summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2023-06-05Merge pull request #2005 from indrajitr/ddclient-improvement-round-2Christian Breunig
dns: T5144: Modernize dynamic dns operation (round 2)
2023-06-05openconnect: T5259: fix migration logic in delete_value radius|localJohn Estabrook
Incorrect logic of node deletion now raises error, after T5251.
2023-06-04dns: T5144: Streamline ddclient systemd service overrideIndrajit Raychaudhuri
Templatize systemd override for ddclient service and move the generated override files in /run. This ensures that the override files are always generated afresh after boot. Additionally, simplify the systemd override file by removing the redundant/superfluous overrides.
2023-06-04dns: T5144: Add pid and cache config as ddclient globalIndrajit Raychaudhuri
2023-06-04dns: T5144: Relocate ddclient op-mode config files for consistency with ↵Indrajit Raychaudhuri
config path
2023-06-04dns: T5144: Relocate ddclient template path for consistency with config pathIndrajit Raychaudhuri
2023-06-04dns: T5144: Apply migration for dynamic dns path updateIndrajit Raychaudhuri
Create migration and bump package version from 0 -> 1 for dynamic dns
2023-06-04dns: T5144: Restrict dualstack for dyndns2 protocol to dyn.comIndrajit Raychaudhuri
ddclient implementation of dualstack for dyndns2 protocol is targeted for dyn.com (dyndns.org) only. Dualstack won't work for other servers supporting dyndns2 protocol (for example, dyn.dns.he.net).
2023-06-03dns: T5144: Modernize dynamic dns operationIndrajit Raychaudhuri
Apply next round of configuration tree updates to 'service dns dynamic' with the following changes: - Migrate `service dns dynamic interface <interface> [use-web]` to `service dns dynamic address <interface>` or `service dns dynamic address web [web-options]` This communicates the intent that dynamic dns IP address is detected in only one way - using the `<interface>` or using an external web request, not both. - When using external web request, (`service dns dynamic address web`), external url is optional (`web-options url`). Ddclient defaults are used when unspecified, - Rename all config `login` to `username` for consistency and also to align better with alternative ddclient backends in consideration. - Apply global 'ipv6-enable' to per service 'ip-version: ipv6'. Selecting usage of IPv4 or IPv6 (or both simultaneously) is now at per service (protocol) level instead of global level. This allows more control on the ability to select IPv4 in some cases and IPv6 in some other cases wherever supported by the underlying ddclient protocol. - While the IP address (and by extension, the detection mechanism) is global, the way it is applied to a particular ddclient protocol depends on whether it supports IPv4 or IPv6 or both. - Related to the above, this also prevents generating incorrect config file (`ddclient.conf`) with multiple global sections leading to an unpredictable behavior of ddclient. - Implement provider (protocol) specific custom tweaks whenever possible (e.g., `zone`, `username`, `server` are not necessary in all cases). - Move service name from a combination of 'protocol' (with protocol config autodetected) and custom (with protocol config specified) to a single 'service' key. This allows for consisent setup of multiple config for the same ddclient protocol (with different options and credentials). This also avoid ambiguity with usual networking term 'protocol' and ddclient specific term 'protocol' (and can change with a move to a different backend). - Apply upfront XML constraints and validations consistently wherever applicable. - RFC2136 specific change: Rename rfc2136 config `record` to `host-name` for consistency. - Cloudflare specific change: While ddclient still supports authenticating with email and global auth key, skipping `username` in config will indicate the intent to use API token authentication (with special 'token' literal as `username`).
2023-06-03T5257: add verify_vrf() check for flow-accountingChristian Breunig
2023-06-03T5257: import cleanup for flow-accountingChristian Breunig
2023-06-03T5257: Fix netflow VRF and bracketize v6 source addresses for netflow/sflowWered
2023-06-02Merge pull request #2023 from jestabro/error-passingViacheslav Hletenko
configtree: T5251: catch/raise errors in functions delete and delete_value
2023-05-31migration: T5251: fix incorrect logic in calling configtree.deleteJohn Estabrook
The node was already deleted in the 'if path exists' branch; attempt to delete in 'else' branch will now raise an error.
2023-05-31Merge pull request #2021 from blank0608/T5210Christian Breunig
T5210:VPN:Fix typo in Warning
2023-05-31T5210: VPN: Fix typo in WarningJohn Landicho
2023-05-29netns: T3829: remove debug print() statemementChristian Breunig
2023-05-29T5234: add bash prompt identifier for given Network namespaceChristian Breunig
2023-05-29T5234: extend color prompt with VRF instance nameChristian Breunig
2023-05-28ipsec: T5042: fix remote-access "Tunnel IP" columnChristian Breunig
Connection ID Username Protocol State Uptime Tunnel IP --------------- ---------- ---------- ------- -------- ----------------- 27 cpo IKEv2 UP 11s ['172.16.222.17'] "Tunnel IP" should be a string over list.
2023-05-28router-advert: T5240: verify() that no more then 3 IPv6 name-servers configuredChristian Breunig
This is a radvd limitation.
