summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-02-10snmp: T4857: explicitly define default community networks 0.0.0.0/0 and ::/0Christian Breunig
After the RESTRICTED view was introduced snmpd requires a network to be specified. Before adding the RESTRICTED view snmpd always assumed the default network 0.0.0.0/0. This commit re-adds the build in default networks for IPv4 and IPv6 and exposes it as a proper default to the CLI so the user is informed about it: vyos@vyos# set service snmp community foooo Possible completions: authorization Authorization type (default: ro) + client IP address of SNMP client allowed to contact system + network Subnet of SNMP client(s) allowed to contact system (default: 0.0.0.0/0, ::/0)
2023-02-08T4857: Fix error when not defining client|network under communityNicolas Fort
2023-02-06Merge pull request #1802 from kylem0/T4980Christian Breunig
ntp: T4980: change chrony deny all logic
2023-02-06ntp: T4980: change chrony deny all logicKyle Mitchell
2023-02-06graphql: T4979: add query show_user_infoJohn Estabrook
2023-02-04dhcp-relay: xml: T2408: fix CLI constraintsChristian Breunig
The old interface-name validator was replaced by a faster implementation in OCaml. Interface validator can be selected by including the appropriate code snippet.
2023-02-04dhcp-relay: T2408: use Warning() on deprecated interface CLI nodeChristian Breunig
2023-02-04Merge pull request #1603 from nicolas-fort/T2408Christian Breunig
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
2023-02-04qos: T4284: add safeguard for non existing interfacesChristian Breunig
When shaper is bound to a dialup (e.g. PPPoE) interface it is possible, that it is yet not availbale when to QoS code runs. Skip the configuration and inform the user.
2023-02-04qos: xml: T4284: policy-name is alpha-numeric onlyChristian Breunig
2023-02-04qos: xml: T4284: bandwidh unit suffix is optionalChristian Breunig
2023-02-04bgp: T4817: extend smoketest to cover for local-role featureChristian Breunig
2023-02-04bgp: T4817: improve help and constraint error messagesChristian Breunig
2023-02-04bgp: T4817: add local-role (RFC9234) support for peer-groupsChristian Breunig
Extend commit 8a75e92d ("T4817 added support for RFC 9234") to also support peer-groups.
2023-02-04GitHub: update assign author action to version 1.6.2Christian Breunig
2023-02-04qos: T4969: update "match mark" value rangeChristian Breunig
This improves commit d2885ad0 ("T4969: fix class match mark number").
2023-02-04Merge pull request #1792 from DaniilHarun/currentChristian Breunig
T4969: fix class match mark number
2023-02-04Merge pull request #1797 from ServerForge/currentChristian Breunig
bgp: T4817: add support for RFC9234
2023-02-04Revert "login: T4975: Fixed broken CLI commands"Christian Breunig
This reverts commit 3a6e77d479da4321b851163490a9b79ef2cef7b8. A general solution is implemented in Commit 29a44a73 ("T4975: always sync() filesystem after commit").
2023-02-04T4975: always sync() filesystem after commitChristian Breunig
2023-02-04T4817, Corrected formatting.Kyle McClammy
2023-02-04T4817 added support for RFC 9234Kyle McClammy
2023-02-03Merge pull request #1795 from zdc/T4975-sagittaDaniil Baturin
login: T4975: Fixed broken CLI commands
2023-02-02login: T4975: Fixed broken CLI commandszsdc
User profile files are not saved to disk after configuration is fully applied. Because of this, after a fast system reset, profile files can be empty, and CLI is broken. This fix adds a `sync()` call after the user's configuration, which should protect from data loss and fix the problem with profiles.
2023-01-31T4969: fix class match mark numberDaniilHarun
2023-01-30Merge pull request #1791 from sever-sever/T4964Christian Breunig
T4964: Fix template bgpd.frr.j2 for l2vpn vni route-targets
2023-01-30T4964: Fix template bgpd.frr.j2 for l2vpn vni route-targetsViacheslav Hletenko
Route-target export/import for l2vpn-evpn vni xxx works as leafNode with multiple values We have to use "for" for such values
2023-01-30Merge pull request #1761 from sever-sever/T4916-currViacheslav Hletenko
T4916: Rewrite IPsec peer authentication and psk migration
2023-01-29xml: T1579: allow zero length for descriptionChristian Breunig
Some older VyOS 1.3 installations seem to use zero-length description fields. Do not break them!
