| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-09-21 | smoketest: ipsec: T1441: adjust to latest VTI/XFRM interface changes | Christian Poessinger | |
| Commit d768aee9 ("ipsec: T1441: Clean up vti-up-down script for XFRM interfaces") removed a parameter from the updown scripts which is no longer necessary as XFRM interfaces are superior to VTI interfaces b/c they use dynamic endpoints by default. | |||
| 2021-09-20 | smoketest: use assertNotIn() in base interface test | Christian Poessinger | |
| 2021-09-20 | ifconfig: T2104: cleanup IPv6 EUI-64 handling in update() | Christian Poessinger | |
| 2021-09-20 | vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC" | Christian Poessinger | |
| Commit b7d30137b1 ("vyos.ifconfig: provide generic get_mac_synthetic() method") provided a common helper to generate MAC addresses used by EUI64 addresses for interfaces not having a layer2 interface (WireGuard or ip tunnel). The problem is that every call to the helper always yielded a new MAC address. This becomes problematic when IPv6 link-local addresses are generated and modified on the interface as multiple link-local (fe80::/64) addresses can easily be added to the interface leaving ... a mess. This commit changes the way how the "synthetic" MAC is generated, we generate a UUID which is stable as it is based on the interface name. We take out the last 48 bits of the UUID and form the "MAC" address. | |||
| 2021-09-20 | vyos.ifconfig: T2738: can only read from a file when it exists | Christian Poessinger | |
| When IPv6 is disbaled on an interface also the sysfs files related to IPv6 for this interface vanish. We need to check if the file exists before we read it. | |||
| 2021-09-20 | Merge pull request #1012 from lucasec/vti-enhancements | Christian Poessinger | |
| ipsec: T1441: Clean up vti-up-down script for XFRM interfaces | |||
| 2021-09-19 | ipsec: T1441: Clean up vti-up-down script for XFRM interfaces | Lucas Christian | |
| 2021-09-19 | vyos.ifconfig: T2738: do not remove OS assigned IP addresses from interface | Christian Poessinger | |
| When using VRRP on any given interface and performing an action against that interface - be it even only changing the alias - will trigger a removal of the VRRP IP address. The issue is caused by: # determine IP addresses which are assigned to the interface and build a # list of addresses which are no longer in the dict so they can be removed cur_addr = self.get_addr() for addr in list_diff(cur_addr, new_addr): When the script calls into the library - we will drop all IP addresses set on the adapter but not available in the config dict. We should only remove the IP addresses marked by the CLI to be deleted! | |||
| 2021-09-19 | vyos.configdict: bugfix: leaf_node_changed() must return empty dict when ↵ | Christian Poessinger | |
| node is added Commit f476e456 ("vyos.configdict: leaf_node_changed() must return empty dict when node is added") returned [''] as "empty" dict - but this is not empty. >>> if ['']: ... print('foo') ... foo It should rather be: [] | |||
| 2021-09-19 | vyos.ifconfig: T2738: add delta check when changing interface parameters | Christian Poessinger | |
| There is no need to alter interface parameters if they have not changed at all. | |||
| 2021-09-19 | dhcp-server: T3672: migrate failover name option | Christian Poessinger | |
| Commit 2985035b (dhcp-server: T3672: re-add missing "name" CLI option) unfortunately did not add the name option to the migration script. | |||
| 2021-09-19 | smoketest: dhcp: T3841: validate ping-check option | Christian Poessinger | |
| 2021-09-19 | smoketest: dhcp: T3672: adjust to new CLI syntax | Christian Poessinger | |
| 2021-09-19 | dhcp-server: T3672: bugfix Jinja2 template | Christian Poessinger | |
| The DHCP servers pool {} option can only be used when there follows a range statement. This is invalid for a network with only "static" leases. | |||
| 2021-09-19 | dhcp-server: T3672: re-add missing "name" CLI option | Christian Poessinger | |
| This option is mandatory and must be user configurable as it needs to match on both sides. | |||
| 2021-09-19 | xml: dhcp-server: move building blocks to dhcp subdirectory | Christian Poessinger | |
| 2021-09-19 | dhcp-server: T3841: add option to perform ICMP check before address assignment | Christian Poessinger | |
| 2021-09-19 | dhcp-server: T3672: only one failover peer is supported | Christian Poessinger | |
| 2021-09-19 | dhcpv6: op-mode: xml: error out if DHCPv6 service not configured | Christian Poessinger | |
| Restarting DHCPv6 server should not be possible when service is not configured on the CLI. | |||
