summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-11-23Merge pull request #1675 from roedie/T4835Christian Poessinger
T4835: snmpd: Fix copy/paste error in snmpd.conf
2022-11-23T4835: snmpd: Fix copy/paste error in snmpd.confSander Klein
The variable 'client' was accidently used where 'network should have been used. This lead to missing community6 string when an IPv6 network was defined instead of an IPv6 client.
2022-11-22Merge pull request #1674 from sarthurdev/container_networkChristian Poessinger
container: T4834: Limit network names to 11 characters (15 char max including "cni-" prefix)
2022-11-22container: T4834: Limit network names to 11 characters (15 char max ↵sarthurdev
including "cni-" prefix) * Error: unable to start container "<id>": plugin type="bridge" failed (add): cni plugin bridge failed: failed to create bridge "cni-thisismorethan15chars": could not add "cni-thisismorethan15chars": numerical result out of range
2022-11-21graphql: T4574: add specific error message if token has expiredJohn Estabrook
Catch expiration error and return error-specific message instead of general 'not authenticated'.
2022-11-21graphql: T4574: use Optional in func_sigJohn Estabrook
A misreading of the makefun docs seemed to indicate Optional was not supported; it is.
2022-11-21graphql: T4544: use load_as_module from vyos.utilJohn Estabrook
load_as_module was added to util.py for T4821; prefer over local copy
2022-11-21Merge pull request #1673 from sever-sever/T4823Christian Poessinger
T4823: Fix IPsec transport mode remote TS
2022-11-21T4823: Fix IPsec transport mode remote TSViacheslav Hletenko
Remote TS for transport mode GRE must be remote-address and not peer name
2022-11-21Merge pull request #1671 from jestabro/reset-tunnel-arg-optionalDaniil Baturin
IPsec: T4829: tunnel argument to 'reset_peer' should have type hint Optional
2022-11-20IPsec: T4829: use type hint Optional for arg tunnel in reset_peerJohn Estabrook
2022-11-20IPsec: T4829: add missing import TimeoutExpiredJohn Estabrook
2022-11-20Merge pull request #1657 from sever-sever/T4812Daniil Baturin
T4812: Add op-mode Show vpn ipsec connections
2022-11-20op-mode: dns-forwarding: T4578: drop sudo callsChristian Poessinger
Commit 66288ccfee ("dns-forwarding: T4578: Rewrite show dns forwarding") added the implementation for the new standardized op-mode definitions/implementation. As the API daemon has the proper permissions and also the CLI op-mode calls the script already with "sudo", there is no need to call "sudo" inside this script, again. Also add dns.py to data/op-mode-standardized.json for the GraphQL schema to be generated.
2022-11-20macvlan: pseudo-ethernet: T2104: _create() should place interface in A/D stateChristian Poessinger
2022-11-20Merge pull request #1667 from sever-sever/T4827Christian Poessinger
T4827: Route-map state continue must be with action permit only
2022-11-20T4827: Route-map state continue must be with action permit onlyViacheslav Hletenko
route-map action 'deny' cannot be used for "continue" as FRR does not validate it r14(config)# route-map FOO permit 100 r14(config-route-map)# route-map FOO deny 50 r14(config-route-map)# on-match goto 100 % Configuration failed. Error type: validation r14(config-route-map)#
2022-11-20vrf: T4562: no need to invode "sudo" when retrieving VRf informationChristian Poessinger
2022-11-20T4830: nat66: remove external IPv6 check on bracketize_ipv6()Christian Poessinger
vyos.template.bracketize_ipv6() has a build-in check if the supplied address is of IPv6 AFI. No need to code an external check arround that.
2022-11-19Merge pull request #1666 from nicolas-fort/T4830-nat66Christian Poessinger
T4830: nat66: fix how nat66 rules are written in nftables
2022-11-19T4830: nat66: fix how nat66 rules are written in nftables, so translation ↵Nicolas Fort
works as expected
2022-11-19Merge pull request #1665 from jestabro/op-mode-value-errorChristian Poessinger
IPsec: T4828: raise op-mode error on incorrect value
2022-11-18IPsec: T4828: raise op-mode error on incorrect valueJohn Estabrook
2022-11-18Merge pull request #1664 from sever-sever/T4826Christian Poessinger
T4826: Fix login pubkey key type ed25519-sk ecdsa-sk
2022-11-18T4826: Fix login pubkey key type ed25519-sk ecdsa-skViacheslav Hletenko
Requires full key type name like sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com
2022-11-18Merge pull request #1662 from jestabro/config-script-dependencyDaniil Baturin
firewall: T4821: correct calling of conf_mode script dependencies
2022-11-18Merge pull request #1645 from aapostoliuk/T4793-sagittaChristian Poessinger
T4793: Added warning about disable-route-autoinstall
2022-11-18T4793: Added warning about disable-route-autoinstallaapostoliuk
Added warning message about disable-route-autoinstall when ipsec vti is used.
