summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-12-13srv6: T591: initial implementation to support locator definitionChristian Breunig
VyOS CLI set protocols segment-routing srv6 locator bar prefix '2001:b::/64' set protocols segment-routing srv6 locator foo behavior-usid set protocols segment-routing srv6 locator foo prefix '2001:a::/64' Will generate in FRR segment-routing srv6 locators locator bar prefix 2001:b::/64 block-len 40 node-len 24 func-bits 16 exit ! locator foo prefix 2001:a::/64 block-len 40 node-len 24 func-bits 16 behavior usid exit ! exit ! exit ! exit (cherry picked from commit ca301cdd4746187f96ff84e411fda6a84e33f237)
2023-12-13bgp: T591: add SRv6 support from FRRChristian Breunig
set protocols bgp sid vpn per-vrf export '99' set protocols bgp srv6 locator 'foo' set protocols bgp system-as '100' Will generate in FRR config router bgp 100 no bgp ebgp-requires-policy no bgp default ipv4-unicast no bgp network import-check ! segment-routing srv6 locator foo exit sid vpn per-vrf export 99 exit (cherry picked from commit af46fe54e56cf85d13b62ee771bec3d80f225ac5)
2023-12-13Merge pull request #2625 from vyos/mergify/bp/sagitta/pr-2618Viacheslav Hletenko
validator: T5816: large community validator should only allos character set and basic format (backport #2618)
2023-12-13Merge pull request #2620 from vyos/mergify/bp/sagitta/pr-2608Christian Breunig
load-config: T5815: provide a variety of load config methods (backport #2608)
2023-12-13validator: T5816: large community validator should only allos character set ↵Trae Santiago
and basic format (cherry picked from commit 5acc655c316216122ba975f30df7b76f161cbf02)
2023-12-12load-config: T5815: provide a variety of load config methodsJohn Estabrook
Collect in a module several versions of a 'load config' function. They have different use cases according to performance and error reporting, and allow comparison of non-legacy and legacy variants. (cherry picked from commit 7e4caa118692d9b6fd798783596bd018f805e5eb)
2023-12-11Merge pull request #2616 from vyos/mergify/bp/sagitta/pr-2613Viacheslav Hletenko
T5812: report actual number of revisions instead of max (backport #2613)
2023-12-11T5812: report actual number of revisions instead of maxJohn Estabrook
(cherry picked from commit ccbf03f1a87ac37eef78aeb29420ceea9a730a90)
2023-12-11Merge pull request #2615 from vyos/mergify/bp/sagitta/pr-2598John Estabrook
T5812: Fix for rollback check max revision number (backport #2598)
2023-12-11Merge pull request #2614 from vyos/mergify/bp/sagitta/pr-2612Viacheslav Hletenko
T5807: fix op-mode command <show nat66> (backport #2612)
2023-12-11T5812: Fix for rollback check max revision numberViacheslav Hletenko
(cherry picked from commit f019ed91b5444d2f446ca4f7332602c03a074190)
2023-12-11T5807: fix op-mode command <show nat66>, which only display rules if nat was ↵Nicolas Fort
configured. In this commit, check is fixed and rules are printed as expected. (cherry picked from commit 3d3418d1585cbb6d3c2d1d81d310a3107e16c4aa)
2023-12-10Merge pull request #2604 from vyos/mergify/bp/sagitta/pr-2600Christian Breunig
T5773: API add smoketest for load config via HTTP URL (backport #2600)
2023-12-10Merge pull request #2605 from vyos/mergify/bp/sagitta/pr-2601Christian Breunig
migration: T5413: re-sequence interfaces migration scripts (backport #2601)
2023-12-10migration: T5413: re-sequence interfaces migration scriptsChristian Breunig
PR https://github.com/vyos/vyos-1x/pull/2540 backported a migration script from current to the equuleus LTS branch. As migration scripts are executed in order to adjust the CLI for necessary improvements in future LTS releases we need to change the versioning of the migration files to match the new "base" version from the previous LTS release. In theory this could break very ancient 1.4 rolling releases (from the early days of the OSPF refactoring) - but those versions are considered very much unstable. Now this is the last chance to sync up the migration scripts before the 1.4 LTS release. (cherry picked from commit 98ca0984312257a09b57d4aac60ff4abf7f84e66)
2023-12-10T5773: API add smoketest for load config via HTTP URLViacheslav Hletenko
Use a custom NGINX config to load config via URL (cherry picked from commit db0df8e75b85d39ab61bf900f211d589f6cb8506)
2023-12-10Merge pull request #2603 from vyos/mergify/bp/sagitta/pr-2602Christian Breunig
