summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-08-29nat: T4367: Move nat rules from /tmp to /run/nftables_nat.confViacheslav Hletenko
Move nftables nat configuration from /tmp to /run As we have for other services like firewall, conntrack Don't remove the config file '/run/nftables_nat.conf' after commit
2022-08-29Merge pull request #1503 from sever-sever/T4654Christian Poessinger
rpki: T4654: Fix RPKI cache description
2022-08-29rpki: T4654: Fix RPKI cache descriptionViacheslav Hletenko
Fix wrong descriptions for the RPKI server It was mentioned about the NTP server
2022-08-29smoketest: config: drop almost empty https service testChristian Poessinger
2022-08-28smoketest: T4652: upgrade PowerDNS recursor to 4.7 seriesChristian Poessinger
2022-08-28smoketest: T4643: bind sstp service to port 8443Christian Poessinger
2022-08-27Merge pull request #1493 from jestabro/gql-op-mode-errorChristian Poessinger
graphql: T4640: add schema defs and resolver support for op-mode errors
2022-08-27Merge pull request #1500 from aapostoliuk/T1070-sagittaChristian Poessinger
opennhrp: T1070: Fixed creating IPSEC tunnel to Hub
2022-08-27pppoe: T4648: do not install IPv6 default route from RA is no-default-route ↵Christian Poessinger
is set Adds a sysctl parameter to ignore the default router obtained from router advertisements when pppoe no-default-route is set.
2022-08-27smoketest: T4643: create individual configs fot https service and sstp vpnChristian Poessinger
2022-08-27Revert "smoketest: T4643: Change openconnect default port"Christian Poessinger
This reverts commit fa91f567b7b5f009aaaed569b3f5e5db4b638d39.
2022-08-27Revert "smoketest: T4643: Delete vpn sstp from config as we have HTTP"Christian Poessinger
This reverts commit c2fc87c02dd556dd1569ff2fd81c9e2485a80459.
2022-08-27telegraf: T3872: replace local get_interfaces() function with ↵Christian Poessinger
Section.interface() Commit cfde4b49 ("ifconfig: T2223: add vlan switch for Section.interfaces()") added the functionality of the local get_interfaces() function to the base class so all other parts in the system can query for interface names of a given type including or excluding their vlan sub-interfaces.
2022-08-26Merge pull request #1482 from sever-sever/T4631Christian Poessinger
nat66: T4631: Add port and protocol to nat66 conf
2022-08-26Merge pull request #1501 from sever-sever/T4650Christian Poessinger
nat: nat66: T4650: Rewrite op-mode nat translation
2022-08-26Merge pull request #1499 from sever-sever/T4643-smoketestChristian Poessinger
smoketest: T4643: Delete vpn sstp from config as we have HTTP
2022-08-26nat: nat66: T4650: Rewrite op-mode nat translationViacheslav Hletenko
Rewrite op-moe "show nat|nat66 translation" to vyos.opmode format Ability to get machine-readable format "raw"
2022-08-26opennhrp: T1070: Fixed creating IPSEC tunnel to Hubaapostoliuk
Fixed creating IPSEC tunnel to Hub. Added continues of execution generator functions.
2022-08-26smoketest: T4631: Extend smoketes fot nat66 protocolViacheslav Hletenko
2022-08-26smoketest: T4643: Delete vpn sstp from config as we have HTTPViacheslav Hletenko
HTTP and sstp cannot work together and in the test config 1.4-rolling-202106290839 we didnot have configurable port for such services So we shoud delete sstp from this smoketest config test In fact it is never working at all 'smoketest/configs/pki-misc' It commits without errors before but in the real life we get 3 services (https openconnect sstp) that bound the same port
2022-08-25graphql: T4640: add schema defs and resolver support for op-mode errorsJohn Estabrook
2022-08-25Merge pull request #1458 from sever-sever/T4594Christian Poessinger
ipsec: T4594: Rewrite op-mode 'show vpn ipsec sa' to the new format
2022-08-25proxy: T4642: allow https proxy transportsChristian Poessinger
2022-08-25ifconfig: T2223: add vlan switch for Section.interfaces()Christian Poessinger
Sometimes we are only interested in the parent interfaces without any VLAN subinterfaces. Extend the API with a vlan argument that defaults to True to keep the current behavior in place.
