summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-12-17sstp: T4384: remote server is mandatory in client modeChristian Poessinger
2022-12-17op-mode: T707: remove dedicated calls to sudo in vpn_ipsecChristian Poessinger
As the script itself (vpn_ipsec.py) is already invoked using sudo, there is no further need to also call sudo inside the script again.
2022-12-17op-mode: T707: explicitly use sudo when working with RAID devicesChristian Poessinger
2022-12-17op-mode: T4767: drop sudo calls when working with QAT/acceleration subsystemChristian Poessinger
As the API daemon has the proper permissions and also the CLI op-mode calls the script already with "sudo", there is no need to call "sudo" inside this script, again.
2022-12-17bonding: T4878: use more is_node_changed() over leaf_node_changed()Christian Poessinger
The implementation of is_node_changed() is less error prone and should always be favoured.
2022-12-17Merge pull request #1626 from nicolas-fort/fwall_group_interfaceChristian Poessinger
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
2022-12-17Merge pull request #1599 from goodNETnick/goodnetnick-loginotpgenerator-T4751Christian Poessinger
login: T4751: 2FA OTP key generator in VyOS CLI
2022-12-17webproxy: T3810: multiple squidGuard fixesaapostoliuk
1. Added in script update webproxy blacklists generation of all DBs 2. Fixed: if the blacklist category does not have generated db, the template generates an empty dest category in squidGuard.conf and a Warning message. 3. Added template generation for local's categories in the rule section. 4. Changed syntax in the generation dest section for blacklist's categories 4. Fixed generation dest local sections in squidGuard.conf 5. Fixed bug in syntax. The word 'allow' changed to the word 'any' in acl squidGuard.conf
2022-12-17Merge pull request #1358 from sever-sever/T1237Christian Poessinger
routing: T1237: Add new feature failover route
2022-12-15bonding: T4878: Fixed unnecessary bonding flapping during commitzsdc
There was a mistake in a config level that caused triggering the `shutdown_required` flag, even if there were no new interfaces added to a bonding. This commit sets the proper config level to avoid the problem.
2022-12-14routing: T1237: Add new feature failover routeViacheslav Hletenko
Failover route allows to install static routes to the kernel routing table only if required target or gateway is alive When target or gateway doesn't respond for ICMP/ARP checks this route deleted from the routing table Routes are marked as protocol 'failover' (rt_protos) cat /etc/iproute2/rt_protos.d/failover.conf 111 failover ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover $ sudo ip route show proto failover 203.0.113.1 via 192.0.2.1 dev eth0 metric 1 So we can safely flush such routes
2022-12-14ocserv: T4881: return vyos.opmode.Errors on failureJohn Estabrook
2022-12-14Merge pull request #1706 from jestabro/validator-file-existsJohn Estabrook
validators: T4798: replace python file-exists validator with file-path
2022-12-14validators: T4875: use file-path to replace validator 'interface-name'John Estabrook
2022-12-13validators: T4798: replace python file-exists validator with file-pathJohn Estabrook
2022-12-12Merge pull request #1699 from jestabro/op-mode-openvpnJohn Estabrook
openvpn: T4770: rewrite op-mode show/reset to use vyos.opmode
2022-12-12openvpn: T4770: add reset function to openvpn.pyJohn Estabrook
2022-12-12openvpn: T4770: add openvpn.py with standardized show commandJohn Estabrook
2022-12-11sstp: T4384: initial implementation of SSTP client CLIChristian Poessinger
vyos@vyos# show interfaces sstpc sstpc sstpc10 { authentication { password vyos user vyos } server sstp.vyos.net ssl { ca-certificate VyOS-CA } }
2022-12-11pppoe: T4384: remove unused import of leaf_node_changedChristian Poessinger
2022-12-09openvpn: T4872: fix parsing of tunnel IP in 'show openvpn server'John Estabrook
2022-12-09T4868: Fix l2tp ppp IPv6 options in template and config get dictViacheslav Hletenko
L2TP 'ppp-options ipv6 x' can work without declaring IPv6 pool As we can get addresses via RADIUS attributes: - Framed-IPv6-Prefix - Delegated-IPv6-Prefix
2022-12-08T4117: Fix for L2TP DAE CoA server configurationViacheslav Hletenko
Fix l2tp dae server template and python config dict for correctlly handling Dynamic Authorization Extension server configuration
2022-12-07T4861: Openconnect replace restart to reload-or-restartViacheslav Hletenko
Every change in openconnect restarts the ocserv.service Replace "restart" to "reload-or-restart" to avoid disconnect clients during change configs
