summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-01-30T4964: Fix template bgpd.frr.j2 for l2vpn vni route-targetsViacheslav Hletenko
Route-target export/import for l2vpn-evpn vni xxx works as leafNode with multiple values We have to use "for" for such values
2023-01-30Merge pull request #1761 from sever-sever/T4916-currViacheslav Hletenko
T4916: Rewrite IPsec peer authentication and psk migration
2023-01-29xml: T1579: allow zero length for descriptionChristian Breunig
Some older VyOS 1.3 installations seem to use zero-length description fields. Do not break them!
2023-01-28vrrp: T1297: improve gratuitous ARP default value handling and help stringsChristian Breunig
2023-01-28Merge pull request #1787 from PeppyH/T4958-openconnect-radius-accountingChristian Breunig
T4958: ocserv: openconnect: Add RADIUS accounting support
2023-01-28Merge pull request #1789 from jestabro/insert_errorChristian Breunig
configtree: T4961: improve error reporting of function copy
2023-01-28openconnect: T4955: Removed wrong acctserver in radiusclient.confJamie Austin
Removes port key from accounting server merged config dictionary.
2023-01-28T4958: ocserv: openconnect: refactor RADIUS accounting supportJamie Austin
2023-01-28T4958: ocserv: openconnect: adds support for configuring RADIUS accountingJamie Austin
Adds CLI configuration options to configure RADIUS accounting for OpenConnect VPN sessions. This functionality cannot be used outside of the RADIUS OpenConnect VPN authentication mode
2023-01-27configtree: T4961: improve error reporting of copyJohn Estabrook
2023-01-27Merge pull request #1785 from aapostoliuk/T4955-sagittaChristian Breunig
openconnect: T4955: Removed wrong authserver in radiusclient.conf
2023-01-27Merge pull request #1788 from MartB/patch-1Christian Breunig
sysctl: T4928: remove outdated conntrack_helper
2023-01-27sysctl: T4928: remove outdated conntrack_helperMartin Böh
This sysctl has been removed from kernel 6.0.X onwards but its removal was skipped when upgrading the kernel. See: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/netfilter?id=b118509076b39cc5e616c0680312b5caaca535fe
2023-01-27Merge pull request #1786 from MartB/patch-1Christian Breunig
vyos.ethtool: T4963: improve driver name detection
2023-01-27vyos.ethtool: T4963: improve driver name detectionMartin Böh
The previous solution did not work for drivers that were no modules. e.g compiled with a kernel config set to CONFIG_VIRTIO_NET=y
2023-01-26config-mgmt: T4962: add missing flag re.MULTILINEJohn Estabrook
2023-01-26config-mgmt: T4962: fix typo in regexJohn Estabrook
2023-01-26ntp: T4961: create path ['service'] if it doesn't existJohn Estabrook
config.copy does not recursively create nodes of the path. On install image, the path ['service'] is not present in config.boot.default, so must be created before config.copy['service', 'ntp'].
2023-01-26openconnect: T4955: Removed wrong authserver in radiusclient.confaapostoliuk
After merging config dictionary with default values, radius port the default value was merged not in a proper way. It is added as a server. After creating radiusclient.conf added and the illegal authserver equal 'port'.
2023-01-26T4916: Rewrite IPsec peer authentication and psk migrationViacheslav Hletenko
Rewrite strongswan IPsec authentication to reflect structure from swanctl.conf The most important change is that more than one local/remote ID in the same auth entry should be allowed replace: 'ipsec site-to-site peer <tag> authentication pre-shared-secret xxx' => 'ipsec authentication psk <tag> secret xxx' set vpn ipsec authentication psk <tag> id '192.0.2.1' set vpn ipsec authentication psk <tag> id '192.0.2.2' set vpn ipsec authentication psk <tag> secret 'xxx' set vpn ipsec site-to-site peer <tag> authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer <tag> authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer <tag> authentication remote-id '192.0.2.2' Add template filter for Jinja2 'generate_uuid4'
2023-01-26Merge pull request #1782 from MartB/arm64-cpuViacheslav Hletenko
T4956: fix 'show hardware cpu' issue on arm64
2023-01-25config-mgmt: T4957: upload to archive only for location effective_valuesJohn Estabrook
2023-01-25config-mgmt: T4957: set priorityJohn Estabrook
2023-01-26T4956: fix 'show hardware cpu' issue on arm64Mathew McBride
Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/cpu.py", line 76, in <module> res = vyos.opmode.run(sys.modules[__name__]) File "/usr/lib/python3/dist-packages/vyos/opmode.py", line 200, in run res = func(**args) File "/usr/libexec/vyos/op_mode/cpu.py", line 58, in show cpu_data = _get_raw_data() File "/usr/libexec/vyos/op_mode/cpu.py", line 40, in _get_raw_data return vyos.cpu.get_cpus() File "/usr/lib/python3/dist-packages/vyos/cpu.py", line 83, in get_cpus cpus_dict = _find_physical_cpus() File "/usr/lib/python3/dist-packages/vyos/cpu.py", line 76, in _find_physical_cpus phys_cpus[num] = cpu[num] NameError: name 'cpu' is not defined Co-authored By: MartB <contact@martb.dev>
2023-01-25Merge pull request #1778 from dmbaturin/T4950-op-mode-setChristian Breunig
opmode: T4950: add set to the list of op mode functions
2023-01-25Merge pull request #1777 from nicolas-fort/T1297-garpChristian Breunig
T1297: VRRP: add garp options to vrrp
2023-01-25Merge pull request #1780 from mkorobeinikov/currentChristian Breunig
T4940: make the file .py Executable
2023-01-25T1297: VRRP: add garp options to vrrpNicolas Fort
2023-01-25T4940: new interfaces debugging command Executablemkorobeinikov
make the file (generate_interfaces_debug_archive.py ) executable
2023-01-24op-mode: T4951: bugfix InsufficientResources SyntaxError: invalid syntaxChristian Breunig
Commit b5e90197 ("op mode: T4951: add InsufficientResources error") missed out a comma when extending the op_mode_err_msg dictionary.
