Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-09-23 | Merge pull request #1014 from nagua/fix_smaller_openvpn_issues | Christian Poessinger | |
T3642: Fix smaller OpenVpn issues | |||
2021-09-23 | openvpn: T3642: Openvpn does not work without dh parameter in EC mode | Nicolas Riebesel | |
2021-09-23 | openvpn: T3642: Fix password_protected check | Nicolas Riebesel | |
2021-09-23 | openvpn: T3642: Add option for TLS 1.3 | Nicolas Riebesel | |
2021-09-22 | smoketest: vrrp: delete interface vifs after test | Christian Poessinger | |
2021-09-22 | vrrp: keepalived: T3847: enable no_tag_node_value_mangle for get_config_dict() | Christian Poessinger | |
Commit 761631d6 ("vrrp: keepalived: T3847: migrate to get_config_dict()") switched to the new python function get_config_dict(), when we deal with tag nodes that can contain a hyphen, we should also set no_tag_node_value_mangle in order to preserve it. This caused a dict lookup error as the hyphens in the test scripts got replaced by an _. | |||
2021-09-21 | vrrp: keepalived: T3847: migrate/streamline CLI options | Christian Poessinger | |
Rename virtual-address -> address as we always talk about an IP address. | |||
2021-09-21 | vrrp: keepalived: T3847: add common transition-script building block | Christian Poessinger | |
This is used for both VRRP groups and sync-groups. | |||
2021-09-21 | vrrp: keepalived: T3847: remove "transition-script mode-force" option | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T616: use common description building block | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T3847: migrate to get_config_dict() | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T616: enable script security | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T616: move configuration to volatile /run directory | Christian Poessinger | |
Move keepalived configuration from /etc/keepalived to /run/keepalived. | |||
2021-09-21 | smoketest: vrrp: T616: add basic smoketest to verify keepalived configuration | Christian Poessinger | |
2021-09-21 | xml: vrrp: T616: add missing valueHelp for "authentication type" | Christian Poessinger | |
2021-09-21 | vrrp: keepalived: T2720: adjust to Jinja2 trim_blocks feature | Christian Poessinger | |
This is a successor to commit a2ac9fac16e ("vyos.template: T2720: always enable Jinja2 trim_blocks feature"). It only shifts the whitespaces / indents inside the keepalived configuration file. | |||
2021-09-21 | dhcp-server: T3839: support domain-search and ntp-server config per ↵ | Christian Poessinger | |
shared-network | |||
2021-09-21 | xml: ospf: fix routing-passive-interface-xml.i include | Christian Poessinger | |
Commit a8b2e52148d ("xml: Update routing-passive-interface-xml.i file extension to standard .xml.i") only altered the RIP include statement but did not alter the OSPF include. | |||
2021-09-21 | Merge pull request #1013 from sarthurdev/current | Christian Poessinger | |
github: Add .gitattributes to correct language detection | |||
2021-09-21 | smoketest: ipsec: T1441: adjust to latest VTI/XFRM interface changes | Christian Poessinger | |
Commit d768aee9 ("ipsec: T1441: Clean up vti-up-down script for XFRM interfaces") removed a parameter from the updown scripts which is no longer necessary as XFRM interfaces are superior to VTI interfaces b/c they use dynamic endpoints by default. | |||
2021-09-20 | smoketest: use assertNotIn() in base interface test | Christian Poessinger | |
2021-09-20 | ifconfig: T2104: cleanup IPv6 EUI-64 handling in update() | Christian Poessinger | |
2021-09-20 | vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC" | Christian Poessinger | |
Commit b7d30137b1 ("vyos.ifconfig: provide generic get_mac_synthetic() method") provided a common helper to generate MAC addresses used by EUI64 addresses for interfaces not having a layer2 interface (WireGuard or ip tunnel). The problem is that every call to the helper always yielded a new MAC address. This becomes problematic when IPv6 link-local addresses are generated and modified on the interface as multiple link-local (fe80::/64) addresses can easily be added to the interface leaving ... a mess. This commit changes the way how the "synthetic" MAC is generated, we generate a UUID which is stable as it is based on the interface name. We take out the last 48 bits of the UUID and form the "MAC" address. | |||
