Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-04-03 | T6199: replace netifaces.interfaces() with common custom helpers | Christian Breunig | |
* Use interface_exists() outside of verify() * Use verify_interface_exists() in verify() to drop common error message | |||
2024-04-02 | Merge pull request #3236 from c-po/pki-verify | Christian Breunig | |
configverify: T6198: add common helper for PKI certificate validation | |||
2024-04-02 | configverify: T6198: add common helper for PKI certificate validation | Christian Breunig | |
The next evolutional step after adding get_config_dict(..., with_pki=True) is to add a common verification function for the recurring task of validating SSL certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS. | |||
2024-04-02 | Merge pull request #3229 from c-po/multi-vrf | Christian Breunig | |
T6192: allow binding SSH to multiple VRF instances | |||
2024-04-01 | conntrack: T4309: T4903: always use full nft command name (e.g. --file over -f) | Christian Breunig | |
2024-04-01 | nhrp: T2199: always use full nft command name (e.g. --file over -f) | Christian Breunig | |
2024-04-01 | policy: T2199: always use full nft command name (e.g. --file over -f) | Christian Breunig | |
2024-04-01 | nat: T2199: always use full nft command name (e.g. --file over -f) | Christian Breunig | |
2024-04-01 | vrf: T3655: always use full nft command name (e.g. --check over -c) | Christian Breunig | |
2024-04-01 | firewall: T2199: always use full nft command name (e.g. --file over -f) | Christian Breunig | |
2024-04-01 | ssh: T6192: allow binding to multiple VRF instances | Christian Breunig | |
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. | |||
2024-04-01 | utils: T5738: always use vyos.utils.network.interface_exists over os.path.exists | Christian Breunig | |
2024-04-01 | Merge pull request #3223 from c-po/T6193-dhcp-client | Daniil Baturin | |
system: T6193: invalid warning "is not a DHCP interface but uses DHCP name-server option" | |||
2024-04-01 | Merge pull request #3222 from HollyGurza/T6178 | Christian Breunig | |
T6178: Check that certificate exists during reverse-proxy commit | |||
2024-04-01 | system: T6193: invalid warning "is not a DHCP interface but uses DHCP ↵ | Christian Breunig | |
name-server option" This fixes an invalid warning when using a DHCP VLAN interface to retrieve the system nameserver to be used. VLAN CLI config is not properly expanded leading to a false warning: [ system name-server eth1.10 ] WARNING: "eth1.10" is not a DHCP interface but uses DHCP name-server option! | |||
2024-04-01 | T6178: Check that certificate exists during reverse-proxy commit | khramshinr | |
2024-03-30 | Merge pull request #3195 from HollyGurza/T4718-current | Christian Breunig | |
dhcp-server: T4718: Listen-address is not commit if the ip address is on the interface with vrf | |||
2024-03-29 | bgp: T6106: Valid commit error for route-reflector-client option defined in ↵ | khramshinr | |
peer-group changed exception condition Improved route_reflector_client test | |||
2024-03-28 | Merge pull request #3202 from sarthurdev/T5606_1 | Daniil Baturin | |
ipsec: T5606: T5871: Use multi node for CA certificates | |||
2024-03-28 | Merge pull request #2965 from lucasec/t5872 | Daniil Baturin | |
T5872: ipsec remote access VPN: support dhcp-interface. | |||
2024-03-28 | ipsec: T5606: T5871: Use multi node for CA certificates | sarthurdev | |
This changes behaviour from fetching CA chain in PKI, to the user manually setting CA certificates. Prevents unwanted parent CAs existing in PKI from being auto-included as may not be desired/intended. | |||
2024-03-28 | dhcp-server: T4718: Listen-address is not commit if the ip address is on the ↵ | khramshinr | |
interface with vrf | |||
2024-03-26 | bgp: T6106: fix test and verify() | khramshinr | |
2024-03-25 | T6171: migrate <set service dhcp-server failover> to <set service ↵ | Nicolas Fort | |
dhcp-server high-availability>. | |||
2024-03-24 | ospf: T6066: can not define the same network in different areas | Christian Breunig | |
Users can not (FRR fails) commit the same network belonging to different OSPF areas. Add verify() check to prevent this. | |||
2024-03-22 | isis: T6160: NameError: name 'process' is not defined | Christian Breunig | |
