| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-07-17 | VRF: T3655: proper connection tracking for VRFs | zsdc | |
| Currently, all VRFs share the same connection tracking table, which can lead to problems: - traffic leaks to a wrong VRF - improper NAT rules handling when multiple VRFs contain the same IP networks - stateful firewall rules issues The commit implements connection tracking zones support. Each VRF utilizes its own zone, so connections will never mix up. It also adds some restrictions to VRF names and assigned table numbers, because of nftables and conntrack requirements: - VRF name should always start from a letter (interfaces that start from numbers are not supported in nftables rules) - table number must be in the 100-65535 range because conntrack supports only 65535 zones | |||
| 2021-07-08 | T3663: add pre_hook argument to util.wait_for_inotify | Daniil Baturin | |
| When waiting for processes that don't take long, we need add an inotify watcher _before_ starting that process. The pre-hook arguments allows the user to pass a () -> () anonymous function to be called before adding a watch. | |||
| 2021-07-08 | T3663: fix the call to time.time() to match the new import scheme. | Daniil Baturin | |
| 2021-07-06 | ipsec: T2816: Migrate ipsec-settings.xml.in and charon.conf to vpn_ipsec.py | sarthurdev | |
| Also adds check for the charon socket instead of an arbitrary sleep() | |||
| 2021-07-05 | pki: ipsec: T3642: Fix issue with '.' being present in tag nodes, adds new ↵ | sarthurdev | |
| vyos.util method `dict_search_args` to allow for dot characters in keys. | |||
| 2021-07-05 | pki: T3642: Support for adding SANs on certificate requests | sarthurdev | |
| 2021-07-04 | Merge pull request #910 from sarthurdev/pki_ext | Christian Poessinger | |
| pki: T3642: Add standard extensions to generated certificates | |||
| 2021-07-04 | pki: T3642: Add standard extensions to generated certificates | sarthurdev | |
| 2021-07-04 | vyos.util: T3663: move inotify-based imports to function level | Christian Poessinger | |
| Keep the vyos.util function clean and not pull in the rest of the world when importing it. | |||
| 2021-07-04 | T3663: prerequisites for inotify-based watching implementations. | Daniil Baturin | |
| 2021-07-03 | ipsec: T2816: add Jinja2 converter for ESP/IKE groups to string | Christian Poessinger | |
| 2021-07-02 | ipsec: T3656: T3659: Fix pass-through with ipv6. Fix op-mode ipsec commands. ↵ | sarthurdev | |
| Remove python3-crypto dependency. | |||
| 2021-07-01 | vyos.util: remove no longer needed copy_file helper method | Christian Poessinger | |
| The IPSec ceritifcate handling is now done by storing the CA key inside the running configuration. | |||
| 2021-07-01 | Merge branch 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x into pki-cli | Christian Poessinger | |
| * 'pki_ipsec' of https://github.com/sarthurdev/vyos-1x: pki: ipsec: T3642: Update migration script to account for file permission issues pki: ipsec: T3642: Migrate IPSec to use PKI configuration pki: T3642: New PKI config and management | |||
| 2021-07-01 | vyos.util: fix IsADirectoryError and SameFileError for copy_file | Christian Poessinger | |
| Commit 5303ec39 ("vyos.util: add new helper copy_file()") added a new helper function to copy a file from A -> B and create the destination directory if required. It did also throw an excpetion if the destination file already existed and consisted of the same file - this is now ignored and we always copy the source to the destination. | |||
| 2021-06-29 | pki: T3642: New PKI config and management | sarthurdev | |
| 2021-06-28 | ipsec: T1441: switch from vti to xfrm interfaces | Christian Poessinger | |
| XFRM interfaces are similar to VTI devices in their basic functionality but offer several advantages: * No tunnel endpoint addresses have to be configured on the interfaces. Compared to VTIs, which are layer 3 tunnel devices with mandatory endpoints, this resolves issues with wildcard addresses (only one VTI with wildcard endpoints is supported), avoids a 1:1 mapping between SAs and interfaces, and easily allows SAs with multiple peers to share the same interface. * Because there are no endpoint addresses, IPv4 and IPv6 SAs are supported on the same interface (VTI devices only support one address family). * IPsec modes other than tunnel are supported (VTI devices only support tunnel mode). * No awkward configuration via GRE keys and XFRM marks. Instead, a new identifier (XFRM interface ID) links policies and SAs with XFRM interfaces. | |||
| 2021-06-27 | op-mode: bond: T2546: implement "show interface bond * slaves" command | Christian Poessinger | |