2022-08-25ssh: T2185: use reload-or-restart on configuration changesChristian Poessinger
2022-08-25ntp: T2185: use reload-or-restart on configuration changesChristian Poessinger
2022-08-25telegraf: T3872: re-use existing XML building blocksChristian Poessinger
2022-08-25telegraf: T4617: add VRF supportChristian Poessinger
2022-08-25Merge pull request #1497 from sever-sever/T4645Christian Poessinger
op-mode: T4645: Show nat source statistics missing argument --family
2022-08-25Merge pull request #1495 from sever-sever/T4643Christian Poessinger
smoketest: T4643: Change openconnect default port
2022-08-25Merge pull request #1496 from sever-sever/T4644Christian Poessinger
sstp: T4644: Check SSTP bind port before commit
2022-08-25op-mode: T4645: Show nat source stat missing argument --familyViacheslav Hletenko
As we use in commit 8d4205a9 argument '--family' for the function '_get_raw_data_rules(direction, family)' we must use it and for 'nat.py show_statistics' as it get raw data from the same function
2022-08-25sstp: T4644: Check SSTP bind port before commitViacheslav Hletenko
By default SSTP bind port '443' and this port can be used by another service like 'service https' or 'vpn openconnect' Check if port bound to another service
2022-08-25smoketest: T4643: Change openconnect default portViacheslav Hletenko
Change openconnect port as both ocserv and sstp bind by default the same port 443
2022-08-25Merge pull request #1478 from sever-sever/T4622Christian Poessinger
firewall: T4622: Add TCP MSS option
2022-08-24T4630: can not use same source-interface for macsec and pseudo-ethernetChristian Poessinger
A macsec interface requires a dedicated source interface, it can not be shared with another macsec or a pseudo-ethernet interface. set interfaces macsec macsec10 address '192.168.2.1/30' set interfaces macsec macsec10 security cipher 'gcm-aes-256' set interfaces macsec macsec10 security encrypt set interfaces macsec macsec10 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4232e44b7fda6f8e2d88a07bf78a7aff4' set interfaces macsec macsec10 security mka ckn '09924585a6f3010208cf5222ef24c821405b0e34f4b4f63b1f0ced474b9bb6e6' set interfaces macsec macsec10 source-interface 'eth1' commit set interfaces pseudo-ethernet peth0 source-interface eth1 commit Reuslts in FileNotFoundError: [Errno 2] failed to run command: ip link add peth0 link eth1 type macvlan mode private returned: exit code: 2 noteworthy: cmd 'ip link add peth0 link eth1 type macvlan mode private' returned (out): returned (err): RTNETLINK answers: Device or resource busy [[interfaces pseudo-ethernet peth0]] failed Commit failed
2022-08-24Merge pull request #1491 from sever-sever/T4626Christian Poessinger
nat66: T4626: Rewrite op-mode show nat66 rules
2022-08-24Merge pull request #1490 from aapostoliuk/T1070-sagittaChristian Poessinger
opennhrp: T1070: Fixed removal all SAs in script
2022-08-24smoketest: bgp: T4634: validate "disable-connected-check" optionChristian Poessinger
2022-08-24proxy: T4642: bugfix regex, add hyphen to allow listChristian Poessinger
2022-08-24op-mode: T4390: migrate "show log vpn" to journalctlChristian Poessinger
2022-08-24op-mode: extend "monitor log vpn" optionChristian Poessinger
support monitoring * all * l2tp * sstp * pptp
2022-08-24ipsec: T2185: use systemd to start/stop serviceChristian Poessinger
2022-08-24Merge pull request #1483 from roedie/T4634Christian Poessinger
BGP: T4634: Allow configuration of disable-connected-check
2022-08-24Merge pull request #1486 from roedie/T4526-2Christian Poessinger
keepalived: T4526: keepalived-fifo.py unable to load config
2022-08-24Merge pull request #1488 from sever-sever/T4597Christian Poessinger
https: T4597: Verify bind port before apply HTTPS API service
2022-08-24Merge pull request #1489 from sever-sever/T4623Christian Poessinger
conntrack: T4623: Add conntrack statistics for op-mode
2022-08-24Merge pull request #1492 from nicolas-fort/T4641Christian Poessinger
Policy: T4641: allow only ipv4 prefixes on prefix-list
2022-08-24Policy: T4641: allow only ipv4 prefixes on prefix-listNicolas Fort
2022-08-24nat66: T4626: Rewrite op-mode show nat66 rulesViacheslav Hletenko
Rewrite op-mode "show nat66 source|destination rules" to the new format use "show_rules --direction <direction> --family <inet|inet6>" Delete old script show_nat66_rules.py