Age | Commit message (Collapse) | Author |
|
T5058: Fix IPoE regex Jinja2 for interface
|
|
T3083: Add service event-handler
|
|
Event-handler allows executing a custom script when detects
some configured "pattern regex"
set service event-handler event first filter pattern '.*ssh2.*'
set service event-handler event first script arguments '192.0.2.5'
set service event-handler event first script environment interface value 'eth0'
set service event-handler event first script path '/config/scripts/hello.sh'
It is the backport from 1.4
|
|
Fix incorrect regex '\d+' when used vlan ranges
For example 'ipoe-server interface eth1 vlan 2000-3000'
- replace 'interface=re:eth1\.\d+'
=> 'interface=re:^eth1\.(200\d|20[1-9]\d|2[1-9]\d{2}|3000)$'
|
|
Add template filter 'range_to_regex'
Convert range of numbers or list of ranges to regex
% range_to_regex('11-12')
'(1[1-2])'
% range_to_regex(['11-12', '14-15'])
'(1[1-2]|1[4-5])'
|
|
T5033: Ability to generate muliple keys from a file or link
|
|
T5066: Fix GRE tunnel variable name for verify check keys
|
|
|
|
openvpn: T4381: Add tunnel ip column for status command
|
|
configdiff: T4900: cache diff_tree and diff_dict in Config instance
|
|
(cherry picked from commit 779f4001a4828f1af39a5b0b861d62635fcb3726)
|
|
Added the tunnel ip column to see the assigned ip address in server mode
(cherry picked from commit 500c182c4fa4e0fa030b7c68139fbe948266c49b)
|
|
(cherry picked from commit d2330b00f109a9c837fc8ae6971e2f6bfa7eb372)
|
|
T4014: T4014: container backports for equuleus
|
|
(cherry picked from commit d14a6814acb173cdc6df13212620f7da330434ed)
|
|
Ability setting container hostname
This host name is used as /etc/hostname
set container name <tag> host-name 'mybox'
(cherry picked from commit c68d73e6720a7df2b48df17ac7b9b4c906e0294c)
|
|
options for containers
(cherry picked from commit 53aebddb4ca54b0cc4a296d6cc4c4d960c5f1d73)
|
|
We generate only one public key (string) from a file xxx.pub
op-mode with 'generate public-key-command user vyos lik_to_key_file'
Add ability to generate configuration (from op-mode) for multiple keys
As github keys don't use identifiers, generate uuid4 id for them
|
|
openconnect: T4955: Removed wrong authserver in radiusclient.conf
|
|
macsec: T5008: Changed length of CKN to (2..64 hex-digits)
|
|
Based on wpa_supplicant documentation.
mka_ckn (CKN = CAK Name) takes a 1..32-bytes (8..256 bit)
hex-string (2..64 hex-digits)
Changed allowable length of CKN from strong 64 hex-digits
to the range (2..64 hex-digits)
|
|
T5007: Fix multicast implementation for the tunnel interfaces
|
|
Multicast has not been implemented for the tunnel interfaces.
We have only configuration CLI commands that do anything.
Fix it.
ip link set dev <tag> multicast on
ip link set dev <tag> multicast off
(cherry picked from commit ac821d0d1764e9623015e04c5158a06c00ab370b)
|
|
T5011: Set default values for min_mtu max_mtu
|
|
T4978: Default values of port rewrite default container values
|
|
As we have the same variable name 'default_values' for container
name, port and volume, it rewrites default container parameters
with default port parameters
Fix it
(cherry picked from commit 679efe8ac7998ba1b8f3c7c4bfc7508d8869907d)
|
|
Some interface drivers don't support/provide min_mtu and max_mtu values
For example VyOS in docker container with 'veth' driver on some
platforms
As a workarund add default values for min/max MTU for calculations
and pass function "verify_mtu(config)"
(cherry picked from commit 87fb9be4cab3a261406c69c723add7467e4ef1fa)
|
|
After merging config dictionary with default values,
radius port the default value was merged not in a proper way.
It is added as a server.
After creating radiusclient.conf added
and the illegal authserver equal 'port'.
Backported from 1.4
|
|
T4971: Accel-ppp verify if client_ip_pool key exists in config
|
|
If 'client_ip_pool' not exists in config we cannot search it
in the dictionary
dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name'])
Add check for Equuleus
|
|
smoketest: tftp: T4012: extend process scanning loop for VRFs (equuleus)
|
|
T5009: relay: Fix op-mode for restarting dhcp relay service
|
|
|
|
This extends commit c6016db17ef ("smoketest: tftp: T4012: add busy waiting loop
when validating service availability") so that we also wait when reading in
the VRF result(s).
|
|
T4971: PPPoE server add named ip pool and attr Framed-Pool
|
|
T1993: PPPoE-server add section shaper and fwmark option
|
|
T5001: Replace links to the phabricator site (equuleus)
|
|
Replace links to the phabricator site from https://phabricator.vyos.net to
https://vyos.dev
(cherry-picked form commit bd9416a6aa9d5d0a746dc2cebc8d0330fd27d1a2)
|
|
Add a new feature to allow to use named pools
Also it can be used with RADIUS attribute 'Framed-Pool'
set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1'
set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
|
|
Add accel-ppp include client-ip-pool-name.xml.i
Can be used in other accep-ppp CLI as "include"
|
|
Backport "dict_search_recursive" from vyos.util 1.4 to 1.3
data = {
'interfaces': {'dummy': {'dum0': {'address': ['192.0.2.17/29']}},
'ethernet': {'eth0': {'address': ['2001:db8::1/64', '192.0.2.1/29'],
'description': 'Test123',
'duplex': 'auto',
'hw_id': '00:00:00:00:00:01',
'speed': 'auto'},
'eth1': {'address': ['192.0.2.9/29'],
'description': 'Test456',
'duplex': 'auto',
'hw_id': '00:00:00:00:00:02',
'speed': 'auto'}}}
}
dict_search_recursive(data, 'hw_id') will yield both '00:00:00:00:00:01' and
'00:00:00:00:00:02' as generator object.
|
|
Extended PPPoE-server rate-limiter to avoid shaping marked resources
Often this feature needs for ISP, which provides access to some IX
or its resources.
set service pppoe-server shaper fwmark '223'
|
|
T2603: PPPoE-server change default min-mtu value 1280 for Equuleus
|
|
Minimum acceptable MTU. If client will try to negotiate less then
specified MTU then it will be NAKed or disconnected if rejects
greater MTU.
Change 'min-mtu' from 1492 to 1280 for 1.3.3
|
|
smoketest: tftp: T4012: add busy waiting loop when validating service availability
|
|
availability
TFTP daemon is started as "fire and forget" and systemctl can return (thus
commit will return) but the daemon itself is not yet running.
This adds a loop checking if the service runs and will fail after 10 seconds.
|
|
T4975: always sync() filesystem after commit (equuleus)
|
|
This reverts commit 7b36c363cd5b0168bd83c399f50a0a360ba3ee58.
A general solution is implemented in Commit ae9dde04 ("T4975: always sync()
filesystem after commit").
|
|
(cherry picked from commit 29a44a73c638cb22839aa32986de367231b6efe9)
|
|
login: T4975: Fixed broken CLI commands
|