summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2025-05-31nat: T7237: Remove expensive NAT address checksarthurdev
2025-05-30Merge pull request #4535 from jestabro/default-commit-confirm-actionJohn Estabrook
config-mgmt: T7508: use recursive defaults to read commit-confirm action
2025-05-30config-mgmt: T7508: use recursive defaults to read commit-confirm actionJohn Estabrook
2025-05-29http-api: T3955: add commit-confirm to endpoints /configure /config-fileJohn Estabrook
2025-05-29Merge pull request #4266 from takehaya/T6013-trusted-ca-keysChristian Breunig
T6013: Add support for AuthorizedPrincipalsFile to trusted_user_ca_key
2025-05-29Merge pull request #4532 from vyos/c-po-patch-1Christian Breunig
VD-277: use YYYY.MM.DD-HHMM-integration version scheme for builds
2025-05-29VD-277: use YYYY.MM.DD-HHMM-integration version scheme for buildsChristian Breunig
2025-05-29zebra: T7349: Added importing routes from non to the kernel routing tableaapostoliuk
* zebra: T7349: Added importing routes from non to the kernel routing table Added importing routes from non to the kernel routing table. --------- Co-authored-by: Christian Breunig <christian@breunig.cc>
2025-05-29Merge pull request #4531 from jestabro/commit-confirm-rebootChristian Breunig
config-mgmt: T7500: fix typo preventing commit-confirm hard rollback
2025-05-29Merge pull request #4530 from jestabro/api-extend-load-mergeChristian Breunig
http-api: T7498: allow passing config string in body of 'load' or 'merge' request
2025-05-29ssh: T6013: rename trusted-user-ca-key -> truster-user-caChristian Breunig
The current implementation for SSH CA based authentication uses "set service ssh trusted-user-ca-key ca-certificate <foo>" to define an X.509 certificate from "set pki ca <foo> ..." - fun fact, native OpenSSH does not support X.509 certificates and only runs with OpenSSH ssh-keygen generated RSA or EC keys. This commit changes the bahavior to support antive certificates generated using ssh-keygen and loaded to our PKI tree. As the previous implementation did not work at all, no migrations cript is used.
2025-05-29pki: T6013: add proper dependencies for SSH CAChristian Breunig
We need to establish proper dependencies on "system login" and "pki ca" for the SSH subsystem. If the CA is updated or user principal names are modified, we must also ensure that the SSH daemon is restarted accordingly.
2025-05-29ssh: T6013: move principal name to "system login user <name> authentication"Christian Breunig
We already support using per-user SSH public keys for system authentication. Instead of introducing a new CLI path to configure per-user principal names, we should continue using the existing CLI location and store the principal names alongside the corresponding SSH public keys. set system login user <name> principal <principal> The certificate used for SSH authentication contains an embedded principal name, which is defined under this CLI node. Only users with matching principal names are permitted to log in.
2025-05-29ssh: T6013: support SSH AuthorizedPrincipalsFile in use with trusted-user-ca-keyTakeru Hayasaka
Thisc omplements commit e7cab89f9f81 ("T6013: Add support for configuring TrustedUserCAKeys in SSH service with local and remote CA keys"). It introduces a new CLI node per user to support defining the authorized principals used by any given PKI certificate. It is now possible to associate SSH login users with their respective principals. Authored-by: Takeru Hayasaka <hayatake396@gmail.com>
2025-05-28config-mgmt: T7500: fix typo preventing commit-confirm hard rollbackJohn Estabrook
2025-05-28Merge pull request #4529 from IDerr/currentJohn Estabrook
T7395: Add support for renew in REST Server
2025-05-28http-api: T7498: allow passing config string in body of 'merge' requestJohn Estabrook
2025-05-28http-api: T7498: allow passing config string in body of 'load' requestJohn Estabrook
2025-05-28T7395: Add support for renew in REST ServerIDerr
2025-05-28T7432: smoketests for RPKI VRF supportAdam Smith
2025-05-27T7432: RPKI VRF SupportAdam Smith
2025-05-27T7492: Fix modem connection codeChris Blackburn
Added another possible condition to the flow through the config apply function so that interfaces will reconnect as expected, even when there has been no significant change to the contig tags.
