summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-01-06openvpn: T3214: warn when setting nopool and server-ipv6 is being usedAntonio Quartulli
Currently OpenVPN does not allow having an IPv6 subnet if 'nopool' was specified on the --server directive. For this eason warn if this specific configuration is being hit. This is probably something that should be fixed upstream, but for now we can't allow this combination of parameters. Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> (cherry picked from commit 7a0e40ce8df386c0ea2de84bce8fb6c81a0353ce)
2024-01-06openvpn: T3214: allow configuring server with v6 onlyAntonio Quartulli
Starting with v2.5.0 OpenVPN allows configuring a server with an IPv6 only tunnel. For this reason there is no need to depend on the existence of an IPv4 subnet anymore. Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> (cherry picked from commit 3072e507eb1cdc18cfe5429fd0c03d223d2576fe)
2024-01-06Merge pull request #2759 from vyos/mergify/bp/sagitta/pr-2757Christian Breunig
T5900 dns forwarding: reliability improvements (backport #2757)
2024-01-06dns: T5900: add dont-throttle-netmasks and serve-stale-extensions powerdns ↵fvlaicu
features (cherry picked from commit 199ceb1f0a820c838dea6862371a3121b3d9f3a9)
2024-01-05Merge pull request #2755 from vyos/mergify/bp/sagitta/pr-2694Viacheslav Hletenko
T5169: nat: add option to map network and ports. (backport #2694)
2024-01-04T5159: nat: add option to map network and ports. Feature used for large ↵Nicolás Fort
deployments in cgnat. (#2694) (cherry picked from commit 3fc76505d0642c32a3eae9c0ce6ab3dd2ec32dbd)
2024-01-04Merge pull request #2753 from vyos/mergify/bp/sagitta/pr-2752Christian Breunig
T5897: frr should be stopped before vyos-router (backport #2752)
2024-01-04Merge pull request #2754 from vyos/mergify/bp/sagitta/pr-2749Christian Breunig
smoketests: T5887: remove IXGB driver (backport #2749)
2024-01-04smoketests: T5887: remove IXGB driverChristian Breunig
From Kernel commit e485f3a6eae0 ("ixgb: Remove ixgb driver") There are likely no users of this driver as the hardware has been discontinued since 2010. Remove the driver and all references to it in documentation. (cherry picked from commit 8eabba331f2615a284348b70a9ef3dd49e15f76d)
2024-01-04T5897: frr should be stopped before vyos-routerDate Huang
Signed-off-by: Date Huang <tjjh89017@hotmail.com> (cherry picked from commit 6d16ab081b70bc4ea837b66dfe032ec6bdb563d7)
2024-01-04Merge pull request #2751 from vyos/mergify/bp/sagitta/pr-2750Christian Breunig
configdict: T5894: add get_config_dict() flag with_pki (backport #2750)
2024-01-04configdict: T5894: add get_config_dict() flag with_pkiChristian Breunig
VyOS has several services relaying on the PKI CLI tree to retrieve certificates. Consuming services like ethernet, openvpn or ipsec all re-implemented the same code to retrieve the certificates from the CLI. This commit extends the signature of get_config_dict() with a new option with_pki that defaults to false. If this option is set, the PKI CLI tree will be blended into the resulting dictionary. (cherry picked from commit b152b52023ba0cf0d4919eae39e92de28a458917)
2024-01-04configdict: T5837: node_changed() shall not return duplicate list itemsChristian Breunig
This extends commit 4ee406470 ("configdict: T5837: add support to return added nodes when calling node_changed()") so no duplicate list elements get returned. (cherry picked from commit 301312b293238d3041c8912af6fdb86b506d7ab4)
2024-01-04xml: T5738: add constraint building block with alphanumeric, hypen, ↵Christian Breunig
underscore and dot (cherry picked from commit 82b4b2db8fda51df172210f470e5825b91e81de4)
2024-01-03Merge pull request #2719 from c-po/sagitta-backports-accel-pppChristian Breunig
Backports for Accel-PPP based serviced T5801, T5842 and T5688
