summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-03-31Merge branch 'vyos:current' into ocserv_local_otpgoodNETnick
2022-03-28Revert "openvpn: T4230: globally enable ip_nonlocal_bind"Daniil Baturin
This reverts commit 1cbcbf40b7721849f9696c05fac65db010a66b7c.
2022-03-27graphql: T3993: add unsettable gql option; this is not exposed by CLIJohn Estabrook
2022-03-26bgp: T4321: check neighbor IP addresses against VRF contextChristian Poessinger
2022-03-25mpls: T915: use vyos.util.sysctl_write() helper functionChristian Poessinger
2022-03-25vyos.util: T4319: rename sysctl() -> sysctl_write()Christian Poessinger
2022-03-25system: T4319: align ipv6 settings with ipv4 by using get_config_dict()Christian Poessinger
2022-03-24ipsec: T4288: drop leading empty line to detect runtime environmentChristian Poessinger
2022-03-24Merge pull request #1251 from srividya0208/T4288aChristian Poessinger
ike-group: T4288 : close-action is missing in swanctl.conf
2022-03-24Merge pull request #1248 from sever-sever/T4290Christian Poessinger
bgp: T4290: Add verify source-interface for none ip neighbor
2022-03-24openvpn: T4294: force service restart on openvpn-option node changeChristian Poessinger
2022-03-24ike-group: T4288 : close-action is missing in swanctl.confsrividya0208
close-action parameter is missing in the swanctl.conf file
2022-03-23bgp: T4314: add missing check to migration scriptJohn Estabrook
2022-03-22Merge pull request #1252 from dmbaturin/T4313Christian Poessinger
T4313: handle exceptions in the "generate public-key-command" script
2022-03-22T4313: handle exceptions in the "generate public-key-command" scriptDaniil Baturin
2022-03-21qos: T4284: initial XML interface definitions for rewriteChristian Poessinger
2022-03-21mirror: T3089: add verify_mirror() also for bond and bridge interfacesChristian Poessinger
2022-03-18OSPF : T4304: add check access-list is definedfett0
2022-03-16ocserv: T4231: Added OTP support for Openconnect 2FAgoodNETnick
2022-03-15bonding: T4301: Fixed arp-monitor optionzsdc
In verify function for arp-monitor option was used by mistake an extra conversion for incoming data before comparing items. This commit removed these unnecessary conversions and makes the option operable.
2022-03-14Merge pull request #1247 from nicolas-fort/T4286Christian Poessinger
Firewall: T4286: Correct ipv6-range validator
2022-03-13bgp: T4290: Add verify source-interface for none ip neighborViacheslav Hletenko
When we use neighbor as interface we must not use option 'source-interface' for example: neighbor eth0 source-interface eth0 Such option can be used for IP/IPv6 neighbors
2022-03-12Firewall: T4286: Correct ipv6-range validatorNicolas Fort
2022-03-10Revert "component_version: T4291: consolidate read/write functions"John Estabrook
This reverts commit 534f677d36285863decb2cdff179687b4fd690cb. Revert while investigating failure in vyos-configtest.
2022-03-10Revert "save-config: T4292: rewrite vyatta-save-config.pl to Python"John Estabrook
This reverts commit c4d389488970c8510200cac96a67182e9333b891. Revert while investigating failure in vyos-configtest.
2022-03-10Revert "load-config: T4295: use config_tree instead of legacy loadFile"John Estabrook
This reverts commit 2a4b45ba7fa4dabf7e592f499cfb06a7ae38cdea. Revert while investigating failure in vyos-configtest.
