Age | Commit message (Collapse) | Author |
|
After the RESTRICTED view was introduced snmpd requires a network to be
specified. Before adding the RESTRICTED view snmpd always assumed the default
network 0.0.0.0/0.
This commit re-adds the build in default networks for IPv4 and IPv6 and
exposes it as a proper default to the CLI so the user is informed about it:
vyos@vyos# set service snmp community foooo
Possible completions:
authorization Authorization type (default: ro)
+ client IP address of SNMP client allowed to contact system
+ network Subnet of SNMP client(s) allowed to contact system (default:
0.0.0.0/0, ::/0)
|
|
|
|
ntp: T4980: change chrony deny all logic
|
|
|
|
|
|
The old interface-name validator was replaced by a faster implementation in
OCaml. Interface validator can be selected by including the appropriate
code snippet.
|
|
|
|
T2408: dhcp-relay: Add listen-interface and upstream-interface feature
|
|
When shaper is bound to a dialup (e.g. PPPoE) interface it is possible, that
it is yet not availbale when to QoS code runs. Skip the configuration and
inform the user.
|
|
|
|
|
|
|
|
|
|
Extend commit 8a75e92d ("T4817 added support for RFC 9234") to also support
peer-groups.
|
|
|
|
This improves commit d2885ad0 ("T4969: fix class match mark number").
|
|
T4969: fix class match mark number
|
|
bgp: T4817: add support for RFC9234
|
|
This reverts commit 3a6e77d479da4321b851163490a9b79ef2cef7b8.
A general solution is implemented in Commit 29a44a73 ("T4975: always sync()
filesystem after commit").
|
|
|
|
|
|
|
|
login: T4975: Fixed broken CLI commands
|
|
User profile files are not saved to disk after configuration is fully applied.
Because of this, after a fast system reset, profile files can be empty, and CLI
is broken.
This fix adds a `sync()` call after the user's configuration, which should
protect from data loss and fix the problem with profiles.
|
|
|
|
T4964: Fix template bgpd.frr.j2 for l2vpn vni route-targets
|
|
Route-target export/import for l2vpn-evpn vni xxx works as
leafNode with multiple values
We have to use "for" for such values
|
|
T4916: Rewrite IPsec peer authentication and psk migration
|
|
Some older VyOS 1.3 installations seem to use zero-length description fields.
Do not break them!
|
|
|
|
T4958: ocserv: openconnect: Add RADIUS accounting support
|
|
configtree: T4961: improve error reporting of function copy
|
|
Removes port key from accounting server merged config dictionary.
|
|
|
|
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
|
|
|
|
openconnect: T4955: Removed wrong authserver in radiusclient.conf
|
|
sysctl: T4928: remove outdated conntrack_helper
|
|
This sysctl has been removed from kernel 6.0.X onwards but its removal was skipped when upgrading the kernel.
See: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/netfilter?id=b118509076b39cc5e616c0680312b5caaca535fe
|
|
vyos.ethtool: T4963: improve driver name detection
|
|
The previous solution did not work for drivers that were no modules.
e.g compiled with a kernel config set to CONFIG_VIRTIO_NET=y
|
|
|
|
|
|
config.copy does not recursively create nodes of the path. On install
image, the path ['service'] is not present in config.boot.default, so
must be created before config.copy['service', 'ntp'].
|
|
After merging config dictionary with default values, radius port
the default value was merged not in a proper way.
It is added as a server.
After creating radiusclient.conf added and the illegal authserver
equal 'port'.
|
|
Rewrite strongswan IPsec authentication to reflect structure
from swanctl.conf
The most important change is that more than one local/remote ID in the
same auth entry should be allowed
replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx'
=> 'ipsec authentication psk <tag> secret xxx'
set vpn ipsec authentication psk <tag> id '192.0.2.1'
set vpn ipsec authentication psk <tag> id '192.0.2.2'
set vpn ipsec authentication psk <tag> secret 'xxx'
set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1'
set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2'
Add template filter for Jinja2 'generate_uuid4'
|
|
T4956: fix 'show hardware cpu' issue on arm64
|
|
|
|
|
|
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/cpu.py", line 76, in <module>
res = vyos.opmode.run(sys.modules[__name__])
File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 200, in run
res = func(**args)
File "/usr/libexec/vyos/op_mode/cpu.py", line 58, in show
cpu_data = _get_raw_data()
File "/usr/libexec/vyos/op_mode/cpu.py", line 40, in _get_raw_data
return vyos.cpu.get_cpus()
File "/usr/lib/python3/dist-packages/vyos/cpu.py", line 83, in get_cpus
cpus_dict = _find_physical_cpus()
File "/usr/lib/python3/dist-packages/vyos/cpu.py", line 76, in _find_physical_cpus
phys_cpus[num] = cpu[num]
NameError: name 'cpu' is not defined
Co-authored By: MartB <contact@martb.dev>
|