Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-05-30 | Merge pull request #3546 from c-po/haproxy | Christian Breunig | |
reverse-proxy: T6419: build full CA chain when verifying backend server | |||
2024-05-30 | Merge pull request #3547 from c-po/container-fixes | Christian Breunig | |
container: T6406: fix NameError: name 'vyos' is not defined | |||
2024-05-30 | Merge pull request #3551 from c-po/hostname-priority | Christian Breunig | |
hostname: T6421: enforce explicit CLI priority for host-name and domain-name | |||
2024-05-30 | vyos.ifconfig: T6421: verify /etc/hostname exists before reading | Christian Breunig | |
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com> | |||
2024-05-30 | hostname: T6421: enforce explicit CLI priority for host-name and domain-name | Christian Breunig | |
To prevent any possible races in the future the host-name and domain-name nodes should be set with explicit priorities! | |||
2024-05-30 | Merge pull request #3549 from sever-sever/T6415-dispatch | Vijayakumar A | |
T6415: Allow repo-sync workflow to be triggered manually | |||
2024-05-30 | T6415: Enable repo-sync workflow to be triggered manually | Viacheslav Hletenko | |
2024-05-29 | container: T6406: fix NameError: name 'vyos' is not defined | Christian Breunig | |
Commit 74910564f ("T6406: rename cpus to cpu") did not import the function from the Python module. | |||
2024-05-29 | reverse-proxy: T6419: build full CA chain for frontend SSL certificate | Christian Breunig | |
2024-05-29 | reverse-proxy: T6419: build full CA chain when verifying backend server | Christian Breunig | |
2024-05-29 | reverse-proxy: T5231: remove frontend ca-certificate code path | Christian Breunig | |
The code path to handle the ca certificate used for the frontend service is removed, as there is no way on the XLI to define the CA certificate used for the frontend service. | |||
2024-05-29 | reverse-proxy: T5231: better mark v4v6 listen any address | Christian Breunig | |
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement, where the later one is more humand readable. Both act in the same way. | |||
2024-05-29 | op-mode: T5231: add command to restart reverse-proxy | Christian Breunig | |
2024-05-29 | nat: T6371: fix op mode display of configured ports when comma separated ↵ | Ginko | |
list of ports/ranges exists Before: Issuing the op mode command "show nat source rules" will throw an exception if the user has configured NAT rules using a list of ports as a comma-separated list (e.g. '!22,telnet,http,123,1001-1005'). Also there was no handling for the "!" rule and so '!53' would display as '53'. With this PR: Introduced iteration to capture all configured ports and append to the appropriate string for display to the user as well as handling of '!' if present in user's configuration. | |||
2024-05-29 | Merge pull request #3543 from sever-sever/T6415-fix | Christian Breunig | |
T6415: Fix variables for repo sync | |||
2024-05-29 | Merge pull request #3541 from dmbaturin/T6374-openvpn-s2s-tls-validation-fix | Christian Breunig | |
openvpn: T6374: only check TLS role for s2s if TLS is configured | |||
2024-05-29 | T6415: Fix variables for repo sync | Viacheslav Hletenko | |
2024-05-29 | openvpn: T6374: only check TLS role for s2s if TLS is configured | Daniil Baturin | |
2024-05-29 | Merge pull request #3540 from sever-sever/T6415-reuse | Daniil Baturin | |
T6349: Reuse repo sync | |||
2024-05-29 | T6349: Reuse repo sync | Viacheslav Hletenko | |
2024-05-29 | Merge pull request #3534 from sever-sever/T6411 | Daniil Baturin | |
T6411: CGNAT fix sequences for external address ranges | |||
2024-05-29 | Merge pull request #3537 from fett0/T6332 | Christian Breunig | |
ISIS: T6332: Fix isis not working only ipv6 | |||
2024-05-29 | ISIS: T6332: Fix isis not working only ipv6 | fett0 | |
2024-05-28 | Merge pull request #3528 from dmbaturin/T6374-openvpn-s2s-tls-validation | Christian Breunig | |
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | |||
2024-05-28 | Merge pull request #3533 from natali-rs1985/T6389-current | John Estabrook | |