2023-01-24op-mode: xml: T4940: fix build errorChristian Breunig
Commit a0fc8b80 ("T4940: new interfaces debugging command") introduced a new tree under the op-mode "generate" function. The new "interface" node had no help string available making the build fail: > There are empty node.def files! Check your interface definitions.
2023-01-24Merge pull request #1766 from erkin/igmpChristian Breunig
igmp-proxy: T4912: Rewrite show IGMP proxy commands in the new op-mode format
2023-01-24Merge pull request #1771 from mkorobeinikov/currentChristian Breunig
T4940: new interfaces debugging command
2023-01-24Merge pull request #1779 from dmbaturin/T4951-resource-errorChristian Breunig
op mode: T4951: add InsufficientResources error
2023-01-24vrrp: T4109: improve "address" CLI node help stringsChristian Breunig
CLI expects ipv4net/ipv6net but the help strings only suggested it should be ipv4/ipv6. This has been corrected.
2023-01-23op-mode: T4942: add op-mode config_mgmt.py to standardized listJohn Estabrook
2023-01-23graphql: T4953: remove convert_kwargs_to_snake_case decoratorJohn Estabrook
2023-01-23graphql: T4544: use opmode._is_op_mode_function_name instead of local copyJohn Estabrook
2023-01-23op mode: T4951: add InsufficientResources errorDaniil Baturin
2023-01-23op-mode: T4952: improve interface completion helper CLI experienceChristian Breunig
There are currently two ways to generate the interface name completion helper list (we use openvpn in this example) - <script> ${vyos_completion_dir}/list_interfaces.py --type openvpn</script> - <path>interfaces openvpn</path> The first one using <script> tends to be rather slow as there is a Python interpreter startup involved (expensive). The latter simply calls a C program which is executed rather fast and gives the same result. We can simply replace the first call with the second one to make the CLI feel faster.
2023-01-23Merge pull request #1770 from dmbaturin/no-bare-literalsJohn Estabrook
T4944: disallow bare literals in raw op mode outputs
2023-01-23opmode: T4950: add set to the list of op mode functionsDaniil Baturin
2023-01-23op-mode: add "show|monitor log pppoe-server" commandChristian Breunig
2023-01-23op-mode: add "show|monitor log ipoe-server" commandChristian Breunig
2023-01-22op-mode: sstp: T4384: use <path> completion helper over <script>Christian Breunig
The script completion helper will only show SSTP client interfaces already created and beeing active in the Kernel. The path completion helper shows the real CLI deal.
2023-01-22op-mode: macsec: T4537: use <path> completion helper over <script>Christian Breunig
The script completion helper will only show MACsec interfaces already created and beeing active in the Kernel. The path completion helper shows the real CLI deal.
2023-01-22pppoe: T4948: add CLI option to allow definition of host-uniq flagChristian Breunig
Some ISPs seem to use the host-uniq flag to authenticate client equipment. Add CLI option in VyOS to allow specification of the host-uniq flag. set interfaces pppoe pppoeN host-uniq <value>
2023-01-22T4911: op-mode: bugfix AttributeError: 'str' object has no attribute 'items'Christian Breunig
One can not always ensure that "interface" is of type list, add safeguard. E.G. Juniper Networks, Inc. ex2300-c-12t only has a dict, not a list of dicts So this is actually an upstream lldpd bug where the output depends on the amount of data transmitted.
2023-01-21container: T4947: support mounting container volumes as ro or rwChristian Breunig
Whenever a container is used and a folder is mounted, this happenes as read-write which is the default in Docker/Podman - so is the default in VyOS. A new option is added "set container name foo volume mode <ro|rw>" to specify explicitly if rw (default) or ro should be used for this mounted folder.
2023-01-21T4911: op-mode: bugfix TypeError: 'NoneType' object is not iterableChristian Breunig