| Age | Commit message (Collapse) | Author |
|---|
|
(cherry picked from commit 03fd368ed263ca28c9b1b5e29f486217784d15ef)
|
|
openvpn: T6374: ensure that TLS role is configured for site-to-site with TLS (backport #3528)
|
|
(cherry picked from commit 380e998b10341b6dd42bb94d00a9d7a462ada27a)
|
|
T6406: Container CPU limits (backport #3530)
|
|
(cherry picked from commit 74910564f82e2837cd7eb35ea21f07601e5f8f0d)
|
|
(cherry picked from commit 81dea053e7178b8fea836a85aacde2a38ffb9e09)
|
|
(cherry picked from commit 5146cb23fff56e5a84db8c84120b836ceeae47f2)
|
|
(cherry picked from commit 6bcb201a0e7ee9fea5874b963bd3e727ecec578f)
|
|
smoketest: T6395: check for VFIO options to be present (backport #3522)
|
|
(cherry picked from commit f7b0bc68b7950a6c6e68b9e6708ef8a4b7b9b423)
|
|
dhcpv6-server: T3493: add constraintGroup for prefix-delegation start/stop address
|
|
reverse-proxy: T6402: Fix invalid checks in validation script (backport #3523)
|
|
(cherry picked from commit d4d70929a81b2ee1f66a9412a3545911b3874a62)
|
|
address
In addition for testing that the supplied IPv6 address ends with ::, we also
verify that it's a proper IPv6 address, just in case.
|
|
op-mode: T6400: pki: unable to generate fingerprint for ACME issued certificates (backport #3518)
|
|
op-mode: T6377: must call pki.py helper as root to work with ACME certificates (backport #3517)
|
|
This fixes (for and ACME generated certificate)
vyos@vyos:~$ show pki certificate vyos fingerprint sha512
Traceback (most recent call last):
File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module>
show_certificate_fingerprint(args.certificate, args.fingerprint)
File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint
print(get_certificate_fingerprint(cert, hash))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint
fp = cert.fingerprint(hash_algorithm)
^^^^^^^^^^^^^^^^
AttributeError: 'bool' object has no attribute 'fingerprint'
After the fix:
vyos@vyos# run show pki certificate vyos fingerprint sha256
10:2C:EF:2C:DA:7A:EE:C6:D7:8E:53:12:F0:F5:DE:B9:E9:D0:6C:B4:49:1C:8B:70:2B:D9:AF:FC:9B:75:A3:D2
(cherry picked from commit b6ee07c7efbb818787deba20116f4289853fb5c9)
|
|
This fixes the error:
vyos@vyos:~$ show pki certificate
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme
tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file
raise e
File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file
with open(fname, 'r') as f:
^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem'
(cherry picked from commit 65fba1cd27af67c543e120effc12882bd0191f03)
|
|
T3493: dhcpv6-server does not have prefix range validation
|
|
address
ISC DHCP server expects a string: "prefix6 2001:db8:290:: 2001:db8:29f:: /64;"
where the IPv6 prefix/range must be :: terminaated with a delegated prefix
length at the end.
This commit changes the validator that the IPv6 address defined on the CLI must
always end with ::. In addition a verify() step is added to check that the
stop address is greater than start address.
|
|
This reverts the prefix start/stop address must be inside network part from
commit 4cde0b8ce778d269d3fe1d4f33ba5b2caf424181.
|
|
$ touch /tmp/vyos.smoketest.debug
will enable dynamic debugging of the smoketests - showing the appropriate CLI
commands on stdout
(cherry picked from commit 0cb4294fdfe5ae0e0e8fd06436f38b67f16413a2)
|
|
|
|
Co-authored-by: Gregor Michels <hirnpfirsich@brainpeach.de>
(cherry picked from commit 609563d6acfeafbed46b1ac5e6bd497ce097e3bc)
Co-authored-by: Gregor Michels <gregor.michels@web.de>
|
|
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses (backport #3487)
|
|
(cherry picked from commit e1450096b4c667a4c33a3fcd8f67ebf6a39d441d)
|
|
nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel >=5.0 (backport #3507)
|
|
>=5.0
random - In kernel 5.0 and newer this is the same as fully-random. In earlier
kernels the port mapping will be randomized using a seeded MD5 hash mix using
source and destination address and destination port.
https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
(cherry picked from commit 7fe568ca1672f1dfbd2b56ee3ef7a6ab48b03070)
|
|
nat66: T6365: remove warnings for negated interface selections by name (backport #3505)
|
|
(cherry picked from commit 59781ff365a5e1b15ef6c4c2481f3d3815548b9d)
|
|
nat: T6365: remove warnings for negated interface selections by name (backport #3482)
|
|
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no (backport #3502)
|
|
and return False if the user interrupts the prompt with Ctrl-C
(cherry picked from commit 5a5dda14fd3d472680568f1792e9fbdb030f3995)
|
|
(cherry picked from commit 645c43ba60d29ca676a4323ccc5ca16c6bd8127a)
|
|
(cherry picked from commit 3870247517741ce23e2fcee8aaa1d194f0ad621b)
|
|
(cherry picked from commit 03eae30b27433055ddc10f09fc134b83e9bd6cec)
|
|
rollback-soft: T6384: tell the user to compare or commit (backport #3501)
|
|
after applying the diff
(cherry picked from commit 7bba95c8052af5b0cc5908cb9e740caa01b44161)
|
|
dhcpv6-server: T3493: adds prefix range validation and fixes typos in…
|
|
T6375: Fix/Update NAT logging (backport #3493)
|
|
T6373: QoS Policy Limiter - classes for marked traffic do not work (backport #3494)
|
|
ConfigError messages
|
|
(cherry picked from commit e50b7afc9d5b727d04933116ccf364a2b9a48c30)
|
|
Fixed broken logging for "show log nat"
Added the following commands:
show log nat source
show log nat source rule <ruleNum>
show log nat destination nat
show log nat destination nat rule <ruleNum>
show log nat static
show log nat static rule <ruleNum>
(cherry picked from commit 5cb9b84bd9ce909460d8da7f039d9371143ede6c)
|
|
op-mode: T6367: fix "force commit-archive" TypeError (backport #3489)
|
|
/usr/bin/config-mgmt requires an argument OR to be symbolically linked to
*commit-revision or *commit-archive, for which it interprets argv[0] through
the useful trickery:
https://github.com/vyos/vyos-1x/blob/current/python/vyos/config_mgmt.py#L693-L700
Traceback (most recent call last):
File "/usr/bin/config-mgmt", line 33, in <module>
sys.exit(load_entry_point('vyos==1.3.0', 'console_scripts', 'config-mgmt')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/vyos/config_mgmt.py", line 746, in run
func = getattr(config_mgmt, args['subcommand'])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: attribute name must be string, not 'NoneType'
(cherry picked from commit 0d6e44179bae5f73d37502884194656b34b1c4f9)
|
|
T6354: do an explicit read from version file to avoid circular reference (backport #3480)
|
|
(cherry picked from commit e0105ef380f1575613982f3b43c8ea3856654208)
|
|
op mode: T6348: SNAT op-mode fails with flowtable offload entries (backport #3471)
|
|
T6354: Get rid of the custom boot type check in version.py (backport #3474)
|
