summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-02-19vpn: T4254: Add cisco_flexvpn and install_virtual_ip_on optionsViacheslav Hletenko
Ability to set Cisco FlexVPN vendor ID payload: charon.cisco_flexvpn charon.install_virtual_ip_on swanctl.connections.<conn>.vips = x.x.x.x, z.z.z.z set vpn ipsec options flexvpn set vpn ipsec options virtual-ip set vpn ipsec options interface tunX set vpn ipsec site-to-site peer x.x.x.x virtual-address x.x.x.x
2022-02-17Merge pull request #1225 from jestabro/component-versionJohn Estabrook
T3474: move component version info to XML
2022-02-16xml: T3474: get component version dictionary from xml cache, not legacyJohn Estabrook
2022-02-16xml: T3474: add smoketest to check xml component versions are maintainedJohn Estabrook
Add smoketest to catch updates to a component version in legacy curver_DATA that is not present in xml syntaxVersion.
2022-02-16xml: T3474: add component version include filesJohn Estabrook
Add the include files containing the syntaxVersion element defining the version of the respective component; these files are included by the top level file 'xml-component-versions.xml.in'. Processing of these elements was previously added to the python xml lib in commit 40f5359d. This will replace the use of 'curver_DATA' in vyatta-cfg-system and other legacy packages.
2022-02-16policy: T2425: add completion helper script when referencing IP addressesChristian Poessinger
2022-02-16wireless: T4240: bugfix interface bridgingChristian Poessinger
VLAN isolation can not be "set" when interface is of type wifi.
2022-02-15Merge pull request #1223 from sever-sever/T4237-curChristian Poessinger
conntrack-sync: T4237: Fix checks for listen-address list to str
2022-02-15conntrack-sync: T4237: Fix checks for listen-address list to strViacheslav Hletenko
Verify section conntrack_sync.py funciton 'is_addr_assigned' should checks address as string not as list (cherry picked from commit c41c51e4ed7ceb293161014a73bdd350162c3300)
2022-02-15Merge pull request #1220 from chenxiaolong/T4244Christian Poessinger
pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert name
2022-02-14pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert nameAndrew Gunnerson
This commit fixes a small typo where the client cert name was being used to index the CA configuration dict. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-14tunnel: T4154: import cleanupChristian Poessinger
2022-02-14tunnel: T4154: verify() no more then one GRE tunnel is used w/o "ip key" per ↵Christian Poessinger
interface It is impossible for the OS kernel to distinguish multiple GRE tunnels when no "gre key" is configured when sourcing tunnels from the same interface.
2022-02-13ethernet: T4242: speed/duplex can never be switched back to auto/autoChristian Poessinger
2022-02-13vrf: T4191: bugfix for "ip rule" when VRFs are createdChristian Poessinger
We always mangled and worked on the "ip rule" singleton even when nothing needed to be changed. This resulted in a VRF hickup when the same VRF was added and removed multiple times. set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit delete interfaces ethernet eth1 vrf delete vrf commit set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit broke reachability on eth1 - a reboot was required. This change will now only alter the ip rule tables once when VRF instances are created for the first time and will not touch the Kernel "ip rule" representation afterwards.