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain" node identifying the IS-IS process name). Drop all references to "process" variable. Specifying: set protocols isis interface eth1 set protocols isis net '49.0001.1921.6825.5255.00' set protocols isis redistribute ipv4 bgp Triggered an exception Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module> verify(c) File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify f'"protocols isis {process} redistribute {afi} {proto}"!') ^^^^^^^ NameError: name 'process' is not defined | |||
2024-03-20 | conntrack: T6147: Enable conntrack when firewall state-policy is defined | sarthurdev | |
* Move global state-policy smoketest to it's own test, verify conntrack | |||
2024-03-18 | T6136: add error checks when using dynamic firewall groups | Nicolas Fort | |
2024-03-16 | Merge pull request #3112 from Ingramz/add-rtsp-2 | Christian Breunig | |
conntrack: T4022: add RTSP conntrack helper | |||
2024-03-13 | Merge pull request #3125 from c-po/radvd-T6118 | Daniil Baturin | |
radvd: T6118: add nat64prefix support RFC8781 | |||
2024-03-12 | radvd: T6118: add nat64prefix support RFC8781 | Christian Breunig | |
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime must not be smaller than the "interface interval max" definition which defaults to 600. set service router-advert interface eth1 nat64prefix 64:ff9b::/96 | |||
2024-03-12 | conntrack: T4022: add RTSP conntrack helper | Indrek Ardel | |
2024-03-12 | conntrack: T5080: Fix rule order for applied conntrack modules | sarthurdev | |
2024-03-11 | T5872: re-write exit hook to always regenerate config | Lucas Christian | |
2024-03-10 | T5872: ipsec remote access VPN: support dhcp-interface. | Lucas Christian | |
2024-03-07 | Merge pull request #2966 from HollyGurza/T6020 | Daniil Baturin | |
vrrp: T6020: vrrp health-check script not applied correctly | |||
2024-03-06 | Merge pull request #3088 from nicolas-fort/T6075 | Daniil Baturin | |
T6075: firewall and NAT: check if interface-group exists when using them in firewall|nat rules. | |||
2024-03-05 | T2447: add configurable kernel boot option 'disable-power-saving' | Christian Breunig | |
Lower available CPU C states to a minimum if this option set. This will set Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1". | |||
2024-03-05 | T6075: firewall and NAT: check if interface-group exists when using them in ↵ | Nicolas Fort | |
firewall|nat rules. | |||
2024-03-04 | Merge pull request #3079 from sever-sever/T6084 | Daniil Baturin | |
T6084: Add NHRP dependency for IPsec and fix NHRP empty config bug | |||
2024-03-04 | T6084: Add NHRP dependency for IPsec and fix NHRP empty config bug | Viacheslav Hletenko | |
If we have any `vpn ipsec` and `protocol nhrp` configuration we get the empty configuration file `/run/opennhrp/opennhrp.conf` after rebooting the system. Use config dependency instead of the old `resync_nhrp` function fixes this issue | |||
2024-03-03 | ospfv3: T6087: add support to redistribute IS-IS routes | Christian Breunig | |
2024-03-02 | ospf: T5717: sync code with ospfv3 implementation | Christian Breunig | |
2024-03-02 | ospfv3: T5717: allow metric and metric-type on redistributed routes | Christian Breunig | |
Example: vyos@vyos# set protocols ospfv3 redistribute bgp Possible completions: metric OSPF default metric metric-type OSPF metric type for default routes (default: 2) route-map Specify route-map name to use | |||
2024-03-01 | vrrp: T6020: vrrp health-check script not applied correctly in keepalived.conf | khramshinr | |
Added health-check to sync-group in CLI Don't use instance health-check when instance in sync group member Disallow wrong healtch-check configurations New smoke test | |||
2024-02-29 | Merge pull request #3056 from natali-rs1985/T5504-current | Christian Breunig | |
T5504: Keepalived VRRP ability to set more than one peer-address | |||
2024-02-29 | vrrp: T6020: vrrp health-check script not applied correctly in keepalived.conf | khramshinr | |
Added health-check to sync-group in CLI Don't use instance health-check when instance in sync group member Disallow wrong healtch-check configurations New smoke test | |||
2024-02-28 | banner: T6077: implement ASCII contest winner default logo | Christian Breunig | |
Implement VyOS ASCII art contest winners logo as the default for our MOTD | |||
2024-02-28 | T5504 Keepalived VRRP ability to set more than one peer-address | Nataliia Solomko | |
2024-02-27 | vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is ↵ | sarthurdev | |
required |