summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-08T5798: load-balancing revese-proxy add multiple SSL certificatesViacheslav Hletenko
Add ability to configure multiple SSL certificates for frontend/service set load-balancing reverse-proxy service web mode http set load-balancing reverse-proxy service web port 443 set load-balancing reverse-proxy service web ssl certificate cert1 set load-balancing reverse-proxy service web ssl certificate cert2
2023-12-07Merge pull request #2551 from nicolas-fort/T5778Daniil Baturin
T5778: dhcp server: fix op-mode command
2023-12-07Merge pull request #2539 from nicolas-fort/T5775Daniil Baturin
T5775: firewall: re-add state-policy to firewall. These commands are …
2023-12-07Merge pull request #2580 from jestabro/copy-config-on-installJohn Estabrook
image-tools: T5758: restore saving previous data on install
2023-12-07image-tools: T5758: restore saving previous data on installJohn Estabrook
Restore scanning previous installations for config data and ssh host keys on install.
2023-12-07Merge pull request #2578 from sever-sever/nat64Viacheslav Hletenko
T160: add NAT64
2023-12-06T160: Rebase and fixes for NAT64Viacheslav Hletenko
- Update the base (rebase) - Move include/nat64-protocol.xml.i => include/nat64/protocol.xml.i - Delete unwanted `write_json`, use `write_file` instead - Remove unnecessary deleting of default values for tagNodes T2665 - Add smoketest Example: ``` set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth0 address '192.168.122.10/24' set interfaces ethernet eth2 address '2001:db8::1/64' set nat64 source rule 100 source prefix '64:ff9b::/96' set nat64 source rule 100 translation pool 10 address '192.168.122.10' set nat64 source rule 100 translation pool 10 port '1-65535' ```
2023-12-06nat64: T160: Implement Jool-based NAT64 translatorJoe Groocock
Signed-off-by: Joe Groocock <me@frebib.net>
2023-12-05Merge pull request #2574 from nicolas-fort/T5779Daniil Baturin
T5779: conntrack: Apply fixes to <set system conntrack timeout custom>
2023-12-05Merge pull request #2575 from aapostoliuk/T5688-fixesChristian Breunig
accel-ppp: T5688: Fixed migration script for pppoe-server
2023-12-05accel-ppp: T5688: Fixed migration script for pppoe-serveraapostoliuk
Fixed migration script for pppoe-server
2023-12-05T5779: conntrack: Apply fixes to <set system conntrack timeout custom>. ↵Nicolas Fort
Remove what was not working on 1.3, migrate what was working to new syntax and extend feature for ipv6.
2023-12-04Merge pull request #2501 from aapostoliuk/T5688-currentChristian Breunig
accel-ppp: T5688: Standardized pool configuration in accel-ppp
2023-12-04accel-ppp: T5688: Standardized pool configuration in accel-pppaapostoliuk
Standardized pool configuration for all accel-ppp services. 1. Only named pools are used now. 2. Allows all services to use range in x.x.x.x/mask and x.x.x.x-x.x.x.y format 3. next-pool can be used in all services 2. Allows to use in ipoe gw-ip-address without pool configuration which allows to use Fraimed-IP-Address attribute by radius. 3. Default pool name should be explicidly configured with default-pool. 4. In ipoe netmask and range subnet can be different.
2023-12-04Merge pull request #2569 from indrajitr/ddclient-update-20231203-04Christian Breunig
ddclient: T5791: Simplify and fix migration script for dynamic dns
2023-12-03ddclient: T5791: Simplify and fix migration script for dynamic dnsIndrajit Raychaudhuri
Mark 'dns dynamic name' as tag node to avoid unexpected nesting.
2023-12-03Merge pull request #2566 from c-po/t5769-vtiChristian Breunig
vti: T5769: restore interface settings on down -> up event
2023-12-03Merge pull request #2567 from indrajitr/ddclient-update-20231203Christian Breunig
ddclient: T5791: Update dynamic dns configuration path for consistency [followup]
2023-12-03ddclient: T5791: Fix file permission for migration scriptIndrajit Raychaudhuri
2023-12-02vti: T5769: restore interface settings on down -> up eventChristian Breunig
On VTI interface link down the link-local IPv6 address is removed. As soon as the IPSec tunnel is online again, vti-up-down helper is called which only places the interface in up state using iproute2 command sudo ip link set vti0 up This does not restore the IPv6 LL address. Instead use vyos.ifconfig to properly re-initialize the VTI interface using the generic update() method.
2023-12-02Merge pull request #2564 from fett0/T5796Christian Breunig
T5796:add/fixed OCSERV HTTP security headers
2023-12-02 T5796:add/fixed OCSERV HTTP security headersfett0
2023-12-02Merge pull request #2562 from indrajitr/avahi-cleanup-2Christian Breunig
mdns: T5793: Cleanup avahi-daemon configuration in `/etc` [followup]
2023-12-01mdns: T5793: Cleanup avahi-daemon configuration in `/etc`Indrajit Raychaudhuri
`/etc/avahi` technically can be deleted since we operate with avahi-daemon configuration in `/run/avahi-daemon`. But we still need to keep `/etc/avahi/services` because avahi-daemon `chroot` to that location at startup. This is setup at build time via `AVAHI_CONFIG_DIR` and there is no way to change it at runtime.