2022-12-05Merge pull request #1693 from sever-sever/T4860Christian Poessinger
T4860: Verify if mode in openconnect ocserv dict
2022-12-04T4860: Verify if mode in openconnect ocserv dictViacheslav Hletenko
openconnect authentication mode must be set check dict that 'mode' exists in openconnect authentication
2022-12-04T4848: Fix for default route vpn openconnectViacheslav Hletenko
ocserv template expects list of routes but gets str "default" it cause wrong routes like: route = d route = e route = f route = a route = u route = l route = t Fix it
2022-12-03Merge pull request #1691 from sarthurdev/T478Christian Poessinger
firewall: T478: Fix firewall group circular dependency check
2022-12-03firewall: T478: Fix firewall group circular dependency checksarthurdev
2022-12-02Merge pull request #1685 from sever-sever/T4805Christian Poessinger
T4805: Restart pppoe-server if client pool was changed
2022-12-02Merge pull request #1687 from sever-sever/T4825Christian Poessinger
T4825: Verify if you are trying to add a new vethX to exists pair
2022-12-02http-api: T4859: correct calling of script dependencies from http-api.pyJohn Estabrook
2022-12-02T4825: Verify if you are trying to add a new vethX to exists pairViacheslav Hletenko
Verify if you are trying to add a new vethX to exists pair: set int virtual-ethernet veth0 peer-name 'veth1' set int virtual-ethernet veth1 peer-name 'veth0' set int virtual-ethernet veth12 peer-name 'veth0' Verify veth-name and peer-name cannot be the same: set interfaces virtual-ethernet veth0 peer-name veth0
2022-12-02T4805: Restart pppoe-server if client pool was changedViacheslav Hletenko
Some changes for 'service pppoe-server' require 'restart' the accel-ppp@pppoe.service But we use option 'reload-or-restart' that doesn't work correctly with 'accel-ppp' Restart pppoe-server if client pool was changed
2022-12-02op-mode: T4767: drop sudo callsChristian Poessinger
It's easier and more obvious if the script is called with sudo itself and not spawning a sudo sessionf or each individual command.
2022-12-02Merge pull request #1646 from mkorobeinikov/4767pyChristian Poessinger
T4767: Rewrite generate ipsec archive to python
2022-11-30pki: T4847: set and call dependent scriptsJohn Estabrook
2022-11-29pki: T4847: fix typosJohn Estabrook
2022-11-29mpls: T915: verify interface actually exists on the systemChristian Poessinger
2022-11-28conf-mode: T4845: add external file for dict of config-mode dependenciesJohn Estabrook
2022-11-28T4844: Set DB directory rigths 755 in the update webproxy scriptaapostoliuk
Squidguard: Set DB directory rigths 755 in the update blacklist webproxy script
2022-11-25T4825: Verify if veth interface not used in conf before deletingViacheslav Hletenko
Prevent to delete interface "vethX" which used for another interface as "vethY peer-name vethX" set interfaces virtual-ethernet veth0 peer-name 'veth1' set interfaces virtual-ethernet veth1 peer-name 'veth0' commit delete interfaces virtual-ethernet veth0 commit
2022-11-24veth: T4825: minor improvements on XML peer-name handlingChristian Poessinger
2022-11-24Merge branch 'T4825' of https://github.com/sever-sever/vyos-1x into t4825-vethChristian Poessinger
* 'T4825' of https://github.com/sever-sever/vyos-1x: T4825: Add basic smoketest for veth interfaces T4825: Add interface type veth
2022-11-24T4825: Add interface type vethViacheslav Hletenko
Add interface type veth (Virtual ethernet) One of the usecases it's interconnect different vrf's and default vrf via bridge set interfaces virtual-ethernet veth0 peer-name 'veth1010' set interfaces virtual-ethernet veth1010 address '10.0.0.10/24' set interfaces virtual-ethernet veth1010 peer-name 'veth0' set interfaces virtual-ethernet veth1010 vrf 'foo' set interfaces bridge br0 address '10.0.0.1/24' set interfaces bridge br0 member interface veth0
2022-11-24T4837: expose "show ip route summary" in the op mode APIDaniil Baturin
2022-11-21graphql: T4574: add specific error message if token has expiredJohn Estabrook
Catch expiration error and return error-specific message instead of general 'not authenticated'.
2022-11-21graphql: T4574: use Optional in func_sigJohn Estabrook
A misreading of the makefun docs seemed to indicate Optional was not supported; it is.
2022-11-21graphql: T4544: use load_as_module from vyos.utilJohn Estabrook
load_as_module was added to util.py for T4821; prefer over local copy
2022-11-20IPsec: T4829: use type hint Optional for arg tunnel in reset_peerJohn Estabrook