Age | Commit message (Collapse) | Author |
|
T4906: Fix show vpn ipsec connections data
|
|
We get incorrect data when shows connections
As we get list of all connections we should compare the connection
name with entries in list and set correct data if they match
|
|
vyos.util: T4575: Add new wrapper "rc_cmd"
|
|
It is useful to have both a return code and output of the command
Add a new wrapper "rc_cmd" that returns both
% rc_cmd('uname')
(0, 'Linux')
% rc_cmd('ip link show dev fake')
(1, 'Device "fake" does not exist.')
(cherry picked from commit 14418b6d80ef4652a44d9280baf369c8e3c429fd)
|
|
[1.3] T4832: dhcp: Add dhcp option to signal IPv6-only support (RFC 8925)
|
|
Backport: T4918: op_mode interfaces: Fix show int
|
|
`show interfaces ethernet eth0` and `show interface bonding eth0`
produces the same output. While this is not a big problem it does
make usage a bit odd sometimes.
This commit adds the --intf_type option to all instances of
interfaces.py to make output consistent.
|
|
webproxy: T4927: Changed restart to reload-or-restart in commit
|
|
Changed restart to reload-or-restart in the commit.
It allows to reload the config
and not restart webproxy service during the commit.
Backported from 1.4
|
|
T4922: T4922: ssh-client backports for equuleus
|
|
used
We need to ensure that source-address is assigned on source-interface before
applying the configuration, else SSH client will have a hard time talking to
someone.
(cherry picked from commit d1ef90e1eb51334b99ad716969e17c7f257e1a39)
|
|
(cherry picked from commit 87cc636bd2baf576a2a5ece7a4f8318eb4f69c2e)
|
|
Commit 846e306700a ("ssh: T2651: add cli options for source address") added
support for a basic SSH client option, but it grabbed the entire
/etc/ssh/ssh_config file without the ability to make custom user
adjustments via the /etc/ssh/ssh_config.d/ folder.
This commit places the VyOS SSH options under /etc/ssh/ssh_config.d/ leaving
the common override system alive.
(cherry picked from commit 7763de6c4b93d3372ab3f4572d9fa6b7536102b3)
|
|
smoketest: container: T578: adjust to podman 3.0.1 JSON output
|
|
The podman version used in VyOS 1.3 differs from the one used in VyOS 1.4 as
it is currently not possible to build podman 4.2 for Debian Buster. Due to this
restriction we need to adjust the handling of the JSON output when working with
container networks.
|
|
Debian: T578: add skopeo dependency on vyos-1x-smoketest
|
|
Dependency is required for the test Docker OCI image used within the
smoketest framework
|
|
container: T578: backport podman from 1.4 development branch (equuleus)
|
|
T4898: add MTU config option for dummy interfaces (equuleus)
|
|
|
|
(cherry picked from commit e5a5684eb4004772439b2dc33ec21b7546db3fe1)
|
|
(cherry picked from commit 7923e7c57a7492111c7cec8b04228db0a6f00af3)
|
|
I use dummy interfaces in a VRF as source-interfaces for VXLAN in order to
force VXLAN send underlay UDP traffic through the VRF where the dummy interface
resides.
However dummy interface has no mtu option so it always gets an MTU of 1500.
This will cause an error when the mtu of dummy is not large enough for the
VXLAN traffic.
Adding this option in the config template will solve this.
(cherry picked from commit 1440ef93e13d15e2247cbfc2cb4ea2afb266fc9e)
|
|
T4809: radvd: (Backport) Allow the use of AdvRASrcAddress
|
|
(cherry picked from commit 65b104d6e0608e229aa36d948fabddaf3f4a0a8b)
|
|
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new
feature to set the RA source-address. Unfortunately it missed a semicolon.
(cherry picked from commit 4e61fb1f0fd075c5b1a67165204e13f88a7d3015)
|
|
T3810: Fixed all issues in T3810
|
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
5. Fixed generation dest local sections in squidGuard.conf
6. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
7. Backported all changes from 1.4 to 1.3 which were made in T3810
8. Fixed webproxy smoketest
|
|
This add the AdvRASrcAddress configuration option to configure
a source address for the router advertisements. The source
address still must be configured on the system. This is useful
for VRRP setups where you want fe80::1 on the VRRP interface
for cleaner VRRP failovers.
|
|
GitHub: sync to author assign workflow changed from current
|
|
Use the vyos/reviewers team instead of individuals.
|
|
backport: T4515: T4219: policy local-route6 and inbound-interface support
|
|
firewall: T4709: fix firewall MSS clamping issues
|
|
T4874: Added Warning message
|
|
Added the ability to call Warning messages
|
|
T4812: Add op-mode Show vpn ipsec connections
|
|
Add op-mode CLI "show vpn ipsec connections"
Add the ability to show all configured connections/tunnels and
their states.
|
|
Clients supporting this DHCP option (DHCP option 108, per RFC 8925) will
disable its IPv4 network stack for configured number of seconds
and operate in IPv6-only mode.
Example clients supporting this option including iOS 15+ and macOS 12.0.1+.
|
|
backport: T4815: Fix various name server config issues
|
|
This is a backport of https://github.com/vyos/vyos-1x/pull/1656.
Note I also changed `ip-down.script.tmpl` to not wait for `systemctl
stop dhcp6c@$iface.service`, because that command is slow and pppd will
kill the ip-down script if it times out.
I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch.
Not sure if there is another mechanism to handle that functionality or
it is missed.
|
|
backport: dns: T4799: fixed powerdns not being reloaded by vyos-hostsd
|
|
PowerDNS version 4.7 and above has changed the main process name from
'pdns-r/worker' to 'pdns_recursor'. This commit updates the process
name check to use the new name.
(cherry picked from commit ff09d4f47e5f54fad8258cd27fb0adfaa4c552b3)
|
|
strip-private: T4177: Fix for hiding private data token/url/bucket
|
|
Add URL, token and bucket hidind data when is used function
"strip-private"
(cherry picked from commit f12d8b5a575f4b454426fe11f65b5add966ca53c)
|
|
keepalived: T4526: keepalived-fifo.py unable to load config
|
|
snmp: T4785: allow !, @, * and # in SNMP community name (equuleus)
|
|
keepalived-fifo.py cannot load the VyOS config because the
script is started before the commit is completely finished.
This change makes sure the script waits for the commit
to be completed. It retries every 0.5 seconds. If the commit
is still not completed it will continue as did the original
implementation.
|
|
(cherry picked from commit 3f91033927d80748b70e1ef58b2941643d1aca33)
|
|
(cherry picked from commit dda62226353ebc198b4dbbd319412bb5d1d1ece2)
|
|
ddclient: T4743: Add option for IPv6 Dynamic DNS
|