Age | Commit message (Collapse) | Author |
|
When using an ACME based certificate with VyOS we provide the necessary PEM
files opaque in the background when using the internal tools. This however will
not properly work with the CA chain portion, as the system is based on the
"pki certificate <name> acme" CLI node of a certificate but CA chains reside
under "pki ca".
This adds support for importing the PEM data of a CA chain issued via ACME into
the "pki ca AUTOCHAIN_<name> certificate" subsystem so it can be queried by
other daemons. Importing the chain only happens, when the chain was not already
added manually by the user.
ACME certificate chains that are automatically added to the CLI are all prefixed
using AUTOCHAIN_certname so they can be consumed by any daemon. This also adds
a safeguard when the intermediate CA changes, the referenced name on the CLI
stays consitent for any pending daemon updates.
(cherry picked from commit 875764b07f937fc599e2e62c667e7b811ddc2ed3)
|
|
T6763: Delete Jenkins file (backport #4126)
|
|
(cherry picked from commit a3b79255fae48dea35b6fd240c6671e226382cfe)
|
|
T6687: add fqdn support to nat rules. (backport #4024)
|
|
(cherry picked from commit 4c3d037f036e84c77333a400b35bb1a628a1a118)
|
|
policy: T6751: add missing completion helpers for community-list (backport #4112)
|
|
syslog: T5367: add format option to include timezone in message (backport #4061)
|
|
dhclient: T6667: Added workaround for communication with FRR (backport #4002)
|
|
Add all missing, well-known values for the community-list regex.
(cherry picked from commit 3e94e5e318b852dfca36e64d078728d4f5d5304c)
|
|
Add CLI option to include the systems timezone in the syslog message sent to
a collector. This can be enabled using:
set system syslog host <hostname> format include-timezone
(cherry picked from commit 042be39ccabb43a766e04a447207610ff017bd7d)
|
|
To increase the chance for dhclient to configure routes in FRR, added a
workaround. Now 10 attempts are performed with 1 second delay and only after
this dhclient gives up.
(cherry picked from commit da64a7246e9b12d5bd84287517cfbfa59e364c28)
|
|
bridge: T6675: VXLAN Interface configuration lost due to improper bridge detachment (backport #4086)
|
|
syslog: T6719: fix the behavior of "syslog global preserve-fqdn" (backport #4079)
|
|
(cherry picked from commit c196c6d9207ef112e478f44923b2d0bc8a15b3c9)
|
|
detachment
(cherry picked from commit 7dbd07657c914d5a46eed101ae44d73ba3b4c6f0)
|
|
lldp: T6727: add missing input validation for interface names (backport #4091)
|
|
There is no input CLI validation on the interface name passed to the LLDP
service.
(cherry picked from commit 82ba669c2632ae554528b13efd6489ced3e39964)
|
|
wireless: T6709: fix missing wpa_supplicant configuration (backport #4087)
|
|
Commit 0ee8d5e35 ("ethernet: T6709: move EAPoL support to common framework")
added support to also have EAPoL on other interface types then ethernet. This
introduced a regression where the wireless interface wpa_supplicant configuration
would get deleted.
(cherry picked from commit 58dfd957fd8ec24caeca73105f7823148ef8c8bf)
|
|
T6496: Added support for WPA-Enterprise client-mode (backport #3711)
|
|
(cherry picked from commit 0c9499c5b3f7cc053c1f29ecf28d679c1a3156e2)
|
|
(cherry picked from commit 5a6ac65fe0684fc5298de3daa8582294ac387b46)
|
|
fix: attempt to fix indentation on `wpa_supplicant.conf.j2`
fix: attempt to fix indentation on `wpa_supplicant.conf.j2`
fix: incorrect bssid mapping
fix: use the correct jinja templating (I think)
fix: “remote blank space
fix: attempt to fix the formatting in j2
fix: attempt to fix the formatting in j2
feat: rename enterprise username and password + add checks in conf mode.
