summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-03-05conntrackd: T4259: fix daemon configuration pathChristian Poessinger
2022-03-05conntrackd: T4259: prevent startup of multiple daemon instancesChristian Poessinger
2022-03-04op-mode: lldp: T3999: bugfix cap' referenced before assignmentChristian Poessinger
2022-03-03static: T4283: support "reject" routes - emit an ICMP unreachable when matchedChristian Poessinger
2022-03-01flow-accounting: T4277: support sending flow-data via VRF interfaceChristian Poessinger
It should be possible to send the gathered data via a VRF bound interface to the collector. This is somehow related to T3981 but it's the opposite side of the netflow process. set system flow-accounting vrf <name>
2022-02-28ssh: T4273: bugfix cipher and key-exchange multi nodesChristian Poessinger
After hardning the regex validator to be preceeded with ^ and ending with $ it was no longer possible to have a comma separated list as SSH ciphers. The migrations cript is altered to migrate the previous comma separated list to individual multi node entries - cipher and key-exchange always had been multinodes - so this just re-arranges some values and does not break CLI compatibility
2022-02-26lldp: T4272: migrate to get_config_dict()Christian Poessinger
2022-02-25zone-policy: T2199: bugfix defaultValue usageChristian Poessinger
Instead of hardcoding the default behavior inside the Jinaj2 template, all defaults are required to be specified inside teh XML definition. This is required to automatically render the appropriate CLI tab completion commands.
2022-02-23tunnel: T4267: "parameters ip key" on GRE not required for different remotesChristian Poessinger
2022-02-22vxlan: T4264: interface is destroyed and rebuild on description changeChristian Poessinger
When changing "general" parameters like: - interface IP address - MTU - description the interface is destroyed and recreated ... this should not happen!
2022-02-21Merge pull request #1233 from dmbaturin/structured-op-modeJohn Estabrook
T2719: initial batch of standardized structure op mode scripts
2022-02-21Merge pull request #1232 from srividya0208/T4115John Estabrook
T4115:Reboot:Options "in" and "at" are not working as expected
2022-02-21vxlan: T4120: code cleanup for multiple remotesChristian Poessinger
2022-02-21T2719: initial batch of standardized structure op mode scriptsDaniil Baturin
2022-02-20bridge: remove unreferenced import -> leaf_node_changedChristian Poessinger
2022-02-20vxlan: T4120: add ability to set multiple remotes (PR #1127)Andreas
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command.
2022-02-20T4115:Reboot:Options "in" and "at" are not workingsrividya0208
When reboot is executed with "in" option it only accepts minutes till 99 value and does not accept greater values and "at" is also working same like in option where as it should work with exact timings.
2022-02-19containers: T4249: Allow to connect host device to the containerViacheslav Hletenko
Ability to attach host devices to the container It can be disk, USB device or any device from the directory /dev set container name alp01 device disk source '/dev/vdb1' set container name alp01 device disk destination '/dev/mydisk'
2022-02-17pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM ↵Andrew Gunnerson
files This commit updates the eapol code so that it writes the full certificate chains for both the specified CA and the client certificate to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively. The full CA chain is necessary for validating the incoming server certificate when it is signed by an intermediate CA and the intermediate CA cert is not included in the EAP-TLS ServerHello. In this scenario, wpa_supplicant needs to have both the intermediate CA and the root CA in its `ca_file`. Similarly, the full client certificate chain is needed when the ISP expects/requires that the client (wpa_supplicant) sends the client cert + the intermediate CA (or even + the root CA) as part of the EAP-TLS ClientHello. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-17openvpn: T4230: globally enable ip_nonlocal_bindChristian Poessinger
2022-02-17Merge pull request #1211 from sever-sever/T4230-curChristian Poessinger
openvpn: T4230: Delete checks if local-host address assigned
2022-02-16xml: T3474: get component version dictionary from xml cache, not legacyJohn Estabrook
2022-02-15conntrack-sync: T4237: Fix checks for listen-address list to strViacheslav Hletenko
Verify section conntrack_sync.py funciton 'is_addr_assigned' should checks address as string not as list (cherry picked from commit c41c51e4ed7ceb293161014a73bdd350162c3300)
2022-02-14pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert nameAndrew Gunnerson
This commit fixes a small typo where the client cert name was being used to index the CA configuration dict. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-14tunnel: T4154: import cleanupChristian Poessinger
2022-02-14tunnel: T4154: verify() no more then one GRE tunnel is used w/o "ip key" per ↵Christian Poessinger
interface It is impossible for the OS kernel to distinguish multiple GRE tunnels when no "gre key" is configured when sourcing tunnels from the same interface.