| Add implementation with XML and Python. | |||
| 2021-06-26 | vyos.util: add new helper copy_file() | Christian Poessinger | |
| Copy a file from A -> B but also support adjusting Bs file permissions and creation of Bs base directory if required. | |||
| 2021-06-23 | T3574: do not add constraintGroup property to xml cache | John Estabrook | |
| 2021-06-22 | vyos.ethtool: T3645: fix compatibility with latest ethtool version | Christian Poessinger | |
| Ethtool version used on Debian Bullseye changed the output format from 0 -> n/a. As we are only interested in the tx/rx keys we do not care about RX Mini/Jumbo. | |||
| 2021-06-21 | vyos.certbot: T3641: adjust to new python3-certbot-nginx API | Christian Poessinger | |
| 2021-06-21 | Python: T3641: adjust to changes in latest vesion of netifaces library | Christian Poessinger | |
| 2021-06-20 | Merge pull request #893 from erkin/T3628 | Christian Poessinger | |
| T3268: remote: Determine source address from given network interface | |||
| 2021-06-20 | T3268: remote: Determine source address from given network interface | erkin | |
| 2021-06-20 | Merge pull request #892 from erkin/T3563 | Christian Poessinger | |
| T3563: remote: Allow `paramiko.transport.Transport().close()` to automatically close the socket | |||
| 2021-06-20 | T3563: remote: Allow `paramiko.transport.Transport().close()` to ↵ | erkin | |
| automatically close the socket | |||
| 2021-06-18 | Merge pull request #883 from sever-sever/T3633 | Christian Poessinger | |
| ethernet: T3633: Add LRO offload | |||
| 2021-06-18 | Merge pull request #882 from erkin/current | Christian Poessinger | |
| T3356: remote: Use the local filename if the destination is a directory in SFTP transfers | |||
| 2021-06-17 | ethernet: T3633: Add LRO offload | Viacheslav | |
| 2021-06-17 | T3356: remote: Use the local filename if the destination is a directory in ↵ | erkin | |
| SFTP transfers. | |||
| 2021-06-13 | pppoe: T3621: validate that both username and password are set | Christian Poessinger | |
| A validator is missing checking that if authentication is used on a PPPoE interface, both username and password are set. (cherry picked from commit 0361c3ac449f183476f7aee31439417d9f7f8012) | |||
| 2021-06-13 | Merge pull request #879 from erkin/current | Christian Poessinger | |
| T3563: Call `socket.shutdown()` with appropriate argument | |||
| 2021-06-13 | T3563: Call `socket.shutdown()` with appropriate argument | erkin | |
| 2021-06-13 | wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface tree | Christian Poessinger | |
| 2021-06-09 | remote, util: Move general helper routines from `remote.py` to `util.py` | erkin | |
| 2021-06-08 | remote: import is_ipv6 from vyos.template | Christian Poessinger | |
| 2021-06-08 | Merge pull request #867 from erkin/current | Christian Poessinger | |
| T3563: Add support for IPv6 source addresses in SSH connections | |||
| 2021-06-08 | remote: Use `is_ipv6()` instead of ad hoc IPv6 check | erkin | |
| 2021-06-06 | T3563: Add support for IPv6 source addresses in SSH connections | erkin | |
| 2021-06-06 | Merge pull request #846 from erkin/current | Christian Poessinger | |
| T3508, T3356: remote: Friendly download procedure for user-facing scripts | |||
| 2021-05-30 | T3356: Add progressbars to SFTP and HTTP transfers | erkin | |
| 2021-05-29 | T3356: Add progressbars to FTP transfers | erkin | |
| Allow ports to be specified in URL strings | |||
| 2021-05-28 | vti: ipsec: T2816: interfaces must be created using the vyos.ifconfig library | Christian Poessinger | |
| 2021-05-28 | ipsec: T2816: IPSec python rework, includes DMVPN and VTI support | Simon | |
| 2021-05-24 | tunnel: T3555: add "ignore-df" support for GRE tunnels | Christian Poessinger | |
| 2021-05-24 | pseudo-ethernet: T3575: verify parent interface MTU | Christian Poessinger | |
| 2021-05-23 | vyos.configverify: T3570: sub interface MTU must be less or equal to parent MTU | Simon | |
| 2021-05-21 | vlan: T3551: support runtime changing of ingress and egress QoS settings | JACK | |
| 2021-05-18 | revert: "util: T2467: add autosudo as an option to command" | Christian Poessinger | |
| Implementing a wrapper which will - based on the command - add a sudo prefix to the execution string seemed to be a nice idea but unfortunately it did not only not get momentum but also the codebase somethis added an implicit "sudo" call a second time. This resulted in a call: "sudo sudo systemctl" The entire functionality was removed again and if an op-mode script requires root priviledges it must be explicitly called with them - no black magic. | |||
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) |
| summaryrefslogtreecommitdiff |