summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-04-02configverify: T6198: add common helper for PKI certificate validationChristian Breunig
The next evolutional step after adding get_config_dict(..., with_pki=True) is to add a common verification function for the recurring task of validating SSL certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
2024-04-01Merge pull request #3223 from c-po/T6193-dhcp-clientDaniil Baturin
system: T6193: invalid warning "is not a DHCP interface but uses DHCP name-server option"
2024-04-01Merge pull request #3224 from c-po/T2590-dhcpv6-clientDaniil Baturin
dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domains
2024-04-01Merge pull request #3222 from HollyGurza/T6178Christian Breunig
T6178: Check that certificate exists during reverse-proxy commit
2024-04-01dhcpv6-client: T2590: fix vyos-hostsd update for nameserver and search domainsChristian Breunig
After migrating from ISC DHCLIENT for IPv6 to wide-dhcp-client the logic which was present to update /etc/resolv.conf with the DHCP specified nameservers and also the search domain list was no longer present. This commit adds a per interface rendered script to inform vyos-hostsd about the received IPv6 nameservers and search domains.
2024-04-01system: T6193: invalid warning "is not a DHCP interface but uses DHCP ↵Christian Breunig
name-server option" This fixes an invalid warning when using a DHCP VLAN interface to retrieve the system nameserver to be used. VLAN CLI config is not properly expanded leading to a false warning: [ system name-server eth1.10 ] WARNING: "eth1.10" is not a DHCP interface but uses DHCP name-server option!
2024-04-01T6178: Check that certificate exists during reverse-proxy commitkhramshinr
2024-03-31Merge pull request #3211 from jestabro/tree-maskViacheslav Hletenko
T6185: simplify marshalling of section and config data for config-sync
2024-03-30Merge pull request #3195 from HollyGurza/T4718-currentChristian Breunig
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf
2024-03-30Merge pull request #3218 from dmbaturin/half-cpusChristian Breunig
accel-ppp: T6187: use correct CPU counts adjusted for SMT
2024-03-30accel-ppp: T6187: use correct CPU counts adjusted for SMTDaniil Baturin
2024-03-30Merge pull request #3213 from HollyGurza/T6106Daniil Baturin
bgp: T6106: Valid commit error for route-reflector-client option defined in peer-group
2024-03-30Merge pull request #3215 from jestabro/fix-annotationDaniil Baturin
image-tools: T6186: simplify image annotations fixing regression
2024-03-29image-tools: T6186: simplify image annotations fixing regressionJohn Estabrook
2024-03-29bgp: T6106: Valid commit error for route-reflector-client option defined in ↵khramshinr
peer-group changed exception condition Improved route_reflector_client test
2024-03-28T6121: add section system time-zoneJohn Estabrook
2024-03-28config-sync: T6185: combine data for sections/configs in one commandJohn Estabrook
Package path/section data in single command containing a tree (dict) of section paths and the accompanying config data. This drops the call to get_config_dict and the need for a list of commands in request.
2024-03-28configtree: T6180: add masking function mask_inclusiveJohn Estabrook
2024-03-28Merge pull request #3210 from sarthurdev/T6174Christian Breunig
dhcp: T6174: Add TACACS/Radius users to _kea group
2024-03-28dhcp: T6174: Add TACACS/Radius users to _kea groupsarthurdev
Also raise op-mode error when unable to fetch data from Kea socket
2024-03-28Merge pull request #3198 from HollyGurza/T6159Christian Breunig
openvpn: T6159: Openvpn Server Op-cmd adds heading "OpenVPN status on vtunx" for every client connection
2024-03-28Merge pull request #3207 from dmbaturin/T3664-grub-chrootChristian Breunig
vyos.system.grub: T3664: add chroot argument to the GRUB install function
2024-03-28Merge pull request #3208 from dmbaturin/T3664-template-env-varChristian Breunig
vyos.template: T3664: add an environment variable for template location
2024-03-28vyos.template: T3664: add an environment variable for template locationDaniil Baturin
to allow unmodified code to be executed from anywhere, even outside of VyOS installations
2024-03-28vyos.system.grub: T3664: add chroot argument to the GRUB install functionDaniil Baturin
to faciliate running it outside of a VyOS installation
2024-03-28Merge pull request #3200 from sever-sever/T5832Daniil Baturin
T5832: VRRP allow set interface for exluded-address
2024-03-28Merge pull request #3202 from sarthurdev/T5606_1Daniil Baturin
ipsec: T5606: T5871: Use multi node for CA certificates
2024-03-28Merge pull request #2965 from lucasec/t5872Daniil Baturin
T5872: ipsec remote access VPN: support dhcp-interface.
