summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-04-20Merge pull request #1963 from sarthurdev/pki_fixChristian Breunig
pki: T3642: Fix show command if no CA certs are present
2023-04-19Merge pull request #1958 from srividya0208/T5159Daniil Baturin
op-mode: T5159: dhcpv6 incorrect warning message
2023-04-19op-mode: T5159: dhcpv6 incorrect warning messagesrividya0208
The operational command "show dhcpv6 server leases" shows a warning message e ven if dhcpv6 setting are configured and ipv6 address got assigned to clients.
2023-04-18pki: T3642: Fix show command if no CA certs are presentsarthurdev
2023-04-17op-mode: bgp: T1315: add VNI related commandsChristian Breunig
This extends commit 3fa1092930c (op-mode: bgp: support VRF related "show bgp vrf" commands). vyos@vyos:~$ show bgp vni Possible completions: 1-16777215 VXLAN network identifier (VNI) number all vyos@vyos:~$ show bgp vni 1 type Possible completions: 1 EAD (Type-1) route 2 MAC-IP (Type-2) route 3 Multicast (Type-3) route ead EAD (Type-1) route macip MAC-IP (Type-2) route multicast Multicast (Type-3) route vyos@vyos:~$ show bgp vni 1 vtep Possible completions: <x.x.x.x> Remote VTEP IP address
2023-04-17bgp: T3734: only support "l2vpn-evpn advertise-all-vni" in default VRFChristian Breunig
2023-04-17Merge pull request #1961 from sever-sever/T5137Christian Breunig
T5137: Refactoring show tech-support report
2023-04-17T5137: Refactoring show tech-support reportViacheslav Hletenko
Split script to small functions for flexible output reports. Improve header for commands. Each funciton easily can be modified or extended. Remove splitting command/output via percent symbol. Remove old commands and directiories like /etc/rc.local, iptables, brctl, etc. Remove ethtool operation for subinterfaces. Extend ethtool debug output. Add correct nftables command.
2023-04-15smoketest: T5150: remove deprecated testsChristian Breunig
There is no need for protocol specific embedded smoketests as the route-map option got removed. Tests are now conducted under the new CLI tree.
2023-04-15vyos.ifconfig: T2104: support adding and removing VLANs in one call.Christian Breunig
VLANIf('eth0.10').remove() will create and remove the VLAN in one command. Thus one can ensure when calling remove() on a VLAN it will always succeed.
2023-04-14Merge pull request #1959 from ServerForge/currentChristian Breunig
T5162: Updated configd-include.json to remove extra comma.
2023-04-14T5162: Updated configd-include.json to remove extra comma.KyleM
removed extra comma invalidating json.
2023-04-14container: T5082: enable aardvark-dns supportChristian Breunig
With commit 0ea3e1420 ("container: T5082: switch to netavark network stack") moving to a new network stack we should also enable the new DNS plugin provided by default. TODO: add CLI nodes to manually disable DNS and/or supply external DNS servers to the container.
2023-04-14container: T5082: shorten container network prefix to allow longer namesChristian Breunig
If the name of the network + the length of the podman- prefix exceeds the maximum supported length of netavark we get an error: Error: netavark: get bridge interface: Netlink error: Numerical result out of range (os error 34)
2023-04-13Merge pull request #1943 from c-po/t5150-frrDaniil Baturin
T5150: implementation of new Kernel/Zebra route-map support
2023-04-13xml: T5137: fix empty node.def filesChristian Breunig
2023-04-13Merge pull request #1930 from mkorobeinikov/currentChristian Breunig
T5137: refactoring the tech-support command
2023-04-13xml: dns: T5143: valueHelp format should be txt instead of textChristian Breunig
The (v)bash completion helpers trigger on the "txt" keyword for the valueHelp strings when asking for the tab completion helper. Replace text -> txt
2023-04-13T5150: migrate CLI configs to new Kernel/Zebra route-map supportChristian Breunig
2023-04-13T5150: initial VRF support for Kernel/Zebra route-map filteringChristian Breunig
2023-04-13T5150: do not apply zebra route-map from routing-daemon config levelChristian Breunig
2023-04-13T5150: initial implementation of new Kernel/Zebra route-map supportChristian Breunig
It is possible to install a route-map which filters the routes between routing daemons and the OS kernel (zebra) As of now this can be done by e.g. * set protocols ospf route-map foo * set protocols ospfv3 route-map foo * set protocols bgp route-map foo Which in turn will install the following lines into FRR * ip protocol ospf route-map foo * ipv6 protocol ospf6 route-map foo * ip protocol bgp route-map foo The current state of the VyOS CLI is incomplete as there is no way to: * Install a filter for BGP IPv6 routes * Install a filter for static routes * Install a filter for connected routes Thus the CLI should be redesigned to close match what FRR does for both the default and any other VRF * set system ip protocol ospf route-map foo * set system ipv6 protocol ospfv3 route-map foo * set system ip protocol bgp route-map foo * set system ipv6 protocol bgp route-map foo The configuration can be migrated accordingly. This commit does not come with the migrator, it will be comitted later.