2024-01-03Merge pull request #2745 from vyos/fix-wg-helpDaniil Baturin
op-mode: T5884: correct "generate wireguard" help string (backport)
2024-01-03Merge pull request #2732 from vyos/mergify/bp/sagitta/pr-2728Christian Breunig
T5880: verify_source_interface() should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces (backport #2728)
2024-01-03Merge pull request #2747 from vyos/mergify/bp/sagitta/pr-2746Viacheslav Hletenko
op-mode: T5890: Fix arguments passed to generate_system_login_user.py (backport #2746)
2024-01-03op-mode: T5890: Fix arguments passed to generate_system_login_user.pyMatthew Kobayashi
(cherry picked from commit 51bb6d0487c5a0918276f142f41ea5bca7b380fc)
2024-01-02Merge pull request #2744 from vyos/mergify/bp/sagitta/pr-2743Christian Breunig
T5888: fix migration script in order to fit new type-names for icmp and icmpv6 (backport #2743)
2024-01-02Merge pull request #2742 from c-po/t5261-aws-backportChristian Breunig
T5474: remove "aws glb" XML definitions as feature is not available in VyOS 1.4
2024-01-02op-mode: T5884: correct "generate wireguard" help stringhwlnx
(cherry picked from commit e2c9ffd8bc2d6119b78ec166fe5b90764fb38563)
2024-01-02T5888: fix migration script in order to fit new type-names for icmp and icmpv6.Nicolas Fort
(cherry picked from commit 1ccb3e634d45d0d1a8e190297cc0a310cb0069d6)
2024-01-02T5474: remove "aws glb" XML definitions as feature is not available in VyOS 1.4Christian Breunig
Files got added by accident in commit c9eaafd9f ("T5474: establish common file name pattern for XML conf mode commands")
2024-01-02Merge pull request #2740 from vyos/mergify/bp/sagitta/pr-2739Christian Breunig
T3642: add missing base64 CLI validators (backport #2739)
2024-01-02Merge pull request #2741 from vyos/mergify/bp/sagitta/pr-2736Christian Breunig
vyos-configd: extend list of included scripts (backport #2736)
2024-01-02vyos-configd: T4942: include config-management scriptChristian Breunig
(cherry picked from commit ad4958ff7b1a25564fcc6931d604288d7ff0a1d2)
2024-01-02vyos-configd: T563: include webproxy scriptChristian Breunig
(cherry picked from commit dd2a1955d66926dc4a987bad0acc52dcc6f5d433)
2024-01-02vyos-configd: T4222: include SLA (OWAMP and TWAMP) scriptChristian Breunig
(cherry picked from commit c2dfba97446e9411b182f07c6227cc9427f247a8)
2024-01-02vyos-configd: T5261: include AWS GLB scriptChristian Breunig
(cherry picked from commit 3bd1a8eac54d6d4610e239088d91c145f748d12c)
2024-01-02pki: T3642: add missing base64 constraint on PEM keysChristian Breunig
(cherry picked from commit 679be4c9742ffd5c317742c6c20a268a5e044f0c)
2024-01-02wireguard: T3642: use base64 validatorChristian Breunig
(cherry picked from commit a232b83601f4f8b2fe6964239a568acad3fa764a)
2024-01-02Merge pull request #2738 from vyos/mergify/bp/sagitta/pr-2737Christian Breunig
image-tools: T5885: relax restriction on image-name len from 32 to 64 (backport #2737)
2024-01-01smoketest: remove base accel-ppp testcase function commentsChristian Breunig
Python unittest framework treads the comments as test names during execution: Example: test_accel_ipv4_pool (__main__.TestVPNPPTPServer.test_accel_ipv4_pool) Test accel-ppp IPv4 pool ... ok (cherry picked from commit e9883143310993d87ba2e0c8ec7ef3b9faf928b1)
2024-01-01smoketest: T5688: pppoe-server support multiple client-ip-pool subnetsChristian Breunig
(cherry picked from commit b0d0ac4a822b36e4f0cfae82db06ee71581de51f)
2024-01-01T5688: Fixed ip pool migration scripts for l2tp, sstp, pppoeaapostoliuk
Fixed migration 'subnet' option in l2tp, sstp, pppoe. 'subnet' option can contain several values. (cherry picked from commit 21e5db430f93fd48ebc598ddf95c67d77485f5f5)
2024-01-01T5842: Rewritten PPTP to get_config_dictaapostoliuk
