summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-01-06T4877: Added more checks if "import vrf" is used in bgpaapostoliuk
1. Fixed: If rd and route-target are used in VRF, can not use "import vrf" in the same VRF in the same AFI/SAFI. 2. Fixed: If rd and route-target is used in VRF, this VRF can not be in the list of command "import vrf" in the same AFI/SAFI but in other VRFs. 3. Fixed: Do not allow to delete vrf if it is used in import list of other vrfs. 4. Added smoketests to check "import vrf" issues.
2022-12-12Merge pull request #1699 from jestabro/op-mode-openvpnJohn Estabrook
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode
2022-12-12openvpn: T4770: add openvpn.py to op-mode-standardized.jsonJohn Estabrook
2022-12-12openvpn: T4770: update op-mode definition openvpn.xml.in for show/resetJohn Estabrook
2022-12-12openvpn: T4770: add reset function to openvpn.pyJohn Estabrook
2022-12-12opmode: T4770: add CommitInProgess errorJohn Estabrook
2022-12-12openvpn: T4770: add openvpn.py with standardized show commandJohn Estabrook
2022-12-11Merge branch 't4792-sstpc' into currentChristian Poessinger
* t4792-sstpc: sstp: T4384: initial implementation of SSTP client CLI pppoe: T4384: remove unused import of leaf_node_changed pppoe: xml: T4792: split "no-peer-dns" CLI node into building block xml: ddns: T4792: split "server" CLI node into building block
2022-12-11sstp: T4384: initial implementation of SSTP client CLIChristian Poessinger
vyos@vyos# show interfaces sstpc sstpc sstpc10 { authentication { password vyos user vyos } server sstp.vyos.net ssl { ca-certificate VyOS-CA } }
2022-12-11pppoe: T4384: remove unused import of leaf_node_changedChristian Poessinger
2022-12-11pppoe: xml: T4792: split "no-peer-dns" CLI node into building blockChristian Poessinger
2022-12-11xml: ddns: T4792: split "server" CLI node into building blockChristian Poessinger
2022-12-11sstp: T4792: add sstp-client package dependencyChristian Poessinger
2022-12-10vyos.util: T4770: add precision arg, fix typo in bytes_to_humanJohn Estabrook
This is useful in general, but we will add in this context to replace the use of 'bytes2HR' in show_openvpn.py with util.bytes_to_human, while maintaining compatability with original precision=1.
2022-12-10Merge pull request #1703 from jestabro/bug-tunnel-ipJohn Estabrook
openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'
2022-12-09openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'John Estabrook
2022-12-09Merge pull request #1701 from sever-sever/T4865Christian Poessinger
T4865: Fix to generate container image from the file
2022-12-09T4865: Fix to generate container image from the fileViacheslav Hletenko
In case if we want generate own container image from a Dockerfile and if it requires update or install packages in container we get error. As it tries to use default network 'podman' and do own NAT translations via 'iptables'. If fact we don't use iptables in 1.4 As result it cannot build such image. Use '--net host' to fix it.