op_mode: T6389: Check architecture and flavor compatibility on upgrade attempts | |||
2024-05-28 | Merge pull request #3529 from HollyGurza/T5786 | Christian Breunig | |
T5786: Add set/show system image to /image endpoint | |||
2024-05-28 | container: T6406: add CLI option for cpu-quota | Christian Breunig | |
2024-05-28 | T6411: CGNAT fix sequences for external address ranges | Viacheslav Hletenko | |
Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set) | |||
2024-05-28 | op mode: T6389: Check architecture and flavor compatibility on upgrade attempts | Nataliia Solomko | |
2024-05-28 | T6406: rename cpus to cpu | Nicolas Vollmar | |
2024-05-28 | T6406: add container cpu limit option | Nicolas Vollmar | |
2024-05-27 | T6406: check for required kernel config | Nicolas Vollmar | |
2024-05-27 | T5786: Add set/show system image to /image endpoint | khramshinr | |
2024-05-27 | openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS | Daniil Baturin | |
2024-05-27 | Merge pull request #3522 from c-po/smoketest-NOIOMMU | Christian Breunig | |
smoketest: T6395: check for VFIO options to be present | |||
2024-05-27 | Merge pull request #3523 from Embezzle/T6402 | Christian Breunig | |
reverse-proxy: T6402: Fix invalid checks in validation script | |||
2024-05-26 | reverse-proxy: T6402: Fix invalid checks in validation script | Alex W | |
2024-05-26 | smoketest: T6395: check for VFIO options to be present | Christian Breunig | |
2024-05-26 | Merge pull request #3517 from c-po/pki-t6377 | Christian Breunig | |
op-mode: T6377: must call pki.py helper as root to work with ACME certificates | |||
2024-05-26 | Merge pull request #3518 from c-po/pki-t6400 | Christian Breunig | |
op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificates | |||
2024-05-25 | op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificates | Christian Breunig | |
This fixes (for and ACME generated certificate) vyos@vyos:~$ show pki certificate vyos fingerprint sha512 Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module> show_certificate_fingerprint(args.certificate, args.fingerprint) File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint print(get_certificate_fingerprint(cert, hash)) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint fp = cert.fingerprint(hash_algorithm) ^^^^^^^^^^^^^^^^ AttributeError: 'bool' object has no attribute 'fingerprint' After the fix: vyos@vyos# run show pki certificate vyos fingerprint sha256 10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2 | |||
2024-05-25 | op-mode: T6377: must call pki.py helper as root to work with ACME certificates | Christian Breunig | |
This fixes the error: vyos@vyos:~$ show pki certificate Traceback (most recent call last): File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem') ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file raise e File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file with open(fname, 'r') as f: ^^^^^^^^^^^^^^^^ PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem' | |||
2024-05-24 | load-balancing haproxy: T6391: fix typo in timeout help (#3513) | Gregor Michels | |
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de> | |||
2024-05-23 | Merge pull request #3399 from 0xThiebaut/suricata | Christian Breunig | |
suricata: T751: Initial support for suricata | |||
2024-05-23 | suricata: T751: use key_mangling in get_config_dict() | Christian Breunig | |
2024-05-23 | suricata: T751: remove implicit default dictionary | Christian Breunig | |
2024-05-23 | suricata: T751: move CLI from "service ids suricata" -> "service suricata" | Christian Breunig | |
2024-05-23 | Merge pull request #3487 from Embezzle/T6370 | Christian Breunig | |
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses | |||
2024-05-23 | Merge pull request #3507 from c-po/nat-T6345 | Daniil Baturin | |
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 | |||
2024-05-23 | Merge pull request #3505 from c-po/nat66-T6365 | Daniil Baturin | |
nat66: T6365: remove warnings for negated interface selections by name |