2023-12-01Merge pull request #2559 from indrajitr/avahi-cleanupChristian Breunig
mdns: T5793: Cleanup avahi-daemon configuration in `/etc`
2023-12-01mdns: T5793: Cleanup avahi-daemon configuration in `/etc`Indrajit Raychaudhuri
`/etc/avahi` can be deleted since we operate with avahi-daemon configuration in `/run/avahi-daemon`.
2023-12-01Merge pull request #2554 from indrajitr/ddclient-update-20231128Christian Breunig
ddclient: T5791: Update dynamic dns configuration path for consistency
2023-12-01Merge pull request #2547 from aapostoliuk/T4704-circinusChristian Breunig
policy: T4704: Allowed to set metric (MED) to (+/-)rtt
2023-11-30ddclient: T5791: Update smoketest for dynamic dns config path changeIndrajit Raychaudhuri
2023-11-30ddclient: T5791: Migration script for dynamic dns config path changeIndrajit Raychaudhuri
2023-11-30ddclient: T5791: Remove XML includes that aren't used anymoreIndrajit Raychaudhuri
As followup to interface definition change, remove XML snippets that aren't used anymore. They were there because they were 'include'-ed multiple times in the interface definition `dynamic-dns.xml.in`. Since that's not the case anymore, they can be removed.
2023-11-30ddclient: T5791: Update dynamic dns configuration pathIndrajit Raychaudhuri
Modify the configuration path to be consistent with the usual dialects of VyoS configuration (wireguard, dns, firewall, etc.) This would also shorten the configuration path and have a unified treatment for RFC2136-based updates and other 'web-service' based updates. While at it, add support for per-service web-options. This would allow for probing different external URLs on a per-service basis.
2023-11-30T5778: dhcp server: fix op-mode command <show dhcp server leases ...>.Nicolas Fort
2023-11-30policy: T4704: Allowed to set metric (MED) to (+/-)rttaapostoliuk
Allowed to set metric (MED) to (+/-)rtt in the route-map.
2023-11-29Merge pull request #2552 from jestabro/image-update-host-keysJohn Estabrook
image-tools: T5789: copy ssh host keys on image update
2023-11-29image-tools: T5789: copy ssh host keys on image updateJohn Estabrook
2023-11-28Merge pull request #2542 from jestabro/single-owner-https-configJohn Estabrook
http-api: T5782: use single config-mode script for https and http-api
2023-11-28Merge pull request #2550 from jestabro/non-interactive-add-delete-imageJohn Estabrook
image-tools: T5751: allow non-interactive add/delete image
2023-11-28T5575: Update migration scripts for state policy parsingNicolas Fort
2023-11-27image-tools: T5751: use revised image tools in configsessionJohn Estabrook
2023-11-27image-tools: T5751: restore arg raise_error for non-interactive useJohn Estabrook
2023-11-27image-tools: T5751: add arg no_prompt for non-interactive callsJohn Estabrook
2023-11-27image-tools: T5751: normalize args using hyphen instead of underscoreJohn Estabrook
2023-11-27T5778: dhcp server: patch op-mode command <show dhcp server leases>. If ↵Nicolas Fort
*pool* empty, this means that lease was granted by fail-over server. Also fix issue that <show dhcp server leases state all> print nothing.
2023-11-27Merge pull request #2546 from c-po/t5749-vrf-fixupChristian Breunig
vyos.utils: T5749: fix get_vrf_members() call to iproute2
2023-11-27vyos.utils: T5749: fix get_vrf_members() call to iproute2Christian Breunig
The iproute2 master argument is used for both a VRF and a bridge device. Using this in the VRF context would retrieve and report back the wrong interfaces: Old implementation: =================== >>> from vyos.utils.network import get_vrf_members >>> get_vrf_members('br1') ['eth1', 'eth2', 'vxlan1'] >>> get_vrf_members('black') ['br1.3002', 'br1.4000', 'pim6reg10200'] The new implementation: ======================= >>> from vyos.utils.network import get_vrf_members >>> get_vrf_members('br1') [] >>> get_vrf_members('black') ['br1.3002', 'br1.4000', 'pim6reg10200']
2023-11-27smoketest: T31: remove VRF failfast unittest aargumentChristian Breunig
2023-11-27Merge pull request #2544 from c-po/t5783-smoketestsChristian Breunig
smoketest: T5783: check for any abnormal daemon termination
2023-11-27Merge pull request #2543 from jestabro/check-in-dockerChristian Breunig
image-tools: T4516: exit grub-update service if running in docker
2023-11-26http-api: T5782: use single config-mode script for https and http-apiJohn Estabrook