2022-03-09load-config: T4295: use config_tree instead of legacy loadFileJohn Estabrook
2022-03-08save-config: T4292: rewrite vyatta-save-config.pl to PythonJohn Estabrook
2022-03-08component_version: T4291: consolidate read/write functionsJohn Estabrook
2022-03-07logrotate: T4250: Fixed logrotate config generationzsdc
* Removed `/var/log/auth.log` and `/var/log/messages` from `/etc/logrotate.d/rsyslog`, because they conflict with VyOS-controlled items what leads to service error. * Removed generation config file for `/var/log/messages` from `system-syslog.py` - this should be done from `syslom logs` now. * Generate each logfile from `system syslog file` to a dedicated logrotate config file. * Fixed logrotate config file names in `/etc/rsyslog.d/vyos-rsyslog.conf`. * Added default logrotate settins for `/var/log/messages`
2022-03-05conntrackd: T4259: fix daemon configuration pathChristian Poessinger
2022-03-05conntrackd: T4259: prevent startup of multiple daemon instancesChristian Poessinger
2022-03-04op-mode: lldp: T3999: bugfix cap' referenced before assignmentChristian Poessinger
2022-03-03static: T4283: support "reject" routes - emit an ICMP unreachable when matchedChristian Poessinger
2022-03-01flow-accounting: T4277: support sending flow-data via VRF interfaceChristian Poessinger
It should be possible to send the gathered data via a VRF bound interface to the collector. This is somehow related to T3981 but it's the opposite side of the netflow process. set system flow-accounting vrf <name>
2022-02-28ssh: T4273: bugfix cipher and key-exchange multi nodesChristian Poessinger
After hardning the regex validator to be preceeded with ^ and ending with $ it was no longer possible to have a comma separated list as SSH ciphers. The migrations cript is altered to migrate the previous comma separated list to individual multi node entries - cipher and key-exchange always had been multinodes - so this just re-arranges some values and does not break CLI compatibility
2022-02-26lldp: T4272: migrate to get_config_dict()Christian Poessinger
2022-02-25zone-policy: T2199: bugfix defaultValue usageChristian Poessinger
Instead of hardcoding the default behavior inside the Jinaj2 template, all defaults are required to be specified inside teh XML definition. This is required to automatically render the appropriate CLI tab completion commands.
2022-02-23tunnel: T4267: "parameters ip key" on GRE not required for different remotesChristian Poessinger
2022-02-22vxlan: T4264: interface is destroyed and rebuild on description changeChristian Poessinger
When changing "general" parameters like: - interface IP address - MTU - description the interface is destroyed and recreated ... this should not happen!
2022-02-21Merge pull request #1233 from dmbaturin/structured-op-modeJohn Estabrook
T2719: initial batch of standardized structure op mode scripts
2022-02-21Merge pull request #1232 from srividya0208/T4115John Estabrook
T4115:Reboot:Options "in" and "at" are not working as expected
2022-02-21vxlan: T4120: code cleanup for multiple remotesChristian Poessinger
2022-02-21T2719: initial batch of standardized structure op mode scriptsDaniil Baturin
2022-02-20bridge: remove unreferenced import -> leaf_node_changedChristian Poessinger
2022-02-20vxlan: T4120: add ability to set multiple remotes (PR #1127)Andreas
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command.
2022-02-20T4115:Reboot:Options "in" and "at" are not workingsrividya0208
When reboot is executed with "in" option it only accepts minutes till 99 value and does not accept greater values and "at" is also working same like in option where as it should work with exact timings.
2022-02-19containers: T4249: Allow to connect host device to the containerViacheslav Hletenko
Ability to attach host devices to the container It can be disk, USB device or any device from the directory /dev set container name alp01 device disk source '/dev/vdb1' set container name alp01 device disk destination '/dev/mydisk'
2022-02-17pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM ↵Andrew Gunnerson
files This commit updates the eapol code so that it writes the full certificate chains for both the specified CA and the client certificate to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively. The full CA chain is necessary for validating the incoming server certificate when it is signed by an intermediate CA and the intermediate CA cert is not included in the EAP-TLS ServerHello. In this scenario, wpa_supplicant needs to have both the intermediate CA and the root CA in its `ca_file`. Similarly, the full client certificate chain is needed when the ISP expects/requires that the client (wpa_supplicant) sends the client cert + the intermediate CA (or even + the root CA) as part of the EAP-TLS ClientHello. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-17openvpn: T4230: globally enable ip_nonlocal_bindChristian Poessinger