2024-03-28Merge pull request #3201 from dmbaturin/T4516-format-string-fixChristian Breunig
grub: T4516: correct a format string
2024-03-28grub: T4516: correct a format stringDaniil Baturin
2024-03-28ipsec: T5606: T5871: Use multi node for CA certificatessarthurdev
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates. Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended.
2024-03-28T5832: VRRP allow set interface for exluded-addressViacheslav Hletenko
Ability to set interface for `excluded-address` The excluded-addresses are not listed in the VRRP packet (adverts packets). We have this ability for `address`, add the same feature for the excluded-address ``` set high-availability vrrp group GRP-01 excluded-address 192.0.2.202 interface 'dum2' set high-availability vrrp group GRP-01 excluded-address 192.0.2.203 interface 'dum3' ```
2024-03-28Merge pull request #3194 from c-po/dhclient-T6175Christian Breunig
op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interface
2024-03-28openvpn: T6159: Openvpn Server Op-cmd adds heading "OpenVPN status on vtunx" ↵khramshinr
for every client connection Don't show duplicate info of vtunx show header when clints is not connected but server is configured
2024-03-28dhcp-server: T4718: Listen-address is not commit if the ip address is on the ↵khramshinr
interface with vrf
2024-03-28Merge pull request #3192 from jestabro/compat-update-serial-consoleChristian Breunig
image-tools: T6168: compat mode update should preserve console type
2024-03-28Merge pull request #3193 from sever-sever/T6121Christian Breunig
T6121: Extend config-sync for QoS and system options
2024-03-28op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interfaceChristian Breunig
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service" with no additional information about a client interface at all. This results in useless dhclient processes root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 - Which also assign client leases to all local interfaces, if we receive one valid DHCPOFFER vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- eth0 - 00:50:56:bf:c5:6d default 1500 u/u eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u 172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses. This commit moved the renew command to the DHCP op-mode script to properly validate if the interface we request a renew for, has actually a dhcp address configured. In additional this exposes the renew feature to the API.
2024-03-27T6121: Extend config-sync for QoS and system optionsViacheslav Hletenko
Extent the service config-sync for sections: - qos interface - qos policy - system conntrack - system flow-accounting - system option - system sflow - system static-host-mapping - system sysctl
2024-03-26image-tools: T6168: compat mode update should preserve console typeJohn Estabrook
Add system image in compatibility mode would set the default boot without reference to console_type; fix the translation of default to the correct index in compat grub.cfg.
2024-03-26Merge pull request #3190 from HollyGurza/T6106Christian Breunig
bgp: T6106: fix test and verify()
2024-03-26Merge pull request #3189 from nicolas-fort/T6171-fix-smoketestChristian Breunig
T6171: dhcp-server: add fix for smoketest
2024-03-26bgp: T6106: fix test and verify()khramshinr
2024-03-26T6171: dhcp-server: add fix for smoketestNicolas Fort
2024-03-25Merge pull request #3188 from nicolas-fort/T6171Daniil Baturin
T6171: migrate <set service dhcp-server failover> to <set service dhcp-server high-availability>
2024-03-25T6171: migrate <set service dhcp-server failover> to <set service ↵Nicolas Fort
dhcp-server high-availability>.
2024-03-24Merge pull request #3185 from c-po/ospf-T6066Christian Breunig
ospf: T6066: can not define the same network in different areas
2024-03-24ospf: T6066: can not define the same network in different areasChristian Breunig
Users can not (FRR fails) commit the same network belonging to different OSPF areas. Add verify() check to prevent this.
2024-03-24Merge pull request #3182 from c-po/container-T6062Christian Breunig
container: T6062: add image name completion helper
2024-03-24container: T6062: add image name completion helperChristian Breunig