2022-02-13vrf: T4191: bugfix for "ip rule" when VRFs are createdChristian Poessinger
We always mangled and worked on the "ip rule" singleton even when nothing needed to be changed. This resulted in a VRF hickup when the same VRF was added and removed multiple times. set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit delete interfaces ethernet eth1 vrf delete vrf commit set interfaces ethernet eth1 vrf foo set vrf name foo table '1000' commit broke reachability on eth1 - a reboot was required. This change will now only alter the ip rule tables once when VRF instances are created for the first time and will not touch the Kernel "ip rule" representation afterwards.
2022-02-12policy: T2199: bugfix verify_rule() on negated groupsChristian Poessinger
Related to #1215
2022-02-11Merge pull request #1214 from sever-sever/T3686Christian Poessinger
openvpn: T3686: Fix for check local-address in script and tmpl
2022-02-10openvpn: T4236: Add generator for ovpn configurations in op-modeViacheslav Hletenko
This generator generates client .ovpn files with required initial configuration It gets information from interface vtun, pki ca and certificates
2022-02-10Merge pull request #1133 from zdc/T1925-sagittaDaniil Baturin
ipsec: T1925: Fixed `show vpn ipsec sa` output
2022-02-09openvpn: T3686: Fix for check local-address in script and tmplViacheslav Hletenko
Local-address should be checked/executed only if it exists in the openvpn configuration, dictionary, jinja2 template
2022-02-09openvpn: T4230: Delete checks if local-host address assignedViacheslav Hletenko
OpenVPN can't start if it depends on VRRP virtual-address as virtual-address is not yet assigned by HA (openvpn and ha in one commit) as we have checks "if address assigned" It depends on commit priorities: 460 interfaces/openvpn 800 high-availability Replace check if local-host address assigned from raise ConfigError to print (just notification) Allow to bind OpenVPN service to nonlocal address
2022-02-08monitoring: T3872: Add input filter for firewall InfluxDB2Viacheslav Hletenko
Input filter for firewall allows to get bytes/counters from nftables in format, required for InfluxDB2
2022-02-05vrrp: T4226: transition-script does not work for groups containing a hypen (-)Christian Poessinger
2022-02-05Merge pull request #1206 from sarthurdev/T4209Christian Poessinger
firewall: T4209: Fix support for rule `recent` matches
2022-02-04policy: T4151: Delete unexpected print added in commit c501ae0fViacheslav Hletenko
2022-02-04firewall: T4209: Fix support for rule `recent` matchessarthurdev
2022-02-01Revert "dhclient: T3392: remove /usr/sbin prefix from iproute2 ip command"Christian Poessinger
This reverts commit 78b247b724f74bdabab0706aaa7f5b00e5809bc1.
2022-01-31upnpd: T3420: code cleanupChristian Poessinger
2022-01-31Merge pull request #1196 from hensur/current-ipv6-local-route-iifChristian Poessinger
policy: T4219: add local-route(6) inbound-interface support
2022-01-31firewall: T2199: Fix errors when referencing an empty chainsarthurdev
2022-01-30policy: T4219: add local-route(6) incoming-interfaceHenning Surmeier
2022-01-30policy: T4213: Fix duplicate commands from multiple rules with single tablesarthurdev
2022-01-29firewall: T4216: Add support for negated firewall groupssarthurdev
2022-01-29firewall: T4218: Adds a prefix to all user defined chainssarthurdev
2022-01-29Merge pull request #1195 from hensur/current-ipv6-local-routeChristian Poessinger
policy: T4151: bugfix multiple commits and smoketest
2022-01-30Merge pull request #789 from jack9603301/T3420Daniil Baturin
upnpd: T3420: Support UPNP protocol
2022-01-28dhclient: T3392: remove /usr/sbin prefix from iproute2 ip commandChristian Poessinger
2022-01-28firewall: T4217: install protocol tcp_udp if port group does not use a protocolChristian Poessinger