2022-11-17Merge pull request #1654 from sarthurdev/pbr_refactorChristian Poessinger
policy: T2199: T4605: Migrate policy route interface node
2022-11-17firewall: T4821: correct calling of conf_mode script dependenciesJohn Estabrook
2022-11-17firewall: T4821: add support for adding conf_mode script dependenciesJohn Estabrook
2022-11-17Merge pull request #1660 from aapostoliuk/T4819-sagittaChristian Poessinger
T4819: Allow printing Warning messages in multiple lines with \n
2022-11-16Merge pull request #1661 from roedie/T4794Christian Poessinger
T4794: Fix show show firewall name
2022-11-16T4794: Fix show show firewall nameSander Klein
show firewall name <name> will output an error as explained in https://phabricator.vyos.net/T4794
2022-11-16firewall: T4821: add utility to load script as moduleJohn Estabrook
2022-11-16containers: T2216: support re-install via dpkg of vyos-1x-smoketest packageChristian Poessinger
skopeo does not support overwriting an image - simply remove and readd it.
2022-11-16T4819: Allow printing Warning messages in multiple lines with \naapostoliuk
Allow printing Warning messages and DeprecationWarning in multiple lines with \n
2022-11-16bridge: T4673: remove "sudo" as there is no need to elevate permissionsChristian Poessinger
2022-11-16Revert "Revert "dns: T4799: fix bug with not reloading powerdns config""Christian Poessinger
This reverts commit 44df1cea1ebc3296844c5c35cf053a92cda4b944.
2022-11-16Revert "smoketest: T4652: adjust PowerDNS process name for 4.8 version"Christian Poessinger
This reverts commit 726cdf8bfd27d751737383102fa205f3c082710c.
2022-11-15T4812: Add op-mode Show vpn ipsec connectionsViacheslav Hletenko
Add op-mode CLI "show vpn ipsec connections" Add the ability to show all configured connections/tunnels and their states. Ability to get --raw data
2022-11-15Merge pull request #1658 from vfreex/fix-ns-config2Christian Poessinger
T4815: ip-up/down scripts needs the executable bit
2022-11-15T4815: ip-up/down scripts needs the executable bitYuxiang Zhu
ip-up/down scripts added in https://github.com/vyos/vyos-1x/pull/1656 need the executable bit.
2022-11-14Merge pull request #1653 from jestabro/trace-migrationJohn Estabrook
migration: T4808: add details of configtree operations to migration log
2022-11-14Merge pull request #1655 from fett0/T4813Christian Poessinger
T4813: Add L3vpn over gre option from route-map
2022-11-14Merge pull request #1656 from vfreex/fix-ns-configChristian Poessinger
T4815: Fix various name server config issues
2022-11-14T4815: Fix various name server config issuesYuxiang Zhu
1. When a PPPoE session is connected, `pppd` will update `/etc/resolv.conf` regardless of `system name-server` option unless `no-peer-dns` is set. This is because `pppd` vendors scripts `/etc/ppp/ip-up.d/0000usepeerdns` and `/etc/ppp/ip-down.d/0000usepeerdns`, which updates `/etc/resolv.conf` on PPPoE connection and reverts the change on disconnection. This PR removes those scripts and adds custom scripts to update name server entries through `vyos-hostsd` instead. 2. There is a typo in `/etc/dhcp/dhclient-enter-hooks.d/04-vyos-resolvconf, which misspells variable name `new_dhcp6_name_servers` as `new_dhcpv6_name_servers`. This causes IPv6 name server entries in `vyos-hostsd` not updated when dhclient receives nameservers from DHCPv6. 3. Regular expressions in scripts under `/etc/dhcp/dhclient-enter-hooks.d` and `/etc/dhcp/dhclient-exit-hooks.d/` are not enclosed in `^$`, so those IPv4 related branches (like `BOUND`) could be mistakenly executed when an IPv6 reason (like `BOUND6`) is given.
2022-11-13T4813: add l3vpn over gre option from route-mapfett0
2022-11-13l3VPN : T4182: add l3vpn over gre option from route-mapfett0
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle