summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-10-07pki: T6481: auto import ACME certificate chain into CLImergify/bp/circinus/pr-4118Christian Breunig
When using an ACME based certificate with VyOS we provide the necessary PEM files opaque in the background when using the internal tools. This however will not properly work with the CA chain portion, as the system is based on the "pki certificate <name> acme" CLI node of a certificate but CA chains reside under "pki ca". This adds support for importing the PEM data of a CA chain issued via ACME into the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by other daemons. Importing the chain only happens, when the chain was not already added manually by the user. ACME certificate chains that are automatically added to the CLI are all prefixed using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds a safeguard when the intermediate CA changes, the referenced name on the CLI stays consitent for any pending daemon updates. (cherry picked from commit 875764b07f937fc599e2e62c667e7b811ddc2ed3)
2024-10-04Merge pull request #4127 from vyos/mergify/bp/circinus/pr-4126Christian Breunig
T6763: Delete Jenkins file (backport #4126)
2024-10-04T6763: Delete Jenkins filemergify/bp/circinus/pr-4126Viacheslav Hletenko
(cherry picked from commit a3b79255fae48dea35b6fd240c6671e226382cfe)
2024-09-30Merge pull request #4113 from vyos/mergify/bp/circinus/pr-4024Christian Breunig
T6687: add fqdn support to nat rules. (backport #4024)
2024-09-30T6687: add fqdn support to nat rules.mergify/bp/circinus/pr-4024Nicolas Fort
(cherry picked from commit 4c3d037f036e84c77333a400b35bb1a628a1a118)
2024-09-30Merge pull request #4117 from vyos/mergify/bp/circinus/pr-4112Daniil Baturin
policy: T6751: add missing completion helpers for community-list (backport #4112)
2024-09-30Merge pull request #4115 from vyos/mergify/bp/circinus/pr-4061Daniil Baturin
syslog: T5367: add format option to include timezone in message (backport #4061)
2024-09-30Merge pull request #4103 from vyos/mergify/bp/circinus/pr-4002Daniil Baturin
dhclient: T6667: Added workaround for communication with FRR (backport #4002)
2024-09-30policy: T6751: add missing completion helpers for community-listmergify/bp/circinus/pr-4112Christian Breunig
Add all missing, well-known values for the community-list regex. (cherry picked from commit 3e94e5e318b852dfca36e64d078728d4f5d5304c)
2024-09-30syslog: T5367: add format option to include timezone in messagemergify/bp/circinus/pr-4061Christian Breunig
Add CLI option to include the systems timezone in the syslog message sent to a collector. This can be enabled using: set system syslog host <hostname> format include-timezone (cherry picked from commit 042be39ccabb43a766e04a447207610ff017bd7d)
2024-09-26dhclient: T6667: Added workaround for communication with FRRmergify/bp/circinus/pr-4002zsdc
To increase the chance for dhclient to configure routes in FRR, added a workaround. Now 10 attempts are performed with 1 second delay and only after this dhclient gives up. (cherry picked from commit da64a7246e9b12d5bd84287517cfbfa59e364c28)
2024-09-26Merge pull request #4095 from vyos/mergify/bp/circinus/pr-4086Daniil Baturin
bridge: T6675: VXLAN Interface configuration lost due to improper bridge detachment (backport #4086)
2024-09-25Merge pull request #4097 from vyos/mergify/bp/circinus/pr-4079Daniil Baturin
syslog: T6719: fix the behavior of "syslog global preserve-fqdn" (backport #4079)
2024-09-24syslog: T6719: fix the behavior of "syslog global preserve-fqdn"mergify/bp/circinus/pr-4079Nicolas Vollmar
(cherry picked from commit c196c6d9207ef112e478f44923b2d0bc8a15b3c9)
2024-09-24bridge: T6675: VXLAN Interface configuration lost due to improper bridge ↵mergify/bp/circinus/pr-4086Nataliia Solomko
detachment (cherry picked from commit 7dbd07657c914d5a46eed101ae44d73ba3b4c6f0)
2024-09-22Merge pull request #4093 from vyos/mergify/bp/circinus/pr-4091Christian Breunig
lldp: T6727: add missing input validation for interface names (backport #4091)
2024-09-21lldp: T6727: add missing input validation for interface namesmergify/bp/circinus/pr-4091Christian Breunig