2023-04-13eigrp: T2472: remove pprint debug statementChristian Breunig
2023-04-13Merge pull request #1935 from indrajitr/pdns-round3Christian Breunig
dns: T5143: Apply constraint for domain name in DNS forwarding
2023-04-12xml: op-mode: T5081: introduce new FRR tagNode interface building blockChristian Breunig
2023-04-12xml: op-mode: T5081: re-use vtysh-generic-detail building blockChristian Breunig
2023-04-12xml: T5081: generate common holddown XML building block for IS-IS and OSPFChristian Breunig
2023-04-12Merge pull request #1904 from Cheeze-It/currentChristian Breunig
T5081: ISIS and OSPF syncronization with IGP-LDP sync
2023-04-11Merge pull request #1953 from sever-sever/T4727-currChristian Breunig
T4727: Change and fix RADIUS rate-limit option for pptp
2023-04-11T4727: Change and fix RADIUS rate-limit option for pptpViacheslav Hletenko
Initially the option 'rate-limit' was implemented with the wrong place in the CLI: set vpn pptp remote-access authentication rate-limit <xxx> Expected under 'radius' section: set vpn pptp remote-access authentication radius rate-limit <xxx> Configuration for 'rate-limit' (Jinja2 template) never worked for pptp, fix it.
2023-04-11Merge pull request #1950 from sever-sever/T5152Christian Breunig
T5152: Get default hostname for telegraf from FQDN or hostname
2023-04-11T5081: ISIS and OSPF syncronization with IGP-LDP syncCheeze_It
2023-04-11T5152: Get default hostname for telegraf from FQDN or hostnameViacheslav Hletenko
Fix for Telegraf agent hostname isn't qualified Try to get hostname from FQDN and then from hostname Used for metrics You may have more than one machine with different domain names r1 domain-name foo.local, hostname myhost r2 domain-name bar.local, hostname myhost It helps to detect from which exectly host we get metric for InfluxDB2
2023-04-10Merge pull request #1936 from indrajitr/ddclient-opmodeChristian Breunig
dns: T5144: Improve dns dynamic status output
2023-04-10Merge pull request #1947 from sever-sever/T5148Christian Breunig
T5148: Add smoketest for plugin openvpn-otp OpenVPN
2023-04-10Merge pull request #1949 from sever-sever/T5065Christian Breunig
T5065: Add verify for firewall port-group and port
2023-04-10Merge pull request #1948 from chenxiaolong/T5151Christian Breunig
hostapd: T5151: Override ConditionFileNotEmpty
2023-04-10T5065: Add verify for firewall port-group and portViacheslav Hletenko
We cannot use both 'port' and 'port-group' for the same direction in one rule at the same time Otherwise it generates wrong rules that don't block anything set P_pgrp { type inet_service flags interval auto-merge elements = { 101-105 } } chain NAME_foo { tcp dport 22 tcp dport @P_pgrp counter drop comment "foo-10" counter return comment "foo default-action accept" }
2023-04-10hostapd: T5151: Override ConditionFileNotEmptyAndrew Gunnerson
Debian's `debian/2%2.10-12` update of the hostap packaging added a ConditionFileNotEmpty directive for `/etc/hostapd/<...>` paths, which doesn't match the `/run/hostapd/<...>` paths that VyOS uses. This commit updates the override file to use the proper VyOS paths. https://salsa.debian.org/debian/wpa/-/commit/d204ceb5a2dc33db888eb55b5fee542a1005e69c Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
2023-04-10Merge pull request #1941 from sever-sever/T1237Viacheslav Hletenko
T1237: Failover route add checks for multiple targets
2023-04-10T5148: Add smoketest for plugin openvpn-otp OpenVPNViacheslav Hletenko
2023-04-10Merge pull request #1942 from sever-sever/T4770Daniil Baturin
T4770: Ability to get OpenVPN iface state and description for raw
2023-04-10Merge pull request #1946 from ichdasich/filtered_routesDaniil Baturin
T5078: Added filtered-routes BGP command
2023-04-10Merge pull request #1945 from sever-sever/T5148Daniil Baturin
T5148: Fix OpenVPN plugin dir variable
2023-04-10T5078: Added filtered-routes BGP commandTobias Fiebig
2023-04-10T5148: Fix OpenVPN plugin dir variableViacheslav Hletenko
Jinja2 template uses {{ plugin_dir }} that it gets from the interface-openvpn.py variable 'plugin_dir' but the correct var should be as part of 'openvpn' dictionary i.e. openvpn['plugin_dir']
2023-04-10T4770: Ability to get OpenVPN iface state and description for rawViacheslav Hletenko
2023-04-09Merge pull request #1944 from chenxiaolong/eapol_tls_1.0_regressionChristian Breunig
eapol: T5151: Allow TLSv1.0/1.1 for EAP-TLS
2023-04-09eapol: T5151: Allow TLSv1.0/1.1 for EAP-TLSAndrew Gunnerson
The Debian 12 upgrade in T5003 caused a regression for connecting to legacy networks that only support TLSv1.0/1.1 for EAP-TLS. Debian allows this by default in their wpa_supplicant package, but their `allow-tlsv1.patch` patch does not work properly with VyOS' newer wpa_supplicant package, which is based on the latest code in git. As a result, wpa_supplicant always respects the system-wide openssl crypto policy, disallowing TLSv1. The commit uses the documented way of allowing TLSv1, which takes precedence over the system crypto policy. Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
2023-04-07openvpn: T5149: do not raise error in case of disabled interfaceJohn Estabrook