summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-10-28IPSec: T3941: Fix uptime for tunnels sa op-modeViacheslav
The current uptime for tunnels is getting from parent SA That is incorrect as we should get value from child SA
2021-10-27vrrp: T3944: reload daemon instead of restart when already runningChristian Poessinger
This prevents a failover from MASTER -> BACKUP when changing any MASTER related configuration. (cherry picked from commit 2c82c9acbde2ccca9c7bb5e646a45fd646463afe)
2021-10-27Merge pull request #1046 from sever-sever/T3942-equChristian Poessinger
op-mode: T3942: Add feature generate IPSec debug-archive
2021-10-26op-mode: T3942: Add feature generate IPSec debug-archiveViacheslav
2021-10-24vyos.ethtool: T3935: relax __init__() when driver name is not detectedChristian Poessinger
In addition to commit 0b414bcd ("vyos.ethtool: T3874: do not throw exception if adapter has issues with autoneg") we should also not care too strict when locating the driver name. This might cause false positives. (cherry picked from commit 8cf5a4f023c5459cad4c84e93f73a9ddd69be81a)
2021-10-22Merge pull request #1039 from sever-sever/T2566Christian Poessinger
sstp: T2566: Fix verify section for pool ipv6 only
2021-10-22sstp: T2566: Fix verify section for pool ipv6 onlyViacheslav
2021-10-22tunnel: T3925: fix configtest - source-interface does not work with gretapChristian Poessinger
(cherry picked from commit 594c57d9b16cac5810f796f15ad7458bd0877435)
2021-10-21Merge pull request #1032 from ross211/dhclient-vyos-cleanupChristian Poessinger
dhclient hooks: T3920: avoid 'too many args' error when no vrf
2021-10-21dhcp-server: T3610: Allow configuration for non-primary ip addressViacheslav
(cherry picked from commit 78cfb949cc6bceab744271cf23f269276b178182)
2021-10-21dhcp: T3626: Prevent to disable only one configured networkViacheslav
(cherry picked from commit 9c825a3457a88a4eebc6475f92332822e5102889)
2021-10-21tunnel: T3925: dhcp-interface was of no use - use source-interface insteadChristian Poessinger
2021-10-20tunnel: T3921: bugfix KeyError for source-addressChristian Poessinger
2021-10-20dhcpv6-server: T3918: Fix subnets verify raise ConfigErrorViacheslav
(cherry picked from commit ead10909ba9104733930bb3f59c90610138bd047)
2021-10-20dhclient hooks: T3920: avoid 'too many args' error when no vrfRoss Dougherty
2021-10-13Merge pull request #1023 from Georgiy-Tugai/patch-1Christian Poessinger
T3904: Fix NTP pool associations
2021-10-13ntp: T3904: Fix NTP pool associationsGeorgiy Tugai
As of NTP 4.2.7, 'nopeer' also blocks pool associations. See https://bugs.ntp.org/show_bug.cgi?id=2657 See also https://github.com/geerlingguy/ansible-role-ntp/pull/84
2021-10-13dns: T3277: DNS Forwarding - reverse zones for RFC1918 addressesHard7Rock
(cherry picked from commit 0191c089f94455f53f3f234c094891353583f64c) (cherry picked from commit 8fcff3112b235307b78eb23833c1d646f0e7f9f4)
2021-10-10lcd: T2564: add support for hd44780 displaysChristian Poessinger
(cherry picked from commit 4218a5bcb1093108e25d4e07fa07050b4f79d3d5)
2021-10-09tunnel: T3894: fix design when building synthetic MAC addressesChristian Poessinger
It seems not all systems have eth0 - get a list of all available Ethernet interfaces on the system (without VLAN subinterfaces) and then take the first one. (cherry picked from commit f19c92f255011149eeb7626a2e158456abe4c9b8)
2021-10-08tunnel: T3893: harden logic when validating tunnel parametersChristian Poessinger
Different types of tunnels have different keys set in get_interface_config(). Thus it should be properly verified (by e.g. using dict_search()) that the key in question esits to not raise KeyError. (cherry picked from commit 5aadf673497b93e2d4ad304e567de1cd571f9e25)
2021-10-05op-mode: T3889: do not display redundant hostname when reading logsChristian Poessinger
2021-10-04op-mode: dhcpv(v6): T3890: retrieve both server and client logfilesChristian Poessinger
* rename: "show log dhcp" will become "show log dhcp server" * add: "show log dhcp client" to display logs from ALL DHCP client processes * add: "show log dhcp client interface <name>" to display logs from individual DHCP client processes * add: "show log dhcpv6 server" to display infos about running DHCPv6 server * add: "show log dhcpv6 client" to display logs from ALL DHCPv6 client processes * add: "show log dhcpv6 client interface <name>" to display logs from individual DHCPv6 client processes
2021-10-04op-mode: T3889: migrate to journalctl when reading daemon logsChristian Poessinger
2021-10-04T3889: Revert "dhcpv6-pd: T421: disable wide dhcpv6 client debug messages"Christian Poessinger
This reverts commit 184f25819fa43fc892b97c0044813b8aa56855b4.
2021-10-02vyos.ifconfig: T3883: bugfix VRF deletionChristian Poessinger
We can not pass None as VRF name, this raises an exception. OSError: [Errno 255] failed to run command: ip link set dev eth2 master None
2021-10-02dns: forwarding: T3882: remove deprecated code to work with PowerDNS 4.5Christian Poessinger
2021-10-01smoketest: vrrp: validate rfc3768-compatibility is not setChristian Poessinger
2021-10-01vrrp: T3877: remove debug outputChristian Poessinger
2021-09-30vrrp: T3877: backport handlers to solve "default rfc3768-compatibility" issueJohn Estabrook
Do not create rfc3768-compatibility interfaces by default because of wrong Jinja2 syntax. Backporting the entire system makes it easier in the future to additional bugfixes.