There is no input CLI validation on the interface name passed to the LLDP service. (cherry picked from commit 82ba669c2632ae554528b13efd6489ced3e39964)
2024-09-20Merge pull request #4088 from vyos/mergify/bp/circinus/pr-4087Christian Breunig
wireless: T6709: fix missing wpa_supplicant configuration (backport #4087)
2024-09-19wireless: T6709: fix missing wpa_supplicant configurationmergify/bp/circinus/pr-4087Christian Breunig
Commit 0ee8d5e35 ("ethernet: T6709: move EAPoL support to common framework") added support to also have EAPoL on other interface types then ethernet. This introduced a regression where the wireless interface wpa_supplicant configuration would get deleted. (cherry picked from commit 58dfd957fd8ec24caeca73105f7823148ef8c8bf)
2024-09-19Merge pull request #4085 from vyos/mergify/bp/circinus/pr-3711Daniil Baturin
T6496: Added support for WPA-Enterprise client-mode (backport #3711)
2024-09-19wireless: T6496: use mac-address validator on BSSID and move it up one CLI levelmergify/bp/circinus/pr-3711Christian Breunig
(cherry picked from commit 0c9499c5b3f7cc053c1f29ecf28d679c1a3156e2)
2024-09-19wireless: T6496: use ascii regex for WPA passphrase constraintChristian Breunig
(cherry picked from commit 5a6ac65fe0684fc5298de3daa8582294ac387b46)
2024-09-19wireless: T6496: support for EAP-MSCHAPv2 client over wifiChristopher
fix: attempt to fix indentation on `wpa_supplicant.conf.j2` fix: attempt to fix indentation on `wpa_supplicant.conf.j2` fix: incorrect bssid mapping fix: use the correct jinja templating (I think) fix: “remote blank space fix: attempt to fix the formatting in j2 fix: attempt to fix the formatting in j2 feat: rename enterprise username and password + add checks in conf mode. fix: move around `bssid` config option on `wpa_supplicant.conf.j2` and fix the security config part fix: fix indentation on `wpa_supplicant.conf.j2` (cherry picked from commit fc4263021acb72d2d8afb165922d9cb7e11b2bf1)
2024-09-18Merge pull request #4082 from vyos/mergify/bp/circinus/pr-3823Daniil Baturin
OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers (backport #3823)
2024-09-18Merge pull request #4081 from vyos/mergify/bp/circinus/pr-3930Daniil Baturin
T6486: use data-ciphers instead of ncp-ciphers in "run generate openvpn client-config" (backport #3930)
2024-09-18OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphersmergify/bp/circinus/pr-3823srividya0208
(cherry picked from commit b62b2f5f8a9c4f0a7dc26bce1f15843651119256)
2024-09-18T6486: generate OpenVPN use data-ciphers instead of ncp-ciphers (#3930)mergify/bp/circinus/pr-3930Viacheslav Hletenko
In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers were replaced with `data-ciphers` fix template for "generate openvpn client-config" (cherry picked from commit ffbc04c591b534188cb08bf3991fadac4aa386a8)
2024-09-18Merge pull request #4080 from vyos/mergify/bp/circinus/pr-3753Christian Breunig
T6539: add logging options to load-balancer reverse-proxy (backport #3753)
2024-09-18T6539: add logging options to load-balancer reverse-proxymergify/bp/circinus/pr-3753Jonathan Voss
(cherry picked from commit dd5908eac390294ea178953fc0e6821d803d62f6)
2024-09-18T6716: don't automatically set ethernet offload (#4078)mergify[bot]
Remove the lines of code that checked if the kernel had offloading enabled and was then forcing the config to set it to "on." The behavior now mirrors the config and offloading will only be enabled if the config is explicitly set to enabled. Note: the code is still present to disable the offloading, in the config, if the kernel doesn't support it. Note(2): Allow the previous behavior where the offload settings get set, based on the Kernel, if the boot is a live boot. (cherry picked from commit b6c2a7476bbd20bebc3e901cc55c17965ebfc423) Co-authored-by: Dave Vogel <dvogel@greylogic.com>
2024-09-17bond: T6709: add EAPoL support (backport #4069) (#4076)mergify[bot]
* ethernet: T6709: move EAPoL support to common framework Instead of having EAPoL (Extensible Authentication Protocol over Local Area Network) support only available for ethernet interfaces, move this to common ground at vyos.ifconfig.interface making it available for all sorts of interfaces by simply including the XML portion #include <include/interface/eapol.xml.i> (cherry picked from commit 0ee8d5e35044e7480dac6a23e92d43744b8c5d36) * bond: T6709: add EAPoL support (cherry picked from commit 8eeb1bdcdfc104ffa77531f270a38cda2aee7f82) --------- Co-authored-by: Christian Breunig <christian@breunig.cc>
2024-09-16Merge pull request #4075 from vyos/mergify/bp/circinus/pr-4071Daniil Baturin
op-mode: T6715: manually changing time/date is not synced into hardware clock (backport #4071)
2024-09-16op-mode: T6715: manually changing time/date is not synced into hardware clockmergify/bp/circinus/pr-4071Christian Breunig
When not using NTP and adjusting the current system time/date using set date the time is not saved across a reboot into the hardware RTC. This commit explicitly syncs the current time after a change into the systems RTC. Most routers do not run without NTP (which is even a VyOS default) so the priority is pretty low. (cherry picked from commit 835126e249c1a8b7ae87ac169a8eb9d2df979249)
2024-09-16Merge pull request #4072 from vyos/mergify/bp/circinus/pr-4057Christian Breunig
op-mode: T6682: Fix for show vpn ike sa peer that always shows all SAs (backport #4057)
2024-09-15op-mode: T6682: Fix for show vpn ike sa peer always shows all SAsmergify/bp/circinus/pr-4057Nataliia Solomko
(cherry picked from commit 8c6a57124af37ba410dd01797e9242b3a79f171a)
2024-09-15Merge pull request #4058 from vyos/mergify/bp/circinus/pr-4046Christian Breunig
T6703: Adds option to configure AMD pstate driver (backport #4046)
2024-09-14Merge pull request #4068 from vyos/mergify/bp/circinus/pr-4067Vijayakumar A
T6674: Actions fix variable for trigger build reuse repo (backport #4067)
2024-09-14T6674: Actions fix variable for trigger build reuse repo (#4067)mergify/bp/circinus/pr-4067Viacheslav Hletenko
(cherry picked from commit 5df36ba0e3c95efb2962ed54e614552f7425e173)
2024-09-13Merge pull request #4056 from vyos/mergify/bp/circinus/pr-4054Daniil Baturin
T6711: Fix restart vrrp missed comma between services (backport #4054)
2024-09-13Merge pull request #4059 from vyos/mergify/bp/circinus/pr-4047Daniil Baturin
policy: T6676: Invalid route-map caused bgpd to crash (backport #4047)
2024-09-12policy: T6676: Invalid route-map caused bgpd to crashmergify/bp/circinus/pr-4047Nataliia Solomko
(cherry picked from commit 595f35bbdda732883ce0b8b0721061bb3a40a715)
2024-09-12T6703: shorten help descriptionmergify/bp/circinus/pr-4046Nicolas Vollmar
(cherry picked from commit 9fcf711e669f00df8313887a801130f4bb3826df)
2024-09-12T6703: fix unrelated lint issuesNicolas Vollmar
(cherry picked from commit f00d43381516326061db5287d841ad52e79d6271)
2024-09-12T6703: Adds option to configure AMD pstate driverNicolas Vollmar
(cherry picked from commit 333672bee041f0f2b8e1b698a8eb2108694ad812)
2024-09-12Merge pull request #4050 from jestabro/revise-migration-circinusDaniil Baturin
T6007: revise migration system
2024-09-12T6711: Fix restart vrrp missed comma between servicesmergify/bp/circinus/pr-4054Viacheslav Hletenko
Missing comma in the list between services 'ssh', 'suricata' 'vrrp', 'webproxy' Fix it (cherry picked from commit a3ddd2cb8994deefd378951806b5dc35067d06a7)
2024-09-12Merge pull request #4053 from vyos/mergify/bp/circinus/pr-4032Daniil Baturin
T6701: Added ability to disable the container DNS plugin (backport #4032)
2024-09-12container: T6701: add support to disable container network DNS supportmergify/bp/circinus/pr-4032Dave Vogel
Add ability to set the container network with a disable-dns setting to disable the DNS plugin that is on be default. set container network <network> no-name-server (cherry picked from commit 1d5625d572cc25a9d53247b7c41177f17845b052)
2024-09-12wireless: T6318: add quotes for console speed in config-tests (#4051)mergify[bot]
(cherry picked from commit 23fc0a7a4dee19d71a3ac055c0391a4bbbffee4d) Co-authored-by: Christian Breunig <christian@breunig.cc>
2024-09-11migration: T6007: add missing check for None in utility functionJohn Estabrook
An empty component version string will trigger a full migration, however, the case of component_version is None was missed in a utility function. Fix comment formatting. (cherry picked from commit bd42f131ea2ceec2c591303ea69b7d3a36e41a7c)