vyos-1x.git/src/migration-scripts, branch 1.4.0-rc3

T5953: Changed values of 'close-action' to Strongswan values

2024-01-17T17:38:11+00:00

Changed the value from 'hold' to 'trap' in the 'close-action' option in the IKE group. Changed the value from 'restart' to 'start' in the 'close-action' option in the IKE group. (cherry picked from commit 8870fabf1b4358618fca7db459515106653214b5)

T4658: Renamed DPD action value from 'hold' to 'trap'

2024-01-16T15:46:28+00:00

Renamed DPD action value from 'hold' to 'trap' (cherry picked from commit 9f4aee5778eefa0a17d4795430d50e4a046e88b0)

T5889: Fix migration scripts nat 5-to-6

2024-01-16T14:08:56+00:00

The current migration drop interface name for NAT where not should ``` nat { source { rule 100 { outbound-interface { name "eth0" ... } } } ``` After migration we lost interface: /home/vyos# /opt/vyatta/etc/config-migrate/migrate/nat/5-to-6 tmp.conf /home/vyos# /home/vyos# cat tmp.conf | grep "nat {" -A 10 nat { source { rule 100 { outbound-interface { interface-name "" ... } } } ``` This commit fixes it. (cherry picked from commit 813237d9766f636394b9ab385bb825fbf83202b3)

bgp: T5937: fix migration script for IPv6 AFI peer-group

2024-01-16T14:05:53+00:00

Migrate "bgp neighbor address-family ipv6-unicast peer-group" to "bgp neighbor peer-group" (cherry picked from commit 9febed1344e93815dc3a94047daa69967c3af160)

ospf: T5936: when migrating passive interfaces set_tag() must be set

2024-01-15T16:20:05+00:00

(cherry picked from commit 495c3c3cc646c378746dc458f30da72c85f16dba)

firewall: T5814: Retain legacy 'accept' behaviour and re-order migration

2024-01-11T15:37:25+00:00

Pre-1.4 firewall 'accept' action acted as a 'return'. This change ensures the migrated rules meet the expected behaviour. This commit also re-orders migrated in/out/local jumps ordered by direction instead of interface. (cherry picked from commit dc542f109460bca6453d1eeba9fe829aea38bb33)

T5688: Changed 'range' to multi in 'client-ip-pool' for accell-ppp

2024-01-10T19:00:37+00:00

Changed node 'range' to multi in 'client-ip-pool' for accell-ppp services. Added completionHelp to default-pool and next-pool. Fixed verification in vpn l2tp config script. (cherry picked from commit 4ffec67d04670192d9b722353cbaef04cb0ba129)

https: T5902: remove virtual-host configuration

2024-01-10T07:11:39+00:00

We have not seen the adoption of the https virtual-host CLI option. What it did? * Create multiple webservers each listening on a different IP/port (but in the same VRF) * All webservers shared one common document root * All webservers shared the same SSL certificates * All webservers could have had individual allow-client configurations * API could be enabled for a particular virtual-host but was always enabled on the default host This configuration tried to provide a full webserver via the CLI but VyOS is a router and the Webserver is there for an API or to serve files for a local-ui. Changes Remove support for virtual-hosts as it's an incomplete and thus mostly useless "thing". Migrate all allow-client statements to one top-level allow statement. (cherry picked from commit d0d3071e99eb65edb888c26ef2fdc9e038438887)

https: T5886: migrate https certbot to new "pki certificate" CLI tree

2024-01-08T20:11:13+00:00

(cherry picked from commit 9ab6665c80c30bf446d94620fc9d85b052d48072)

Merge pull request #2719 from c-po/sagitta-backports-accel-ppp

2024-01-03T17:58:17+00:00

Backports for Accel-PPP based serviced T5801, T5842 and T5688