2022-02-13vyos.util: T4191: add new sysctl() helper functionChristian Poessinger
2022-02-12policy: T2199: bugfix verify_rule() on negated groupsChristian Poessinger
Related to #1215
2022-02-11Merge pull request #1214 from sever-sever/T3686Christian Poessinger
openvpn: T3686: Fix for check local-address in script and tmpl
2022-02-11Merge pull request #1217 from sever-sever/T4236Christian Poessinger
openvpn: T4236: Add generator for ovpn configurations in op-mode
2022-02-11Merge pull request #1216 from sever-sever/T3872Christian Poessinger
smoketest: T3872: Fix token check for monitoring test
2022-02-10openvpn: T4236: Add generator for ovpn configurations in op-modeViacheslav Hletenko
This generator generates client .ovpn files with required initial configuration It gets information from interface vtun, pki ca and certificates
2022-02-10Merge pull request #1133 from zdc/T1925-sagittaDaniil Baturin
ipsec: T1925: Fixed `show vpn ipsec sa` output
2022-02-10smoketest: T3872: Fix token check for monitoring testViacheslav Hletenko
As INFLUX_TOKEN is present in override.conf.tmpl environment we expect variable "$INFLUX_TOKEN" in the telegraf template and config but not value of the token
2022-02-10Merge pull request #1213 from jestabro/config-diffChristian Poessinger
configtree: T4235: encapsulate config tree diff function
2022-02-09openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template
2022-02-08configtree: T4235: encapsulate config tree diff functionJohn Estabrook
2022-02-08Merge pull request #1208 from sever-sever/T3600Christian Poessinger
dhcp: T3600: Fix DHCP static table dhcp-interface route
2022-02-08Merge pull request #1209 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Add input filter for firewall InfluxDB2
2022-02-08monitoring: T3872: Add input filter for firewall InfluxDB2Viacheslav Hletenko
Input filter for firewall allows to get bytes/counters from nftables in format, required for InfluxDB2
2022-02-07xml: ssh: T4233: sync regex for allow/deny usernames to "system login"Christian Poessinger
2022-02-07dhcp: T3600: Fix DHCP static table dhcp-interface routeViacheslav Hletenko
Static table dhcp-interface route required table in template Without table this route will be placed to table 'main' by default
2022-02-06smoketest: bond: T4228: verify bond member is only used onceChristian Poessinger
2022-02-06config: T4228: is_member() must return all instances not only the last oneChristian Poessinger
2022-02-05vrrp: T4226: transition-script does not work for groups containing a hypen (-)Christian Poessinger
2022-02-05Merge pull request #1200 from sever-sever/T3872Christian Poessinger
monitoring: T3872: Fix template input plugin for running services
2022-02-05Merge pull request #1206 from sarthurdev/T4209Christian Poessinger
firewall: T4209: Fix support for rule `recent` matches
2022-02-05Merge pull request #1207 from sever-sever/T4151Christian Poessinger
policy: T4151: Delete unexpected print added in commit c501ae0f
2022-02-05Merge pull request #1205 from srividya0208/T4227Christian Poessinger
T4227:Bridge: Typo in completion help of hello-time option
2022-02-04policy: T4151: Delete unexpected print added in commit c501ae0fViacheslav Hletenko
2022-02-04firewall: T4209: Fix support for rule `recent` matchessarthurdev
2022-02-03T4227:Bridge: Typo in completion help of hello-time optionsrividya0208
There is spelling mistake in "advertisement" of hello-time option's completion help
2022-02-03Merge pull request #1201 from sarthurdev/T4178_2Christian Poessinger
firewall: T4178: Fix only inverse matching on tcp flags
2022-02-03firewall: T4178: Fix only inverse matching on tcp flagssarthurdev
2022-02-02monitoring: T3872: Fix template input plugin for running servicesViacheslav Hletenko
Add required capability for input scripts which collect statistics of running services
2022-02-01Revert "dhclient: T3392: remove /usr/sbin prefix from iproute2 ip command"Christian Poessinger
This reverts commit 78b247b724f74bdabab0706aaa7f5b00e5809bc1.
2022-01-31upnpd: T3420: code cleanupChristian Poessinger
2022-01-31upnpd: T3420: use proper include directivesChristian Poessinger
2022-01-31smoketest: upnpd: T3420: refine code and re-use pathsChristian Poessinger
2022-01-31Merge pull request #1196 from hensur/current-ipv6-local-route-iifChristian Poessinger
policy: T4219: add local-route(6) inbound-interface support
2022-01-31Merge pull request #1199 from sarthurdev/T4218Christian Poessinger
firewall: T4218: T4216: Add prefix to user defined chains, support negated groups, fixes