2021-09-30dhcp-server: T2230: add subnet description into rendered configChristian Poessinger
(cherry picked from commit 2974628487abb9127922bf695331fd706a1d0e51)
2021-09-30vyos.ethtool: T3874: do not throw exception if adapter has issues with autonegChristian Poessinger
Instead of throwing an exception when an adapters autoneg capabilities can not be detected, just pretend it does not support autoneg. (cherry picked from commit 0b414bcd2930a1469df0a747962f4650d0fb964b)
2021-09-30Merge pull request #1017 from zdc/T3852-equuleusChristian Poessinger
dhclient: T3852: Fixed dhclient processes search
2021-09-28dhclient: T3852: Fixed dhclient processes searchzsdc
Backported commits: 13abffe43b2a5c41bb4ec4675c227f6cf1f868da 01158a8eaa574c48c726c20693479e4aa6e18ee6 This allows finding all running dhclient processes properly.
2021-09-27Merge pull request #1015 from sever-sever/T690Christian Poessinger
openvpn: T690: Fix template for gateway and metric
2021-09-27openvpn: T690: Fix template for gateway and metricViacheslav
Some OpenVPN clients doesnt support option gateway and metric. Set metric option only when 'metric' was added in config explicity.
2021-09-26vxlan: T3867: add multicast validator for group addressChristian Poessinger
The group CLI node takes a multicast IPv4 or IPv6 address - this must be input validated to not case any OS exception cpo@LR1.wue3# show interfaces vxlan vxlan vxlan0 { + group 254.0.0.1 source-address 172.18.254.201 + source-interface dum0 vni 10 } Results in OSError beeing rasied with the following context: Error: argument "254.0.0.1" is wrong: invalid group address (cherry picked from commit 0d7cd4ed5725d3e79faad5abc0801631c2ffc813)
2021-09-26T3866: ignore interfaces without "address" in DNS forwarding migrationDaniil Baturin
2021-09-26vyos.ifconfig: T3860: bugfix in get_mac_synthetic()Christian Poessinger
Commit 081e23996f (vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC") calculated a "stable" synthetic MAC address per the interface based on UUID and the interface name. The problem is that this calculation is too stable when run on multiple instances of VyOS on different hosts/hypervisors. Having R1 and R2 setup a connection both via "tun10" interface will become the same "synthetic" MAC address manifesting in the same link-local IPv6 address. This e.g. breaks OSPFv3 badly as both neighbors communicate using the same link-local address. As workaround one can: set interfaces tunnel tun1337 address 'fe80::1:1337/64' set interfaces tunnel tun1337 ipv6 address no-default-link-local This commit changes the way in how the synthetic MAC address is generated. It's based on the first 48 bits of a sha256 sum build from a CPU ID retrieved via DMI, the MAC address of eth0 and the interface name as used before. This should add enough entropy to get a stable pseudo MAC address. (cherry picked from commit 8d6861290f39298701b0a89bd358545763cee14b)
2021-09-26op-mode: reboot/poweroff: T3857: send wall message to all usersChristian Poessinger
(cherry picked from commit 0ee26592772a14e829d9d1f8e64f9db875f31a63)
2021-09-25op-mode: bgp: "show bgp ipv4|ipv6" should display routing tableChristian Poessinger
The <command> node was missed out when adding the XML definitions. (cherry picked from commit 801123eff1bf232ca1e5202ceb0989c2fba34c86)
2021-09-25vyos.ifconfig: dhcpv6: re-use systemd_service definition variableChristian Poessinger
(cherry picked from commit d1c58addd881e06b389799a9c14d8ebf5d03c567)
2021-09-25vyos.ifconfig: dhcp: T3300: always re-start dhcp client instead of startChristian Poessinger
Commit dd2eb5e5686655 ("dhcp: T3300: add DHCP default route distance") changed the logic on how the DHCP process is going to be started. The systemd unit was always "started" even if it was already running. It should rather be re-started to track changes in e.g. the DHCP hostname setting. (cherry picked from commit 8ba8f0e097527e3aaaf8b395bfc07cce47e2c788)
2021-09-23smoketest: T3850: use as complicated as possible public-key nameChristian Poessinger
(cherry picked from commit 6187ce264a39cd72285f6cb73cc746a04268c253)
2021-09-23T3850: Revert "login: T1948: add missing ssh-public key name regex"Christian Poessinger
This reverts commit 38e02c12a50de685c6d70954cd94a224e8083f0b.
2021-09-22smoketest: vrrp: delete interface vifs after testChristian Poessinger
(cherry picked from commit 6935c263f5022896e96bec9daa8a5ba29b04b51b)
2021-09-22vrrp: keepalived: T616: bugfix for invalid os.unlink()Christian Poessinger
Commit 260f3832 ("vrrp: keepalived: T616: drop /etc/default/keepalived") dropped the old daemon configuration but there was one line of code that tried to delete the file which was no longer present. This resulted in: KeyError: 'daemon'
2021-09-21vrrp: keepalived: T616: drop /etc/default/keepalivedChristian Poessinger
This is a follow-up commit to 65398e5c8 ("vrrp: keepalived: T616: move configuration to volatile /run directory") as it makes no sense to store a static /etc/default/keepalived file marked as "Autogenerated by VyOS" that only enabled the SNMP option to keepalived. Better pass the --snmp switch via the systemd override file and drop all other references/files.
2021-09-21vrrp: keepalived: T616: enable script securityChristian Poessinger
(cherry picked from commit 590cf0e626f6a5e813ec4f3021c028a5e098e27d)
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived. (cherry picked from commit b243795eba1b36cadd81c3149e833bdf5c5bea70)