2023-05-26bridge: T4579: fix error message for bridge and bond membershipChristian Breunig
2023-05-21T5234: add bash prompt identifier for given VRF instanceChristian Breunig
2023-05-19T5222: reverse-proxy add send-proxy option for backend serverViacheslav Hletenko
To accept a Proxy Protocol header on incoming TCP connections, add an accept-proxy parameter to the bind line in a frontend section. This parameter detects both Proxy Protocol version 1 (text format) and Proxy Protocol version 2 (binary format). set load-balancing reverse-proxy backend <tag> server <tag> send-proxy
2023-05-19T5222: Refactoring load-balancing reverse-proxyViacheslav Hletenko
Improve and refactoring "load-balancing reverse-proxy" - replace 'reverse-proxy server <tag>' => 'reverse-proxy service <tag>' - replace 'reverse-proxy global-parameters tls <xxx>' => 'reverse-proxy global-parameters tls-version-min xxx' => 'reverse-proxy global-parameters ssl-bind-ciphers xxx' - replace 'reverse-proxy service https rule <tag> set server 'xxx' => 'reverse-proxy service https rule <tag> set backend 'xxx' 'service https rule <tag> domain-name xxx' set as multinode
2023-05-17Merge pull request #2004 from sever-sever/T5222Christian Breunig
T5222: Add load-balancing for web traffic
2023-05-17T5222: Add load-balancing for web trafficViacheslav Hletenko
2023-05-14T5224: Stop syslog.socket alongside syslog.serviceJoe Groocock
Avoids the following warning, and any external service from re-activating syslog via systemd socket activation: frebib@vyos# commit [ system syslog ] DEBUG/COMMAND returned (err): Warning: Stopping syslog.service, but it can still be activated by: syslog.socket DEBUG/COMMAND cmd 'systemctl stop syslog.service' Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-14T5224: Fix `del system syslog`Joe Groocock
os.unlink() is the correct function: Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 146, in <module> generate(c) File "/usr/libexec/vyos/conf_mode/system-syslog.py", line 114, in generate os.path.unlink(rsyslog_conf) ^^^^^^^^^^^^^^ AttributeError: module 'posixpath' has no attribute 'unlink' Signed-off-by: Joe Groocock <me@frebib.net>
2023-05-12ethernet: T3891: add conditional code-path when doing speed/duplex changesChristian Breunig
There is no need for the backend code to call ethtool and try to change speed or duplex settings every time there is a change in the interface configuration, but no change for the speed/duplex subnodes. This also makes the commit itself faster when working with ethernet interfaces. Bonus: no repeating CLI messages that the driver does not support speed/duplex changes, as we do not change anything here. Extension to commit f2ecc9710 ("ethernet: T3891: honor auto-negotiation support per NIC")
2023-05-12ocserv: T3896: improve XML definition and add warning about 3rd party configsChristian Breunig
When enabling identity-based-config, users can add arbitrary config keys that are processed by ocserv. The user "must know" what he is been doing, as invalid config option will make the ocserv daemon go ... whoop! Thus add a warning and inform the user about this setting.
2023-05-12Merge pull request #1783 from PeppyH/T3896-ocserv-config-per-xChristian Breunig
ocserv: T3896: add CLI options to configure ocserv config-per-user/group
2023-05-12Merge pull request #2002 from Zen3515/fix-cloudflare-ddnsChristian Breunig
T5219: ddclient: Allow not set login for Cloudflare API token
2023-05-12T5219: ddclient: Cloudflare doesn't require loginZen3515
2023-05-11Merge pull request #1999 from dmbaturin/T5251-vrrp-group-ping-fixJohn Estabrook
vrrp: T5215: fix the commit error when health check is not configured
2023-05-12vrrp: T5215: fix VRRP commit error when health check is not configuredDaniil Baturin
2023-05-11vyos.util: T5195: remove the unused camel case to snake case functionDaniil Baturin
that was replaced with Humps in all sciprts
2023-05-11Merge pull request #1956 from mkorobeinikov/currentChristian Breunig
T5158: Refactoring the commad sh interfaces counters
2023-05-11T5158: Refactoring the commad '$ sh interfaces counters'mkorobeinikov
For more detailed information it's necessary to add information about drops and error counters.
2023-05-10Merge pull request #1987 from dmbaturin/T5251-vrrp-group-pingChristian Breunig
T5215: add a built-in ping check for VRRP groups
2023-05-10vrrp: T5215: Add built-in ping check for VRRP groupsDaniil Baturin
2023-05-10T5213: Add accounting-interim-interval option for PPTP-serverViacheslav Hletenko
Add RADIUS accounting-interim-interval option for PPTP-server Specifies interval in seconds to send accounting information (may be overridden by radius Acct-Interim-Interval attribute) set vpn pptp remote-access authentication radius accounting-interim-interval '52'
2023-05-10T5213: Add accounting-interim-interval option for L2TP-serverViacheslav Hletenko
Add RADIUS accounting-interim-interval option for L2TP-server Specifies interval in seconds to send accounting information (may be overridden by radius Acct-Interim-Interval attribute) set vpn l2tp remote-access authentication radius accounting-interim-interval '120'
2023-05-09Merge pull request #1978 from zdc/T5190-sagittaChristian Breunig
cloud-init: T5190: Added Cloud-init pre-configurator
2023-05-09Merge pull request #1984 from sever-sever/T5060Christian Breunig
T5060: Add disable option for high-availability
2023-05-09Merge pull request #1985 from c-po/t2778-syslogChristian Breunig
syslog: T2778: T2769: refactoring and VRF support
2023-05-09T5214: Fix warning if a named pool is defined for PPPoE-serverViacheslav Hletenko
2023-05-08syslog: T2769: add VRF supportChristian Breunig
Allow syslog messages to be sent through a VRF (e.g. management).
2023-05-08syslog: T2778: migrate to get_config_dict()Christian Breunig
2023-05-08T5060: Add disable option for high-availabilityViacheslav Hletenko
Add 'maintenance mode' (option disable) for high-availability set high-availability disable