summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2024-03-20vti: T6085: interface is always down and only enabled by IPSec daemonChristian Breunig
When a VTI interface is just created, it is in ADMIN UP state by default, even if an IPSec peer is not connected. After the peer is disconnected the interface goes to DOWN state as expected. This breaks routing logic - for example, static routes through VTI interfaces will be active even if a peer is not connected. This changes to logic so ADMIN UP/DOWN state can only be changed by the vti-up-down helper script. Error was introduced during the Perl -> Python migration and move to the generic vyos.ifconfig abstraction during the 1.4 development cycle.
2024-03-19T6138: Fix op-mode show conntrack table with flowtable offloadsViacheslav Hletenko
The op-mode command `show conntrack table ipv4` fails if gets a conntrack entrie with `flowtable` offload. Those entries do not have key `timeout` ``` File "/usr/libexec/vyos/op_mode/conntrack.py", line 115, in get_formatted_output timeout = meta['timeout'] ~~~~^^^^^^^^^^^ ``` Use the timeout `n/a` for those offload conntrack entries
2024-03-18T6136: add error checks when using dynamic firewall groupsNicolas Fort
2024-03-16Merge pull request #3112 from Ingramz/add-rtsp-2Christian Breunig
conntrack: T4022: add RTSP conntrack helper
2024-03-16Merge pull request #3132 from sever-sever/T6121Christian Breunig
T6121: Extend service config-sync to new sections
2024-03-15T6090: fix policy route migration script. Ensure that tcp flags migration ↵Nicolas Fort
occurs also if only <policy route> is defined.
2024-03-15T6121: Extend service config-sync to new sectionsViacheslav Hletenko
Extend `service config-sync` with new sections: - LeafNodes: pki, policy, vpn, vrf (syncs the whole sections) - Nodes: interfaces, protocols, service (syncs subsections) In this cae the Node allows to uses the next level section i.e subsection For example any of the subsection of the node `interfaces`: - set service config-sync section interfaces pseudo-ethernet - set service config-sync section interfaces virtual-ethernet Example of the config: ``` set service config-sync mode 'load' set service config-sync secondary address '192.0.2.1' set service config-sync secondary key 'xxx' set service config-sync section firewall set service config-sync section interfaces pseudo-ethernet set service config-sync section interfaces virtual-ethernet set service config-sync section nat set service config-sync section nat66 set service config-sync section protocols static set service config-sync section pki set service config-sync section vrf ```
2024-03-13Merge pull request #3125 from c-po/radvd-T6118Daniil Baturin
radvd: T6118: add nat64prefix support RFC8781
2024-03-13Merge pull request #3126 from zdc/T4548-circinusChristian Breunig
grub: T4548: Fixed GRUB configuration files order
2024-03-13grub: T4548: Fixed configuration files orderzsdc
To iterate files on ext* file systems GRUB reads their inodes one by one, ignoring names. This breaks our configuration logic that relies on proper loading order. This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB configuration files are created. It recreates files, changing their inodes in a way where inodes order matches alphabetical order.
2024-03-12radvd: T6118: add nat64prefix support RFC8781Christian Breunig
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime must not be smaller than the "interface interval max" definition which defaults to 600. set service router-advert interface eth1 nat64prefix 64:ff9b::/96
2024-03-12conntrack: T4022: add RTSP conntrack helperIndrek Ardel
2024-03-12Merge pull request #3123 from sarthurdev/T5080_orderChristian Breunig
conntrack: T5080: Fix rule order for applied conntrack modules
2024-03-12conntrack: T5080: Fix rule order for applied conntrack modulessarthurdev
2024-03-10T6114: fix broken migration dhcpv6-server 4-to-5Lucas Christian
2024-03-10Merge pull request #3113 from c-po/firewall-T6071Daniil Baturin
firewall: T6071: truncate rule description field to 255 characters
2024-03-10firewall: T6071: truncate rule description field to 255 charactersChristian Breunig
2024-03-09Merge pull request #3106 from sarthurdev/T6102Daniil Baturin
dhcp: T6102: Fix clear DHCP lease op-mode
2024-03-07Merge pull request #2966 from HollyGurza/T6020Daniil Baturin
vrrp: T6020: vrrp health-check script not applied correctly
2024-03-07Merge pull request #1740 from sarthurdev/tpm_luksDaniil Baturin
config: T4919: Add support for encrypted config with TPM
2024-03-07config: T4919: Support copying encrypted volumes during installsarthurdev
Re-implements https://github.com/vyos/vyatta-cfg-system/pull/194
2024-03-07config: T4919: mount/unmount encrypted config on VyOS start/stopsarthurdev
Re-implements https://github.com/vyos/vyatta-cfg/pull/54
2024-03-07config: T4919: Add support for encrypted config file with TPMsarthurdev
2024-03-06dhcp: T6102: Fix clear DHCP lease op-modesarthurdev
* Add `clear dhcpv6-server lease` * Standardize using vyos.opmode
2024-03-06Merge pull request #3088 from nicolas-fort/T6075Daniil Baturin
T6075: firewall and NAT: check if interface-group exists when using them in firewall|nat rules.
