
filenames
2021-07-22op-mode: xml: rename definition file for "generate wireguard" commandChristian Poessinger
2021-07-22pki: wireguard: T3642: remove obsolete op-mode scriptChristian Poessinger
As the keys are now stored inside the CLI configuration and no longer in a file on the filesystem, this command is no longer required. Also there are dedicated CLI commands available to display the additional Wireguard information. - show interfaces wireguard wg10 - show interfaces wireguard wg10 summary
2021-07-22pki: wireguard: T3642: remove obsolete "show wireguard keypairs" commandChristian Poessinger
As the keys are now stored inside the CLI configuration and no longer in a file on the filesystem, this command is no longer required.
2021-07-22pki: wireguard: T3642: remove obsolete "delete wireguard keypair" commandChristian Poessinger
As the keys are now stored inside the CLI configuration and no longer in a file on the filesystem, this command is no longer required.
2021-07-22Merge pull request #937 from jack9603301/T3698Christian Poessinger
bridge: op-mode: T3698: Support bridge monitoring
2021-07-22pki: wireguard: T3642: add new op-mode command for public-keyChristian Poessinger
Per interface public-key can now be retrieved via: vyos@vyos:~$ show interfaces wireguard wg10 public-key +XZr0oUjYRQuB/kcO1f+puOjKkiOWBG8eZX1Jpyq2n0=
2021-07-22xml: op-mode: move "show interfaces wireguard" to dedicated fileChristian Poessinger
2021-07-23bridge: op-mode: T3698: Support bridge monitoringjack9603301
2021-07-22ipsec: T2816: remove "auto-update" CLI optionChristian Poessinger
Update/refresh of DNS records is now handled internally by Strongswan.
2021-07-22xml: add building block for "local-users"Christian Poessinger
2021-07-22Merge pull request #936 from jack9603301/T3667Christian Poessinger
bridge: op-mode: T3667: Fix displaying members of a specific bridge interface
2021-07-22Merge pull request #935 from sarthurdev/pki_httpsChristian Poessinger
pki: https: T3642: Migrate HTTPS to use PKI configuration
2021-07-23bridge: op-mode: T3667: Fix displaying members of a specific bridge interfacejack9603301
2021-07-22pki: https: T3642: Migrate HTTPS to use PKI configurationsarthurdev
2021-07-22Merge pull request #934 from sarthurdev/pki_openvpnChristian Poessinger
pki: openvpn: T3642: Migrate OpenVPN to PKI and refactor
2021-07-21pki: openvpn: T3642: Migrate OpenVPN to PKI and refactorsarthurdev
2021-07-20ipsec: T1210: create uuid from empty string in ios profileChristian Poessinger
2021-07-20ipsec: T1210: add op-mode command for macOS and iOS profile generationChristian Poessinger
generate ipsec mac-ios-profile <connection> remote <ip|fqdn> will generate a matching IPSec profile which can be loaded on an iOS device.
2021-07-20Merge pull request #931 from sarthurdev/pki_eapolChristian Poessinger
pki: eapol: T3642: Migrate EAPoL to use PKI configuration
2021-07-20pki: eapol: T3642: Migrate EAPoL to use PKI configurationsarthurdev
2021-07-20pki: T3642: Fix Wireguard migration commentsarthurdev
2021-07-20Merge pull request #930 from sarthurdev/pki_migrationChristian Poessinger
pki: openconnect: sstp: T3642: Migrate OpenConnect and SSTP to PKI configuration
2021-07-20pki: sstp: T3642: Migrate SSTP to PKI configurationsarthurdev