| 2021-09-19 | dhcpv6: op-mode: xml: fix duplicate help strings | Christian Poessinger | |
| 2021-09-19 | dhcp: op-mode: xml: error out if DHCP service not configured | Christian Poessinger | |
| 2021-09-19 | dhcp: op-mode: xml: fix duplicate help string | Christian Poessinger | |
| 2021-09-19 | Merge pull request #1011 from jack9603301/T3648 | Christian Poessinger | |
| op-mode: nat: T3648: Fix NAT script errors | |||
| 2021-09-19 | Merge pull request #1010 from lucasec/dns-fw-cache-size | Christian Poessinger | |
| pdns_recursor: T3840: Allow larger DNS forwarding cache sizes | |||
| 2021-09-19 | op-mode: nat: T3648: Fix NAT script errors | jack9603301 | |
| 2021-09-18 | T3840: Allow larger DNS forwarding cache sizes | Lucas Christian | |
| 2021-09-18 | container: T2216: add IPv6 support to container networks | Christian Poessinger | |
| 2021-09-18 | dhcp-server: T3839: support name-servers and domain config per shared-network | Christian Poessinger | |
| DHCP servers "shared-network" level only makes sense if one can specify configuration items that can be inherited by individual subnets. This is now possible for name-servers and the domain-name. set service dhcp-server shared-network-name LAN domain-name 'vyos.net' set service dhcp-server shared-network-name LAN name-server '192.0.2.1' | |||
| 2021-09-18 | dhcp-server: xml: use description building block | Christian Poessinger | |
| 2021-09-18 | dhcpv6-server: xml: add description CLI node | Christian Poessinger | |
| 2021-09-18 | dhcp-server: T3838: rename dns-server to name-server node | Christian Poessinger | |
| IPv4 DHCP uses "dns-server" to specify one or more name-servers for a given pool. In order to use the same CLI syntax this should be renamed to name-server, which is already the case for DHCPv6. | |||
| 2021-09-18 | dhcp-server: T1968: allow multiple static-routes to be configured | Christian Poessinger | |
| vyos@vyos# show service dhcp-server shared-network-name LAN { subnet 10.0.0.0/24 { default-router 10.0.0.1 dns-server 194.145.150.1 lease 88 range 0 { start 10.0.0.100 stop 10.0.0.200 } static-route 192.168.10.0/24 { next-hop 10.0.0.2 } static-route 192.168.20.0/24 { router 10.0.0.2 } } } | |||
| 2021-09-18 | smoketest: ipsec: only delete nhrp path where it is used | Christian Poessinger | |
| 2021-09-18 | ipsec: vti: T3831: avoid usinf xfrm if_id 0 - implement shift by one | Christian Poessinger | |
| The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. This means that a vti0 named interface will pull in all traffic and others will stop working. Thus we simply shift the key by one to also support a vti0 interface. | |||
| 2021-09-18 | validator: T2417: bugfix on Python3 f'ormat strings | Christian Poessinger | |
| Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword. | |||
| 2021-09-17 | Merge pull request #1007 from erkin/current | Christian Poessinger | |
| T3823: Stop strip-private regexp from swallowing quotes | |||
| 2021-09-17 | T3823: Stop strip-private regexp from swallowing quotes | erkin | |
| 2021-09-15 | ipsec: T3830: "authentication id|use-x509-id" are mutually exclusive | Christian Poessinger | |
| Manually set peer id and use-x509-id are mutually exclusive! | |||
| 2021-09-15 | ipsec: T3830: set connections.<conn>.remote<suffix>.id to "peer" if undefined | Christian Poessinger | |
| Restore "default" behavior from ipsec.conf | |||
| 2021-09-15 | xml: remove unnecessary "i" from help in source-address-ipv4 building block | Christian Poessinger | |
| 2021-09-15 | typo: remove unnecessary 'i' from help | Javinator9889 | |
| 2021-09-14 | dhcpv6-pd: T421: disable wide dhcpv6 client debug messages | Christian Poessinger | |
| 2021-09-14 | Merge pull request #1005 from sarthurdev/T3828 | Christian Poessinger | |
| ipsec: T3828: Update interface definitions for new behaviour | |||
| 2021-09-14 | ipsec: T3828: Update interface definitions for new behaviour | sarthurdev | |
| 2021-09-13 | Merge pull request #1004 from sarthurdev/T3828 | Christian Poessinger | |
| ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable` | |||
| 2021-09-13 | ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable` | sarthurdev | |
| 2021-09-12 | pki: T3642: listing all CRLs show be doen using a leafNode | Christian Poessinger | |
| 2021-09-12 | pki: T3642: show only requested certificate in op-mode | Christian Poessinger | |
| 2021-09-12 | pki: T3642: show only requested certificate in op-mode | Christian Poessinger | |
| 2021-09-12 | pki: T3642: show only requested CA in op-mode | Christian Poessinger | |
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) |
| summaryrefslogtreecommitdiff |