summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2023-08-24T5506: Add link-local IPv6 address for container interfacesViacheslav Hletenko
Fix for add IPv6 link-local address for container interfaces set container network NET01 prefix '10.0.0.0/24' set container network NET01 prefix '2001:db8:2222::/64' % ip -6 addr show scope link dev pod-NET01 17: pod-NET01: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 inet6 fe80::d89c:dfff:fe1a:8689/64 scope link
2023-08-24system: T5505: fix zebra route-map is not removed from FRRChristian Breunig
Configuring "set system ip protocol ospf|bgp route-map foo" and commit it installs the route-map into FRR. Removing the CLI configuration "delete system ip protocol" does not remove the route-map from FRR - it stays active. This commit adds the fix and appropriate smoketests extenstion.
2023-08-23Merge pull request #2139 from dmbaturin/T5449-mss-probingChristian Breunig
system-ip: T5449: add TCP MSS probing options
2023-08-23Merge pull request #2159 from c-po/t5491-wifiChristian Breunig
wifi: T5491: allow white-/blacklisting station MAC addresses for security
2023-08-23Merge pull request #2162 from nicolas-fort/T5472Christian Breunig
T5472: nat redirect: allow redirection without defining redirected port
2023-08-23Merge pull request #2161 from sever-sever/T5463Christian Breunig
T5463: Container allow publish listen-addresses
2023-08-23vrf: T5428: stop DHCP processes on VRf removalChristian Breunig
This is a workaround for the priority inversion from T5492 ("CLI node priority is not inversed on node deletion"). As this is a corner case bug that's only triggered if an interface is removed from a VRF and also the VRF is removed in one commit, priorities are not honored. Thus we implement this workaround which stop the DHCP(v6) client processes on the VRF associated interfaces to get out the DHCP RELEASE message before interfaces are shut down.
2023-08-23vrf: T5428: move helpers to common vyos.utils.network moduleChristian Breunig
Helper functions can and will be re-use din different code places.
2023-08-23T5472: nat redirect: allow redirection without defining redirected portNicolas Fort
2023-08-23T5463: Container allow publish listen-addressesViacheslav Hletenko
Ability to publish multiple IP/IPv6 addresses for container set container name c1 port web destination '80' set container name c1 port web listen-address '192.0.2.1' set container name c1 port web listen-address '2001:db8:1111::1' set container name c1 port web source '8080' --publish 192.0.2.1:8080:80/tcp --publish [2001:db8:1111::1]:8080:80/tcp
2023-08-23Merge pull request #2156 from giga1699/T5447Christian Breunig
T5447: Initial support for MACsec static keys
2023-08-22Merge pull request #2149 from nicolas-fort/T5478Viacheslav Hletenko
T5478: remove config-trap configuration parser in firewall
2023-08-20T5447: Adjust to positive logic in generare()Giga Murphy
2023-08-20T5447: Update copyright yearsGiga Murphy
2023-08-20T5447: Implement maintainer feedbackGiga Murphy
2023-08-20wifi: T5491: import cleanupChristian Breunig
2023-08-20wifi: T5491: allow white-/blacklisting station MAC addresses for securityChristian Breunig
Station MAC address-based authentication means: * 'allow' accept all clients except the one on the deny list * 'deny' accept only clients listed on the accept list New CLI commands: * set interfaces wireless wlan0 security station-address mode <accept|deny> * set interfaces wireless wlan0 security station-address accept mac <mac> * set interfaces wireless wlan0 security station-address deny mac <mac>
2023-08-19wifi: T5470: improve error messageChristian Breunig
2023-08-18T5447: Add verification of peer rx-key lengthGiga Murphy
2023-08-18T5447: MACsec static tx-key validationGiga Murphy
2023-08-18T5447: Initial support for MACsec static keysGiga Murphy
2023-08-17Merge pull request #2130 from aapostoliuk/T5409-sagittaChristian Breunig
wireguard: T5409: Added 'set interfaces wireguard wgX threaded'
2023-08-17wireguard: T5409: rename threaded CLI not to per-client-threadChristian Breunig
Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured.
