summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-12-17Merge pull request #1599 from goodNETnick/goodnetnick-loginotpgenerator-T4751Christian Poessinger
login: T4751: 2FA OTP key generator in VyOS CLI
2022-12-17Merge pull request #1711 from roedie/T4884Christian Poessinger
T4884: snmpd: add community6 fallback
2022-12-17Merge pull request #1709 from initramfs/current-T4882Christian Poessinger
firewall: T4882: add missing ICMPv6 type names
2022-12-17webproxy: T3810: multiple squidGuard fixesaapostoliuk
1. Added in script update webproxy blacklists generation of all DBs 2. Fixed: if the blacklist category does not have generated db, the template generates an empty dest category in squidGuard.conf and a Warning message. 3. Added template generation for local's categories in the rule section. 4. Changed syntax in the generation dest section for blacklist's categories 4. Fixed generation dest local sections in squidGuard.conf 5. Fixed bug in syntax. The word 'allow' changed to the word 'any' in acl squidGuard.conf
2022-12-17Merge pull request #1712 from roedie/T4809-2Christian Poessinger
T4809: radvd: Allow the use of AdvRASrcAddress
2022-12-17Merge pull request #1358 from sever-sever/T1237Christian Poessinger
routing: T1237: Add new feature failover route
2022-12-16T4809: radvd: Allow the use of AdvRASrcAddressSander Klein
This add the AdvRASrcAddress configuration option to configure a source address for the router advertisements. The source address still must be configured on the system. This is useful for VRRP setups where you want fe80::1 on the VRRP interface for cleaner VRRP failovers.
2022-12-16T4884: snmpd: add community6 fallbackSander Klein
If no client and network is defined only a `community` config is created. This also adds the `community6` part
2022-12-15Merge pull request #1708 from zdc/T4878-sagittaViacheslav Hletenko
bonding: T4878: Fixed unnecessary bonding flapping during commit
2022-12-15firewall: T4882: add missing ICMPv6 type namesinitramfs
2022-12-15bonding: T4878: Fixed unnecessary bonding flapping during commitzsdc
There was a mistake in a config level that caused triggering the `shutdown_required` flag, even if there were no new interfaces added to a bonding. This commit sets the proper config level to avoid the problem.
2022-12-14routing: T1237: Add new feature failover routeViacheslav Hletenko
Failover route allows to install static routes to the kernel routing table only if required target or gateway is alive When target or gateway doesn't respond for ICMP/ARP checks this route deleted from the routing table Routes are marked as protocol 'failover' (rt_protos) cat /etc/iproute2/rt_protos.d/failover.conf 111 failover ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover $ sudo ip route show proto failover 203.0.113.1 via 192.0.2.1 dev eth0 metric 1 So we can safely flush such routes
2022-12-14Merge pull request #1707 from jestabro/op-mode-openconnectViacheslav Hletenko
ocserv: T4881: return vyos.opmode.Errors on failure
2022-12-14ocserv: T4881: return vyos.opmode.Errors on failureJohn Estabrook
2022-12-14Merge pull request #1706 from jestabro/validator-file-existsJohn Estabrook
validators: T4798: replace python file-exists validator with file-path
2022-12-14Merge pull request #1705 from jestabro/validator-interface-nameJohn Estabrook
validators: T4875: use file-path to replace validator 'interface-name'
2022-12-14validators: T4875: use file-path to replace validator 'interface-name'John Estabrook
2022-12-13validators: T4798: replace python file-exists validator with file-pathJohn Estabrook
2022-12-12Merge pull request #1699 from jestabro/op-mode-openvpnJohn Estabrook
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode
2022-12-12openvpn: T4770: add openvpn.py to op-mode-standardized.jsonJohn Estabrook
2022-12-12openvpn: T4770: update op-mode definition openvpn.xml.in for show/resetJohn Estabrook
2022-12-12openvpn: T4770: add reset function to openvpn.pyJohn Estabrook
2022-12-12opmode: T4770: add CommitInProgess errorJohn Estabrook
2022-12-12openvpn: T4770: add openvpn.py with standardized show commandJohn Estabrook
2022-12-11Merge branch 't4792-sstpc' into currentChristian Poessinger
* t4792-sstpc: sstp: T4384: initial implementation of SSTP client CLI pppoe: T4384: remove unused import of leaf_node_changed pppoe: xml: T4792: split "no-peer-dns" CLI node into building block xml: ddns: T4792: split "server" CLI node into building block
2022-12-11sstp: T4384: initial implementation of SSTP client CLIChristian Poessinger
vyos@vyos# show interfaces sstpc sstpc sstpc10 { authentication { password vyos user vyos } server sstp.vyos.net ssl { ca-certificate VyOS-CA } }
2022-12-11pppoe: T4384: remove unused import of leaf_node_changedChristian Poessinger
2022-12-11pppoe: xml: T4792: split "no-peer-dns" CLI node into building blockChristian Poessinger
2022-12-11xml: ddns: T4792: split "server" CLI node into building blockChristian Poessinger
2022-12-11sstp: T4792: add sstp-client package dependencyChristian Poessinger
2022-12-10vyos.util: T4770: add precision arg, fix typo in bytes_to_humanJohn Estabrook
This is useful in general, but we will add in this context to replace the use of 'bytes2HR' in show_openvpn.py with util.bytes_to_human, while maintaining compatability with original precision=1.