2022-12-09Merge pull request #1700 from sever-sever/T4868Christian Poessinger
T4868: Fix l2tp ppp IPv6 options in template and config get dict
2022-12-09T4868: Fix l2tp ppp IPv6 options in template and config get dictViacheslav Hletenko
L2TP 'ppp-options ipv6 x' can work without declaring IPv6 pool As we can get addresses via RADIUS attributes: - Framed-IPv6-Prefix - Delegated-IPv6-Prefix
2022-12-08Merge pull request #1698 from sever-sever/T4117Christian Poessinger
T4117: Fix for L2TP DAE CoA server configuration
2022-12-08T4117: Fix for L2TP DAE CoA server configurationViacheslav Hletenko
Fix l2tp dae server template and python config dict for correctlly handling Dynamic Authorization Extension server configuration
2022-12-08Merge pull request #1695 from aapostoliuk/T4862-sagittaChristian Poessinger
T4862: Added the generation config for webproxy domain-block
2022-12-08T4862: Added the generation config for webproxy domain-blockaapostoliuk
Added the generation in the config file /etc/squid/squid.conf for command: set service webroxy domain-block <domain>
2022-12-08Merge pull request #1696 from sever-sever/T4861Viacheslav Hletenko
T4861: Openconnect replace restart to reload-or-restart
2022-12-07T4861: Openconnect replace restart to reload-or-restartViacheslav Hletenko
Every change in openconnect restarts the ocserv.service Replace "restart" to "reload-or-restart" to avoid disconnect clients during change configs
2022-12-05Merge pull request #1693 from sever-sever/T4860Christian Poessinger
T4860: Verify if mode in openconnect ocserv dict
2022-12-05Merge pull request #1690 from fett0/T4854Christian Poessinger
T4854: Route reflector allows to apply route-maps
2022-12-05Merge pull request #1692 from sever-sever/T4848Christian Poessinger
T4848: Fix for default route vpn openconnect
2022-12-05Merge pull request #1686 from sever-sever/T4804Christian Poessinger
T4804: Add check for PPPoE server and use defaults values
2022-12-04T4860: Verify if mode in openconnect ocserv dictViacheslav Hletenko
openconnect authentication mode must be set check dict that 'mode' exists in openconnect authentication
2022-12-04T4804: Fix check for PPPoE server local-usersViacheslav Hletenko
We check if local_users is None Check also and empty dict {'access_concentrator': 'vyos-ac', 'authentication': {'local_users': {},
2022-12-04T4848: Fix for default route vpn openconnectViacheslav Hletenko
ocserv template expects list of routes but gets str "default" it cause wrong routes like: route = d route = e route = f route = a route = u route = l route = t Fix it
2022-12-03Merge pull request #1691 from sarthurdev/T478Christian Poessinger
firewall: T478: Fix firewall group circular dependency check
2022-12-03firewall: T478: Fix firewall group circular dependency checksarthurdev
2022-12-02 T4854: route reflector allows to apply route-mapsfett0
2022-12-02Merge pull request #1688 from fett0/T4858Christian Poessinger
T4858: Fix l3vpn Route Distinguisher validator
2022-12-02Merge pull request #1685 from sever-sever/T4805Christian Poessinger
T4805: Restart pppoe-server if client pool was changed
2022-12-02Merge pull request #1687 from sever-sever/T4825Christian Poessinger
T4825: Verify if you are trying to add a new vethX to exists pair
2022-12-02Merge pull request #1689 from jestabro/config-script-dependencyJohn Estabrook
http-api: T4859: correct calling of script dependencies from http-api.py
2022-12-02 T4858: Fix l3vpn Route Distinguisher validatorfett0
2022-12-02http-api: T4859: correct calling of script dependencies from http-api.pyJohn Estabrook
2022-12-02T4825: Verify if you are trying to add a new vethX to exists pairViacheslav Hletenko
Verify if you are trying to add a new vethX to exists pair: set int virtual-ethernet veth0 peer-name 'veth1' set int virtual-ethernet veth1 peer-name 'veth0' set int virtual-ethernet veth12 peer-name 'veth0' Verify veth-name and peer-name cannot be the same: set interfaces virtual-ethernet veth0 peer-name veth0
2022-12-02T4805: Restart pppoe-server if client pool was changedViacheslav Hletenko
Some changes for 'service pppoe-server' require 'restart' the accel-ppp@pppoe.service But we use option 'reload-or-restart' that doesn't work correctly with 'accel-ppp' Restart pppoe-server if client pool was changed
2022-12-02op-mode: T4767: drop sudo callsChristian Poessinger
It's easier and more obvious if the script is called with sudo itself and not spawning a sudo sessionf or each individual command.
2022-12-02Merge pull request #1646 from mkorobeinikov/4767pyChristian Poessinger
T4767: Rewrite generate ipsec archive to python
2022-12-01ci: T4748: add hyphen and underscore for subject nameJohn Estabrook
2022-12-01Merge pull request #1684 from jestabro/config-script-dependencyChristian Poessinger
pki: T4847: correct calling of config mode script dependencies from pki.py
2022-11-30pki: T4847: add test of eapol to ensure interface updateJohn Estabrook
2022-11-30pki: T4847: set and call dependent scriptsJohn Estabrook