T5791: DNS dynamic exclude check for dynamic interfaces PPPoE (backport #2602)
2023-12-10T5791: DNS dynamic exclude check for dynamic interfaces PPPoEViacheslav Hletenko
Dynamic interfaces such as PPPoE/sstpc can not exist during verification dns dynamic. As they added and removed dynamically. Add interface_filter to exclude them from checks (cherry picked from commit 0a1c9bc38440c86cbbc016fb6d8f7d6f36993652)
2023-12-09Merge pull request #2599 from vyos/mergify/bp/sagitta/pr-2541Christian Breunig
remote: T5773: Fix for broken config download (backport #2541)
2023-12-09remote: T5773: Fix for broken config uploaderkin
(cherry picked from commit 63bbd1afdd21563cf673ee34b47156889bd5e349)
2023-12-09git: T5803: Adjust git configuration for baseline defaultsIndrajit Raychaudhuri
Apply baseline defaults for `.gitattributes` and `.vscode/settings.json` for improved developer experience. The `.gitattrbutes` settings are based on: Git documentation (https://git-scm.com/docs/gitattributes#_effects) GitHub documentation (https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings) Community templates (https://github.com/gitattributes/gitattributes) Since editor-agnostic line-ending specific settings are applied to `.gitattributes`, they can be removed from `.vscode/settings.json`. The global VSCode defaults have also been removed to avoid duplication. (cherry picked from commit c30002208d392177cb1ffc1a5c714f7ad6d573b6)
2023-12-08Merge pull request #2595 from vyos/mergify/bp/sagitta/pr-2594Viacheslav Hletenko
op-cmd: T5802: bug fix for "ping x.x.x.x interface" completion options (backport #2594)
2023-12-08op-cmd: T5802: bug fix for "ping x.x.x.x interface" completion optionssrividya0208
(cherry picked from commit 020410a1e2009cb47d72bd18d360b9dc4b9c764f)
2023-12-08Merge pull request #2593 from vyos/mergify/bp/sagitta/pr-2584Christian Breunig
login: T4943: use pam-auth-update to enable/disable Google authenticator (backport #2584)
2023-12-08login: T4943: use pam-auth-update to enable/disable Google authenticatorChristian Breunig
The initial version always enabled Google authenticator (2FA/MFA) support by hardcoding the PAM module for sshd and login. This change only enables the PAM module on demand if any use has 2FA/MFA configured. Enabling the module is done system wide via pam-auth-update by using a predefined template. Can be tested using: set system login user vyos authentication plaintext-password vyos set system login user vyos authentication otp key 'QY735IG5HDHBFHS5W7Y2A4EM274SMT3O' See https://docs.vyos.io/en/latest/configuration/system/login.html for additional details. (cherry picked from commit e134dc4171b051d0f98c7151ef32a347bc4f87e2)
2023-12-08Merge pull request #2586 from vyos/mergify/bp/sagitta/pr-2583Daniil Baturin
op-mode: T5808: Correction of description for ipv6 ospfv3 graceful-restart (backport #2583)
2023-12-08Merge pull request #2592 from vyos/mergify/bp/sagitta/pr-2591Christian Breunig
ddclient: T5791: use a fixed VRF table ID in smoketests (backport #2591)
2023-12-08T5805: telegraf: re-add network metricsVladimir F
2023-12-08ddclient: T5791: use a fixed VRF table ID in smoketestsChristian Breunig
Fixes DEBUG - ====================================================================== DEBUG - ERROR: test_07_dyndns_vrf (__main__.TestServiceDDNS.test_07_dyndns_vrf) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py", line 302, in test_07_dyndns_vrf DEBUG - self.cli_set(['vrf', 'name', vrf_name, 'table', vrf_table]) DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 68, in cli_set DEBUG - self._session.set(config) DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 154, in set DEBUG - self.__run_command([SET] + path + value) DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 143, in __run_command DEBUG - raise ConfigSessionError(output) DEBUG - vyos.configsession.ConfigSessionError: Number is not in any of allowed ranges (cherry picked from commit 7b4be76afae1af580bbe46f17e88d4a6c1088f15)
2023-12-08Merge pull request #2581 from vyos/mergify/bp/sagitta/pr-2578Viacheslav Hletenko
T160: add NAT64 (backport #2578)
2023-12-08Merge pull request #2588 from vyos/mergify/bp/sagitta/pr-2587Christian Breunig
wireguard: T5413: fix missing check to migration script raising error (backport #2587)
2023-12-08wireguard: T5413: fix missing check to migration script raising errorJohn Estabrook