2025-05-27Merge pull request #4524 from sarthurdev/T7350Daniil Baturin
flowtable: T7350: Prevent interface deletion if referenced on flowtable
2025-05-27Merge pull request #4523 from aapostoliuk/T7471-currentDaniil Baturin
accel-ppp: T7471: Changed CoA port completion help to standard template
2025-05-27Merge pull request #4490 from l0crian1/fix-qos-tcp-flagsDaniil Baturin
QoS: T7415: Fix tcp flags matching
2025-05-27Merge pull request #4496 from l0crian1/add-root-bpdu-guardDaniil Baturin
Bridge: T7430: Add BPDU Guard and Root Guard support
2025-05-26bridge: T7430: rephrase bpdu/root-guard error messageChristian Breunig
2025-05-26Merge pull request #4525 from yunzheng/T3681-exclusionDaniil Baturin
vyos-1x-vmware: T3681: Fix Python bytecompile exclusion
2025-05-23Merge pull request #4505 from jestabro/config-contextJohn Estabrook
T7363: Add vyconf aware initialization of Config
2025-05-22T7363: update hash for vyconf aware initialization of ConfigJohn Estabrook
2025-05-22T7363: retain generated files as imports for nosetestsJohn Estabrook
2025-05-22vyos-1x-vmware: T3681: Fix Python bytecompile exclusionYun Zheng Hu
2025-05-22T7365: add POSIX-type lock to vyconf_session.commit for compatibilityJohn Estabrook
We maintain compatibility with the legacy commit lock file until all other references are resolved; this requires a POSIX-type lock instead of the BSD-type lock of vyos.utils.locking.
2025-05-22T7365: normalize formattingJohn Estabrook
2025-05-22T7363: populate ConfigSourceVyconfSession methodsJohn Estabrook
2025-05-22T7363: add initialization of Config from VyconfSessionJohn Estabrook
2025-05-22T7121: add missing default version string on init from internal cacheJohn Estabrook
2025-05-22T7352: use option to load legacy config on start for interoperabilityJohn Estabrook
2025-05-22T7363: distinguish config mode from op modeJohn Estabrook
2025-05-22T7352: add util for enabling vyconf backend for smoketestsJohn Estabrook
2025-05-22T7374: add teardown session util to be called on CLI config session exitJohn Estabrook
2025-05-22T7363: add pid aware initializationJohn Estabrook
2025-05-22T7363: use legacy environment variable to indicate config modeJohn Estabrook
In the absence of Cstore, the env var remains as the sole indication of config mode for the legacy CLI, and its emulation here.
2025-05-22T7363: add check for config mode that is independent from CstoreJohn Estabrook
The environment variable _OFR_CONFIGURE is used by bash completion to setup the config mode environment. We check this setting to coordinate vyconf config mode and CLI config mode, independent of the legacy backend Cstore check.
2025-05-21T7415: Fix tcp flags matchingl0crian1
Empty leaf nodes are cleaned, causing the tcp ack and syn flags to not match. These values are exempted from being cleaned.
2025-05-21Merge pull request #4521 from natali-rs1985/T7472Daniil Baturin
ipoe_server: T7472: Add validation for giaddr if dhcp-relay is defined
2025-05-21flowtable: T7350: Prevent interface deletion if referenced on flowtablesarthurdev
2025-05-21accel-ppp: T7471: Changed CoA port completion help to standard templateaapostoliuk
Changed CoA port completion help to standard template.
2025-05-21Merge pull request #4514 from natali-rs1985/T6997Daniil Baturin
ipoe_server: T6997: Do not require to create client ip pool when dhcp-relay is used
2025-05-21ipoe_server: T7472: Add validation for giaddr if dhcp-relay is definedNataliia Solomko
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-13 12:32:57 +0000