2024-03-06Merge pull request #3085 from Apachez-/T6096Christian Breunig
T6096: Config commits are not synced properly because 00vyos-sync is deleted by vyos-router
2024-03-05Merge pull request #3089 from jestabro/allocate-under-lockJohn Estabrook
http-api: T6069: fix allocation outside of thread lock
2024-03-05T2447: add configurable kernel boot option 'disable-power-saving'Christian Breunig
Lower available CPU C states to a minimum if this option set. This will set Kernel commandline options "intel_idle.max_cstate=0 processor.max_cstate=1".
2024-03-05http-api: T6069: fix allocation outside of thread lockJohn Estabrook
2024-03-05T6075: firewall and NAT: check if interface-group exists when using them in ↵Nicolas Fort
firewall|nat rules.
2024-03-04T6096: Config commits are not synced properly because 00vyos-sync is deleted ↵Apachez
by vyos-router
2024-03-04Merge pull request #3079 from sever-sever/T6084Daniil Baturin
T6084: Add NHRP dependency for IPsec and fix NHRP empty config bug
2024-03-04T6084: Add NHRP dependency for IPsec and fix NHRP empty config bugViacheslav Hletenko
If we have any `vpn ipsec` and `protocol nhrp` configuration we get the empty configuration file `/run/opennhrp/opennhrp.conf` after rebooting the system. Use config dependency instead of the old `resync_nhrp` function fixes this issue
2024-03-03ospfv3: T6087: add support to redistribute IS-IS routesChristian Breunig
2024-03-02ospf: T5717: sync code with ospfv3 implementationChristian Breunig
2024-03-02ospfv3: T5717: allow metric and metric-type on redistributed routesChristian Breunig
Example: vyos@vyos# set protocols ospfv3 redistribute bgp Possible completions: metric OSPF default metric metric-type OSPF metric type for default routes (default: 2) route-map Specify route-map name to use
2024-03-01Merge pull request #3061 from sarthurdev/T6079_currentChristian Breunig
dhcp-server: T6079: Disable duplicate static-mappings on migration
2024-03-01smoketest: T6079: probe for duplicate IP address static-mappingChristian Breunig
2024-03-01vrrp: T6020: vrrp health-check script not applied correctly in keepalived.confkhramshinr
Added health-check to sync-group in CLI Don't use instance health-check when instance in sync group member Disallow wrong healtch-check configurations New smoke test
2024-02-29Merge pull request #2659 from jestabro/remove-trivial-redundanciesJohn Estabrook
configdep: T5839: remove trivially redundant config dependency calls
2024-02-29Merge pull request #3056 from natali-rs1985/T5504-currentChristian Breunig
T5504: Keepalived VRRP ability to set more than one peer-address
2024-02-29Merge pull request #3060 from c-po/bannerDaniil Baturin
banner: T6077: implement ASCII contest winner default logo
2024-02-29vrrp: T6020: vrrp health-check script not applied correctly in keepalived.confkhramshinr
Added health-check to sync-group in CLI Don't use instance health-check when instance in sync group member Disallow wrong healtch-check configurations New smoke test
2024-02-29dhcp-server: T6079: Disable duplicate static-mappings on migrationsarthurdev
2024-02-28dhcp-server: T6079: Increment Kea migrator versionssarthurdev
2024-02-28configdep: T5660: remove global redundancies under vyos-configdJohn Estabrook
2024-02-28banner: T6077: implement ASCII contest winner default logoChristian Breunig
Implement VyOS ASCII art contest winners logo as the default for our MOTD
2024-02-28Merge pull request #3055 from sarthurdev/T6073Christian Breunig
vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is required
2024-02-28T5504 Keepalived VRRP ability to set more than one peer-addressNataliia Solomko
2024-02-27vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is ↵sarthurdev
required
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 02:38:48 +0000