2023-08-17system-ip: T5449: add TCP MSS probing optionsDaniil Baturin
2023-08-16Merge pull request #2150 from ↵John Estabrook
dmbaturin/T5271-openvpn-peer-fingerprint-restrictions T5271: allow OpenVPN peer-fingerprint to be used instead of a CA in site-to-site mode
2023-08-15T5483: clean up tmp config fileJohn Estabrook
2023-08-15T5271: allow the user to specify either CA or peer fingerprintDaniil Baturin
in OpenVPN site-to-site mode
2023-08-15T5478: remove config-trap configuration parser in firewallNicolas Fort
2023-08-12T5160: fix merge regressionJohn Estabrook
2023-08-12T5467: removing ospf(v3) or isis interface in VRF context did not clear FRR ↵Christian Breunig
config To reproduce: set vrf name red table 2000 set vrf name red protocols ospf interface eth1 area 0 set vrf name red protocols ospf parameters router-id 1.1.1.1 set interfaces ethernet eth1 vrf red commit FRR now has an interface config vyos@vyos# vtysh -c "show run" no-header | sed -n "/^interface eth1/,/!/p" interface eth1 ip ospf area 0 ip ospf dead-interval 40 exit Now delete the interface from the OSPF(v3) or ISIS process delete vrf name red protocols ospf interface commit It's still there vyos@vyos# vtysh -c "show run" no-header | sed -n "/^interface eth1/,/!/p" interface eth1 ip ospf area 0 ip ospf dead-interval 40 exit ! Issue was caused in the FRR vtysh representation of an interface. It used to have a "vrf <name>" marker in earlier versions but FRR 8.5 and later no longer have the marker. So "interface eth1 vrf red" became "interface eth1" in vtysh, but our regex expected the "vrf" identifier when modifying FRR config.
2023-08-11Merge pull request #2016 from nicolas-fort/T5160Christian Breunig
T5160: Firewall refactor
2023-08-11T5460: remove config-trap from firewallNicolas Fort
2023-08-11T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵Nicolas Fort
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
2023-08-11T5160: firewall refactor: change firewall ip to firewall ipv4Nicolas Fort
2023-08-11T5160: firewall refactor: new cli structure. Update jinja templates, python ↵Nicolas Fort
scripts and src firewall
2023-08-11T5448: Move zabbix-agent to node monitoringViacheslav Hletenko
Move 'service zabbix-agent' => 'service monitoring zabbix-agent'
2023-08-11Merge pull request #2146 from dmbaturin/T5270-openvpn-dh-optionalChristian Breunig
openvpn: T5270: do not require classic DH params in any mode
2023-08-10Merge pull request #2140 from sever-sever/T5448Daniil Baturin
T5448: Add service zabbix-agent
2023-08-10openvpn: T5270: do not require classic DH params in any moreDaniil Baturin
Generate 'dh none' instead and let OpenVPN use ECDH
2023-08-10tunnel: T5223: clear GRE key id after deletionsrividya0208
2023-08-09T5448: Add service zabbix-agent version 2Viacheslav Hletenko
Add service zabbix-agent set service zabbix-agent directory '/config/zabbix/' set service zabbix-agent limits buffer-flush-interval '8' set service zabbix-agent limits buffer-size '120' set service zabbix-agent log debug-level 'warning' set service zabbix-agent log size '1' set service zabbix-agent server '192.0.2.5' set service zabbix-agent server-active 192.0.2.5 port '10051' set service zabbix-agent server-active 2001:db8::123
2023-08-09Merge pull request #2136 from jestabro/with-defaultsChristian Breunig
T5319: remove workarounds for incorrect defaults in config-mode scripts
2023-08-08Merge pull request #2119 from nicolas-fort/T5014-dnatChristian Breunig
T5014: nat: add source and destination nat options for configuring lo…
2023-08-07T5319: remove workarounds for defaults in vpp.pyJohn Estabrook
2023-08-07T5319: remove workarounds for defaults in vpn_openconnect.pyJohn Estabrook
2023-08-07T5319: remove workarounds for defaults in vpn_ipsec.pyJohn Estabrook
2023-08-07T5434: use auto-defaults in tftp_server.pyJohn Estabrook
2023-08-07T5319: remove workarounds for defaults in system-syslog.pyJohn Estabrook
2023-08-07T5319: remove workarounds for defaults in system_sflow.pyJohn Estabrook
2023-08-07T5434: use auto-defaults in system-option.pyJohn Estabrook
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 18:33:41 +0000