Rewritten PPTP to get_config_dict Fixed 'dynamic-author' commands. These commands did not create anything in accel-ppp config. (cherry picked from commit f39eb894d991d296a82c69d1ab783011b5d0ed2f)
2024-01-01T5801: Rewritten L2TP to get_config_dictaapostoliuk
Rewritten L2TP to get_config_dict Rewritten L2TP xml to accel-ppp patterns Migrated 'idle' to 'ppp-options.lcp-echo-timeout' Migrated 'authentication.mppe' to 'ppp-options.mppe' Migrated 'authentication.radius.dae-server' to 'authentication.radius.dynamic-author' Migrated 'authentication.require' to 'authentication.protocol' Added 'authentication.radius.acct-interim-jitter' Added 'authentication.radius.preallocate-vif' Added 'authentication.radius.server.<IP>.acct-port' Added 'ppp-options.ipv4' Added smoke-tests Fixed 'preallocate-vif' in SSTP (cherry picked from commit 09e0a2ca035ee39a68a510b28cc74560669d0420)
2024-01-01image-tools: T5885: relax restriction on image-name len from 32 to 64John Estabrook
(cherry picked from commit 3a9688ddb07f6bac1eb92aa13c20e897129e8958)
2024-01-01Merge pull request #2734 from vyos/mergify/bp/sagitta/pr-2726Christian Breunig
login: T5875: restore home directory permissions only when needed (backport #2726)
2024-01-01Merge pull request #2733 from vyos/mergify/bp/sagitta/pr-2731Christian Breunig
image-tools: T5883: preserve file owner in /config on add system update (backport #2731)
2024-01-01login: T5875: restore home directory permissions only when neededChristian Breunig
This improves commit 3c990f49e ("login: T5875: restore home directory permissions when re-adding user account") in a way that the home directory owner is only altered if it differs from the expected owner. Without this change on every boot we would alter the owner which could increase the boot time if the home of a user is cluttered. (cherry picked from commit 1b364428f79b7e4588a000fca40582ef968fc7fd)
2024-01-01image-tools: T5883: preserve file owner in /config on add system updateJohn Estabrook
(cherry picked from commit 9f66b9ccfa25f56c209d90a0ad5ad779f3963bee)
2024-01-01tunnel: T5879: properly verify source-interface used for tunnelsChristian Breunig
A tunnel interface can not properly be sourced from a pppoe0 interface when such interface is not (yet) connected to the BRAS. It might work on a running system, but subsequent reboots will fail as the source-interface most likely does not yet exist. (cherry picked from commit 66ce19058b7b8597536ddf63bbca027add2ca8a1)
2024-01-01configverify: T5880: raise exception if interfaces sourced form dynamic ↵Christian Breunig
interfaces Interfaces matching the following regex (ppp|pppoe|sstpc|l2tp|ipoe)[0-9]+ can not be used as source-interface for e.g. a tunnel. The main reason is that these are dynamic interfaces which come and go from a kernel point of view, thus it's not possible to bind an interface to them. (cherry picked from commit 5062f5d313548d6ebb9c07fee6b6d6be25b8f8f0)
2024-01-01Merge pull request #2730 from vyos/mergify/bp/sagitta/pr-2729Christian Breunig
T5474: establish common file name pattern for XML conf mode commands (backport #2729)
2024-01-01T5474: establish common file name pattern for XML conf mode commandsChristian Breunig
We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in (cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)
2023-12-31Merge pull request #2725 from vyos/mergify/bp/sagitta/pr-2651Daniil Baturin
firewall: T5834: Rename 'enable-default-log' to 'default-log' (backport #2651)
2023-12-31Merge pull request #2727 from vyos/mergify/bp/sagitta/pr-2707Christian Breunig
T5870: ipsec remote access VPN: add x509 ("pubkey") authentication. (backport #2707)
2023-12-30T5870: ipsec remote access VPN: add x509 ("pubkey") authentication.Lucas Christian
(cherry picked from commit 656934e85cee799dba5b495d143f6be445ac22d5)
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-05 03:21:35 +0000