fix: move around `bssid` config option on `wpa_supplicant.conf.j2` and fix the security config part
fix: fix indentation on `wpa_supplicant.conf.j2`
(cherry picked from commit fc4263021acb72d2d8afb165922d9cb7e11b2bf1)
|
|
OpenVPN CLI-option: T6571: rename ncp-ciphers with data-ciphers (backport #3823)
|
|
T6486: use data-ciphers instead of ncp-ciphers in "run generate openvpn client-config" (backport #3930)
|
|
(cherry picked from commit b62b2f5f8a9c4f0a7dc26bce1f15843651119256)
|
|
In the PR https://github.com/vyos/vyos-1x/pull/3823 the ncp-ciphers
were replaced with `data-ciphers`
fix template for "generate openvpn client-config"
(cherry picked from commit ffbc04c591b534188cb08bf3991fadac4aa386a8)
|
|
T6539: add logging options to load-balancer reverse-proxy (backport #3753)
|
|
(cherry picked from commit dd5908eac390294ea178953fc0e6821d803d62f6)
|
|
Remove the lines of code that checked if the kernel had offloading
enabled and was then forcing the config to set it to "on." The
behavior now mirrors the config and offloading will only be enabled
if the config is explicitly set to enabled.
Note: the code is still present to disable the offloading, in the
config, if the kernel doesn't support it.
Note(2): Allow the previous behavior where the offload settings get set,
based on the Kernel, if the boot is a live boot.
(cherry picked from commit b6c2a7476bbd20bebc3e901cc55c17965ebfc423)
Co-authored-by: Dave Vogel <dvogel@greylogic.com>
|
|
* ethernet: T6709: move EAPoL support to common framework
Instead of having EAPoL (Extensible Authentication Protocol over Local Area
Network) support only available for ethernet interfaces, move this to common
ground at vyos.ifconfig.interface making it available for all sorts of
interfaces by simply including the XML portion
#include <include/interface/eapol.xml.i>
(cherry picked from commit 0ee8d5e35044e7480dac6a23e92d43744b8c5d36)
* bond: T6709: add EAPoL support
(cherry picked from commit 8eeb1bdcdfc104ffa77531f270a38cda2aee7f82)
---------
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
op-mode: T6715: manually changing time/date is not synced into hardware clock (backport #4071)
|
|
When not using NTP and adjusting the current system time/date using set date
the time is not saved across a reboot into the hardware RTC. This commit
explicitly syncs the current time after a change into the systems RTC.
Most routers do not run without NTP (which is even a VyOS default) so the
priority is pretty low.
(cherry picked from commit 835126e249c1a8b7ae87ac169a8eb9d2df979249)
|
|
op-mode: T6682: Fix for show vpn ike sa peer that always shows all SAs (backport #4057)
|
|
(cherry picked from commit 8c6a57124af37ba410dd01797e9242b3a79f171a)
|
|
T6703: Adds option to configure AMD pstate driver (backport #4046)
|
|
T6674: Actions fix variable for trigger build reuse repo (backport #4067)
|
|
(cherry picked from commit 5df36ba0e3c95efb2962ed54e614552f7425e173)
|
|
T6711: Fix restart vrrp missed comma between services (backport #4054)
|
|
policy: T6676: Invalid route-map caused bgpd to crash (backport #4047)
|
|
(cherry picked from commit 595f35bbdda732883ce0b8b0721061bb3a40a715)
|
|
(cherry picked from commit 9fcf711e669f00df8313887a801130f4bb3826df)
|
|
(cherry picked from commit f00d43381516326061db5287d841ad52e79d6271)
|
|
(cherry picked from commit 333672bee041f0f2b8e1b698a8eb2108694ad812)
|
|
T6007: revise migration system
|
|
Missing comma in the list between services
'ssh', 'suricata' 'vrrp', 'webproxy'
Fix it
(cherry picked from commit a3ddd2cb8994deefd378951806b5dc35067d06a7)
|
|
T6701: Added ability to disable the container DNS plugin (backport #4032)
|
|
Add ability to set the container network with a disable-dns setting to disable
the DNS plugin that is on be default.
set container network <network> no-name-server
(cherry picked from commit 1d5625d572cc25a9d53247b7c41177f17845b052)
|
|
(cherry picked from commit 23fc0a7a4dee19d71a3ac055c0391a4bbbffee4d)
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
An empty component version string will trigger a full migration,
however, the case of component_version is None was missed in a utility
function. Fix comment formatting.
(cherry picked from commit bd42f131ea2ceec2c591303ea69b7d3a36e41a7c)
|