(cherry picked from commit 237b71a89160f28e5c603bacf707b1c235f01026)
2023-12-07op-mode: T5808: Correction of description for ipv6 ospfv3 graceful-restartsrividya0208
(cherry picked from commit 21ad36aa8789b28311fa04f8add14388057a67ad)
2023-12-07Merge pull request #2577 from indrajitr/sagitta-ddclient-backports-T5791Christian Breunig
ddclient: T5791: Update dynamic dns configuration path (sagitta backport)
2023-12-07smoketest: add a dialout router config with IPv6-PD and WireGuard from 1.3.4Christian Breunig
2023-12-07Merge pull request #2582 from vyos/mergify/bp/sagitta/pr-2551Viacheslav Hletenko
T5778: dhcp server: fix op-mode command (backport #2551)
2023-12-07T5778: dhcp server: fix op-mode command <show dhcp server leases ...>.Nicolas Fort
(cherry picked from commit 57761a370d2217eeb79827e8c20384f6de649c66)
2023-12-07T5778: dhcp server: patch op-mode command <show dhcp server leases>. If ↵Nicolas Fort
*pool* empty, this means that lease was granted by fail-over server. Also fix issue that <show dhcp server leases state all> print nothing. (cherry picked from commit da83b3f96dcedaa8e4d926d9f5bdc963abd9a813)
2023-12-07T160: Fix Debian control conflictsViacheslav Hletenko
2023-12-07T160: Rebase and fixes for NAT64Viacheslav Hletenko
- Update the base (rebase) - Move include/nat64-protocol.xml.i => include/nat64/protocol.xml.i - Delete unwanted `write_json`, use `write_file` instead - Remove unnecessary deleting of default values for tagNodes T2665 - Add smoketest Example: ``` set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth0 address '192.168.122.10/24' set interfaces ethernet eth2 address '2001:db8::1/64' set nat64 source rule 100 source prefix '64:ff9b::/96' set nat64 source rule 100 translation pool 10 address '192.168.122.10' set nat64 source rule 100 translation pool 10 port '1-65535' ``` (cherry picked from commit 336bb5a071b59264679be4f4f9bedbdecdbe2834)
2023-12-07nat64: T160: Implement Jool-based NAT64 translatorJoe Groocock
Signed-off-by: Joe Groocock <me@frebib.net> (cherry picked from commit 7d49f7079f1129c2fadc7f38ceb230804d89e177) # Conflicts: # debian/control
2023-12-05ddclient: T5791: Simplify and fix migration script for dynamic dnsIndrajit Raychaudhuri
Mark 'dns dynamic name' as tag node to avoid unexpected nesting. Also, fix file exec permission for migration script.
2023-12-05ddclient: T5791: Update smoketest for dynamic dns config path changeIndrajit Raychaudhuri
2023-12-05ddclient: T5791: Migration script for dynamic dns config path changeIndrajit Raychaudhuri
2023-12-05ddclient: T5791: Remove XML includes that aren't used anymoreIndrajit Raychaudhuri
As followup to interface definition change, remove XML snippets that aren't used anymore. They were there because they were 'include'-ed multiple times in the interface definition `dynamic-dns.xml.in`. Since that's not the case anymore, they can be removed.
2023-12-05ddclient: T5791: Update dynamic dns configuration pathIndrajit Raychaudhuri
Modify the configuration path to be consistent with the usual dialects of VyoS configuration (wireguard, dns, firewall, etc.) This would also shorten the configuration path and have a unified treatment for RFC2136-based updates and other 'web-service' based updates. While at it, add support for per-service web-options. This would allow for probing different external URLs on a per-service basis.
2023-12-03Merge pull request #2568 from vyos/mergify/bp/sagitta/pr-2566Christian Breunig
vti: T5769: restore interface settings on down -> up event (backport #2566)
2023-12-03vti: T5769: restore interface settings on down -> up eventChristian Breunig
On VTI interface link down the link-local IPv6 address is removed. As soon as the IPSec tunnel is online again, vti-up-down helper is called which only places the interface in up state using iproute2 command sudo ip link set vti0 up This does not restore the IPv6 LL address. Instead use vyos.ifconfig to properly re-initialize the VTI interface using the generic update() method. (cherry picked from commit d90ca4415bed8ce99c854243dca3036e76497270)
2023-12-02Merge pull request #2565 from vyos/mergify/bp/sagitta/pr-2564Viacheslav Hletenko
T5796:add/fixed OCSERV HTTP security headers (backport #2564)
2023-12-02 T5796:add/fixed OCSERV HTTP security headersfett0
(cherry picked from commit db51546edd653d3637cb26d6957ce5222d44d395)