2021-09-20 | xml: Update routing-passive-interface-xml.i file extension to standard .xml.i | sarthurdev | |
2021-09-20 | github: Add .gitattributes to override language detection | sarthurdev | |
2021-09-20 | vyos.ifconfig: T2738: can only read from a file when it exists | Christian Poessinger | |
When IPv6 is disbaled on an interface also the sysfs files related to IPv6 for this interface vanish. We need to check if the file exists before we read it. | |||
2021-09-20 | Merge pull request #1012 from lucasec/vti-enhancements | Christian Poessinger | |
ipsec: T1441: Clean up vti-up-down script for XFRM interfaces | |||
2021-09-19 | ipsec: T1441: Clean up vti-up-down script for XFRM interfaces | Lucas Christian | |
2021-09-19 | vyos.ifconfig: T2738: do not remove OS assigned IP addresses from interface | Christian Poessinger | |
When using VRRP on any given interface and performing an action against that interface - be it even only changing the alias - will trigger a removal of the VRRP IP address. The issue is caused by: # determine IP addresses which are assigned to the interface and build a # list of addresses which are no longer in the dict so they can be removed cur_addr = self.get_addr() for addr in list_diff(cur_addr, new_addr): When the script calls into the library - we will drop all IP addresses set on the adapter but not available in the config dict. We should only remove the IP addresses marked by the CLI to be deleted! | |||
2021-09-19 | vyos.configdict: bugfix: leaf_node_changed() must return empty dict when ↵ | Christian Poessinger | |
node is added Commit f476e456 ("vyos.configdict: leaf_node_changed() must return empty dict when node is added") returned [''] as "empty" dict - but this is not empty. >>> if ['']: ... print('foo') ... foo It should rather be: [] | |||
2021-09-19 | vyos.ifconfig: T2738: add delta check when changing interface parameters | Christian Poessinger | |
There is no need to alter interface parameters if they have not changed at all. | |||
2021-09-19 | dhcp-server: T3672: migrate failover name option | Christian Poessinger | |
Commit 2985035b (dhcp-server: T3672: re-add missing "name" CLI option) unfortunately did not add the name option to the migration script. | |||
2021-09-19 | smoketest: dhcp: T3841: validate ping-check option | Christian Poessinger | |
2021-09-19 | smoketest: dhcp: T3672: adjust to new CLI syntax | Christian Poessinger | |
2021-09-19 | dhcp-server: T3672: bugfix Jinja2 template | Christian Poessinger | |
The DHCP servers pool {} option can only be used when there follows a range statement. This is invalid for a network with only "static" leases. | |||
2021-09-19 | dhcp-server: T3672: re-add missing "name" CLI option | Christian Poessinger | |
This option is mandatory and must be user configurable as it needs to match on both sides. | |||
2021-09-19 | xml: dhcp-server: move building blocks to dhcp subdirectory | Christian Poessinger | |
2021-09-19 | dhcp-server: T3841: add option to perform ICMP check before address assignment | Christian Poessinger | |
2021-09-19 | dhcp-server: T3672: only one failover peer is supported | Christian Poessinger | |
2021-09-19 | dhcpv6: op-mode: xml: error out if DHCPv6 service not configured | Christian Poessinger | |
Restarting DHCPv6 server should not be possible when service is not configured on the CLI. | |||
2021-09-19 | dhcpv6: op-mode: xml: fix duplicate help strings | Christian Poessinger | |
2021-09-19 | dhcp: op-mode: xml: error out if DHCP service not configured | Christian Poessinger | |
2021-09-19 | dhcp: op-mode: xml: fix duplicate help string | Christian Poessinger | |
2021-09-19 | Merge pull request #1011 from jack9603301/T3648 | Christian Poessinger | |
op-mode: nat: T3648: Fix NAT script errors | |||
2021-09-19 | Merge pull request #1010 from lucasec/dns-fw-cache-size | Christian Poessinger | |
pdns_recursor: T3840: Allow larger DNS forwarding cache sizes | |||
2021-09-19 | op-mode: nat: T3648: Fix NAT script errors | jack9603301 | |
2021-09-18 | T3840: Allow larger DNS forwarding cache sizes | Lucas Christian | |
2021-09-18 | container: T2216: add IPv6 support to container networks | Christian Poessinger | |
2021-09-18 | dhcp-server: T3839: support name-servers and domain config per shared-network | Christian Poessinger | |
DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1' | |||
2021-09-18 | dhcp-server: xml: use description building block | Christian Poessinger | |