2023-01-28vrrp: T1297: improve gratuitous ARP default value handling and help stringsChristian Breunig
2023-01-28Merge pull request #1787 from PeppyH/T4958-openconnect-radius-accountingChristian Breunig
T4958: ocserv: openconnect: Add RADIUS accounting support
2023-01-28Merge pull request #1789 from jestabro/insert_errorChristian Breunig
configtree: T4961: improve error reporting of function copy
2023-01-28openconnect: T4955: Removed wrong acctserver in radiusclient.confJamie Austin
Removes port key from accounting server merged config dictionary.
2023-01-28T4958: ocserv: openconnect: refactor RADIUS accounting supportJamie Austin
2023-01-28T4958: ocserv: openconnect: adds support for configuring RADIUS accountingJamie Austin
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
2023-01-27configtree: T4961: improve error reporting of copyJohn Estabrook
2023-01-27Merge pull request #1785 from aapostoliuk/T4955-sagittaChristian Breunig
openconnect: T4955: Removed wrong authserver in radiusclient.conf
2023-01-27Merge pull request #1788 from MartB/patch-1Christian Breunig
sysctl: T4928: remove outdated conntrack_helper
2023-01-27sysctl: T4928: remove outdated conntrack_helperMartin Böh
This sysctl has been removed from kernel 6.0.X onwards but its removal was skipped when upgrading the kernel. See: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/netfilter?id=b118509076b39cc5e616c0680312b5caaca535fe
2023-01-27Merge pull request #1786 from MartB/patch-1Christian Breunig
vyos.ethtool: T4963: improve driver name detection
2023-01-27vyos.ethtool: T4963: improve driver name detectionMartin Böh
The previous solution did not work for drivers that were no modules. e.g compiled with a kernel config set to CONFIG_VIRTIO_NET=y
2023-01-26config-mgmt: T4962: add missing flag re.MULTILINEJohn Estabrook
2023-01-26config-mgmt: T4962: fix typo in regexJohn Estabrook
2023-01-26ntp: T4961: create path ['service'] if it doesn't existJohn Estabrook
config.copy does not recursively create nodes of the path. On install image, the path ['service'] is not present in config.boot.default, so must be created before config.copy['service', 'ntp'].
2023-01-26openconnect: T4955: Removed wrong authserver in radiusclient.confaapostoliuk
After merging config dictionary with default values, radius port the default value was merged not in a proper way. It is added as a server. After creating radiusclient.conf added and the illegal authserver equal 'port'.
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2023-01-26Merge pull request #1782 from MartB/arm64-cpuViacheslav Hletenko
T4956: fix 'show hardware cpu' issue on arm64
2023-01-25config-mgmt: T4957: upload to archive only for location effective_valuesJohn Estabrook
2023-01-25config-mgmt: T4957: set priorityJohn Estabrook
2023-01-26T4956: fix 'show hardware cpu' issue on arm64Mathew McBride
Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/cpu.py", line 76, in <module> res = vyos.opmode.run(sys.modules[__name__]) File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 200, in run res = func(**args) File "/usr/libexec/vyos/op_mode/cpu.py", line 58, in show cpu_data = _get_raw_data() File "/usr/libexec/vyos/op_mode/cpu.py", line 40, in _get_raw_data return vyos.cpu.get_cpus() File "/usr/lib/python3/dist-packages/vyos/cpu.py", line 83, in get_cpus cpus_dict = _find_physical_cpus() File "/usr/lib/python3/dist-packages/vyos/cpu.py", line 76, in _find_physical_cpus phys_cpus[num] = cpu[num] NameError: name 'cpu' is not defined Co-authored By: MartB <contact@martb.dev>