2022-12-10Merge pull request #1703 from jestabro/bug-tunnel-ipJohn Estabrook
openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'
2022-12-09openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'John Estabrook
2022-12-09Merge pull request #1701 from sever-sever/T4865Christian Poessinger
T4865: Fix to generate container image from the file
2022-12-09T4865: Fix to generate container image from the fileViacheslav Hletenko
In case if we want generate own container image from a Dockerfile and if it requires update or install packages in container we get error. As it tries to use default network 'podman' and do own NAT translations via 'iptables'. If fact we don't use iptables in 1.4 As result it cannot build such image. Use '--net host' to fix it.
2022-12-09Merge pull request #1700 from sever-sever/T4868Christian Poessinger
T4868: Fix l2tp ppp IPv6 options in template and config get dict
2022-12-09T4868: Fix l2tp ppp IPv6 options in template and config get dictViacheslav Hletenko
L2TP 'ppp-options ipv6 x' can work without declaring IPv6 pool As we can get addresses via RADIUS attributes: - Framed-IPv6-Prefix - Delegated-IPv6-Prefix
2022-12-08Merge pull request #1698 from sever-sever/T4117Christian Poessinger
T4117: Fix for L2TP DAE CoA server configuration
2022-12-08T4117: Fix for L2TP DAE CoA server configurationViacheslav Hletenko
Fix l2tp dae server template and python config dict for correctlly handling Dynamic Authorization Extension server configuration
2022-12-08Merge pull request #1695 from aapostoliuk/T4862-sagittaChristian Poessinger
T4862: Added the generation config for webproxy domain-block
2022-12-08T4862: Added the generation config for webproxy domain-blockaapostoliuk
Added the generation in the config file /etc/squid/squid.conf for command: set service webroxy domain-block <domain>
2022-12-08Merge pull request #1696 from sever-sever/T4861Viacheslav Hletenko
T4861: Openconnect replace restart to reload-or-restart
2022-12-07T4861: Openconnect replace restart to reload-or-restartViacheslav Hletenko
Every change in openconnect restarts the ocserv.service Replace "restart" to "reload-or-restart" to avoid disconnect clients during change configs
2022-12-05Merge pull request #1693 from sever-sever/T4860Christian Poessinger
T4860: Verify if mode in openconnect ocserv dict
2022-12-05Merge pull request #1690 from fett0/T4854Christian Poessinger
T4854: Route reflector allows to apply route-maps
2022-12-05Merge pull request #1692 from sever-sever/T4848Christian Poessinger
T4848: Fix for default route vpn openconnect
2022-12-05Merge pull request #1686 from sever-sever/T4804Christian Poessinger
T4804: Add check for PPPoE server and use defaults values
2022-12-04T4860: Verify if mode in openconnect ocserv dictViacheslav Hletenko
openconnect authentication mode must be set check dict that 'mode' exists in openconnect authentication
2022-12-04T4804: Fix check for PPPoE server local-usersViacheslav Hletenko
We check if local_users is None Check also and empty dict {'access_concentrator': 'vyos-ac', 'authentication': {'local_users': {},
2022-12-04T4848: Fix for default route vpn openconnectViacheslav Hletenko
ocserv template expects list of routes but gets str "default" it cause wrong routes like: route = d route = e route = f route = a route = u route = l route = t Fix it