| Age | Commit message (Collapse) | Author |
|---|
|
vyos@vyos# show interfaces sstpc
sstpc sstpc10 {
authentication {
password vyos
user vyos
}
server sstp.vyos.net
ssl {
ca-certificate VyOS-CA
}
}
|
|
|
|
|
|
L2TP 'ppp-options ipv6 x' can work without declaring IPv6 pool
As we can get addresses via RADIUS attributes:
- Framed-IPv6-Prefix
- Delegated-IPv6-Prefix
|
|
Fix l2tp dae server template and python config dict for correctlly
handling Dynamic Authorization Extension server configuration
|
|
Every change in openconnect restarts the ocserv.service
Replace "restart" to "reload-or-restart" to avoid disconnect
clients during change configs
|
|
T4860: Verify if mode in openconnect ocserv dict
|
|
openconnect authentication mode must be set
check dict that 'mode' exists in openconnect authentication
|
|
ocserv template expects list of routes but gets str "default"
it cause wrong routes like:
route = d
route = e
route = f
route = a
route = u
route = l
route = t
Fix it
|
|
firewall: T478: Fix firewall group circular dependency check
|
|
|
|
T4805: Restart pppoe-server if client pool was changed
|
|
T4825: Verify if you are trying to add a new vethX to exists pair
|
|
|
|
Verify if you are trying to add a new vethX to exists pair:
set int virtual-ethernet veth0 peer-name 'veth1'
set int virtual-ethernet veth1 peer-name 'veth0'
set int virtual-ethernet veth12 peer-name 'veth0'
Verify veth-name and peer-name cannot be the same:
set interfaces virtual-ethernet veth0 peer-name veth0
|
|
Some changes for 'service pppoe-server' require 'restart' the
accel-ppp@pppoe.service
But we use option 'reload-or-restart' that doesn't work correctly
with 'accel-ppp'
Restart pppoe-server if client pool was changed
|
|
It's easier and more obvious if the script is called with sudo itself and not
spawning a sudo sessionf or each individual command.
|
|
T4767: Rewrite generate ipsec archive to python
|
|
|
|
|
|
|
|
|
|
Squidguard:
Set DB directory rigths 755 in the update blacklist
webproxy script
|
|
Prevent to delete interface "vethX" which used for another
interface as "vethY peer-name vethX"
set interfaces virtual-ethernet veth0 peer-name 'veth1'
set interfaces virtual-ethernet veth1 peer-name 'veth0'
commit
delete interfaces virtual-ethernet veth0
commit
|
|
|
|
* 'T4825' of https://github.com/sever-sever/vyos-1x:
T4825: Add basic smoketest for veth interfaces
T4825: Add interface type veth
|
|
Add interface type veth (Virtual ethernet)
One of the usecases it's interconnect different vrf's and
default vrf via bridge
set interfaces virtual-ethernet veth0 peer-name 'veth1010'
set interfaces virtual-ethernet veth1010 address '10.0.0.10/24'
set interfaces virtual-ethernet veth1010 peer-name 'veth0'
set interfaces virtual-ethernet veth1010 vrf 'foo'
set interfaces bridge br0 address '10.0.0.1/24'
set interfaces bridge br0 member interface veth0
|
|
|
|
Catch expiration error and return error-specific message instead of
general 'not authenticated'.
|
|
A misreading of the makefun docs seemed to indicate Optional was not
supported; it is.
|
|
load_as_module was added to util.py for T4821; prefer over local copy
|
|
|
|
|
|
T4812: Add op-mode Show vpn ipsec connections
|
|
Commit 66288ccfee ("dns-forwarding: T4578: Rewrite show dns forwarding") added
the implementation for the new standardized op-mode definitions/implementation.
As the API daemon has the proper permissions and also the CLI op-mode calls the
script already with "sudo", there is no need to call "sudo" inside this script,
again.
Also add dns.py to data/op-mode-standardized.json for the GraphQL schema to be
generated.
|
|
route-map action 'deny' cannot be used for "continue"
as FRR does not validate it
r14(config)# route-map FOO permit 100
r14(config-route-map)# route-map FOO deny 50
r14(config-route-map)# on-match goto 100
% Configuration failed.
Error type: validation
r14(config-route-map)#
|
|
|
|
|
|
firewall: T4821: correct calling of conf_mode script dependencies
|
|
T4793: Added warning about disable-route-autoinstall
|
|
Added warning message about disable-route-autoinstall
when ipsec vti is used.
|
|
policy: T2199: T4605: Migrate policy route interface node
|
|
|
|
show firewall name <name> will output an error as explained in
https://phabricator.vyos.net/T4794
|
|
|
|
This reverts commit 44df1cea1ebc3296844c5c35cf053a92cda4b944.
|
|
Add op-mode CLI "show vpn ipsec connections"
Add the ability to show all configured connections/tunnels and
their states.
Ability to get --raw data
|
|
ip-up/down scripts added in https://github.com/vyos/vyos-1x/pull/1656
need the executable bit.
|
|
1. When a PPPoE session is connected, `pppd` will update
`/etc/resolv.conf` regardless of `system name-server` option unless `no-peer-dns` is set.
This is because `pppd` vendors scripts `/etc/ppp/ip-up.d/0000usepeerdns` and `/etc/ppp/ip-down.d/0000usepeerdns`,
which updates `/etc/resolv.conf` on PPPoE connection and reverts the change on disconnection.
This PR removes those scripts and adds custom scripts to update name server entries through `vyos-hostsd` instead.
2. There is a typo in `/etc/dhcp/dhclient-enter-hooks.d/04-vyos-resolvconf, which misspells variable name `new_dhcp6_name_servers` as `new_dhcpv6_name_servers`.
This causes IPv6 name server entries in `vyos-hostsd` not updated
when dhclient receives nameservers from DHCPv6.
3. Regular expressions in scripts under `/etc/dhcp/dhclient-enter-hooks.d` and
`/etc/dhcp/dhclient-exit-hooks.d/` are not enclosed in `^$`, so those
IPv4 related branches (like `BOUND`) could be mistakenly executed when an IPv6
reason (like `BOUND6`) is given.
|
|
<name> interface <ifname>`
* Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup
* T4605: Rename mangle table to vyos_mangle
|
