Age | Commit message (Collapse) | Author |
|
After hardning the regex validator to be preceeded with ^ and ending with $
it was no longer possible to have a comma separated list as SSH ciphers. The
migrations cript is altered to migrate the previous comma separated list
to individual multi node entries - cipher and key-exchange always had been
multinodes - so this just re-arranges some values and does not break CLI
compatibility
(cherry picked from commit 61fa1c95164e4222e79b078b1a796f41397e0ee3)
|
|
|
|
(cherry picked from commit 0ec8927476e7d654d52df4c803a6694be0b1e9e2)
|
|
(cherry picked from commit be60d39332b753f5fe35101efe3463eebea2cb9d)
|
|
(cherry picked from commit 15eff1682613ad20f83c46fded866b132a1fb814)
|
|
(cherry picked from commit faa63999ca1fe11cc25e8a241e75a451a53ffa26)
|
|
(cherry picked from commit 53517de05e9566c35218d1f07cacb1bff98a46d9)
|
|
(cherry picked from commit e64d45717940aa4fb4a072065bdfa04f884d00cc)
|
|
When changing "general" parameters like:
- interface IP address
- MTU
- description
the interface is destroyed and recreated ... this should not happen!
(cherry picked from commit 2373b232849c847717cbdcfac7390d8376e227ca)
|
|
If a valueLess node is added or removed from the CLI, a call to
leaf_node_changed() will not detect it.
If node is valueLess, on change old or new (depending on addition or deletion)
will be {} and is treated as None.
Add handler for this special case where old or new is an instance of a
dictionary but empty.
(cherry picked from commit 149f704a172fb14f16d0ba00ef237b972539492f)
|
|
This reverts commit e11a7ff1b2817cc8f4b595171fe82a43a209ebc2.
|
|
This reverts commit ed7c674da17519e6331a9cef8522c5e49251d505.
|
|
This reverts commit b71a04811bd61e1faf2bc4eaceaaae8bdbf97dc6.
|
|
This reverts commit ad26e92a5dccb4a7b6777d11781c323af2557db7.
|
|
This reverts commit 72d7152f794cfe48821797d62865024c1843096e.
|
|
(cherry picked from commit c3661c8d5d7e8f5c1d040cadf134e87f0d77e28e)
|
|
(cherry picked from commit 3a605ad020d8d20b08a72cb1284f6e590d1fd7b5)
|
|
(cherry picked from commit 25b2f2a8057260ad0d2c59823618d7c9f0fba707)
|
|
(cherry picked from commit d418cd36027aef5993122ec62419e8c66fe7a1ed)
|
|
VXLAN does support using multiple remotes but VyOS does not. Add the ability
to set multiple remotes and add their flood lists using "bridge" command.
(cherry picked from commit 0ecddff7cffa8900d351d5c15e32420f9d780c0b)
|
|
(cherry picked from commit 529af7898d062b42ac33e15bfdc62c14184e098f)
|
|
Commit 5d14a04b ("smoketest: dhcp: T4203: move testcase to base class") added
global support in the test case framework for DHCP tests. Some interfaces (e.g.
MACsec) require additional options to be passed before the test can be launched.
In the MACsec case this includes a source interface, or encryption ciphers.
(cherry picked from commit 5ae566086c5c190d52b15f64454abcae9c8a1d46)
|
|
We do not only provide DHCP functionality to ethernet interfaces, it's a common
feature so the testcase should be made available for multiple interface types.
(cherry picked from commit 5d14a04b6ffbd592e8257d98d71da5acb1bb45a9)
|
|
In the past whenever a change happened to any interface and it was configured
as a DHCP client, VyOS always had a breif outage as DHCP released the old lease
and re-aquired a new one - bad!
This commit changes the behavior that DHCP client is only restarted if any one
of the possible options one can set for DHCP client under the "dhcp-options"
node is altered.
(cherry picked from commit 3a1a7c40a13ee9f5561823a79876d88d3f5bf053)
|
|
backport: T4515: T4219: policy local-route6 and inbound-interface support
|
|
Commit 5fc9ef9e ("DHCP : T4258: Set correct port for dhcp-failover") changed
how the failover port is rendered into the ISC DHCPd configuration - adjustment
of the smoketests was missed out.
(cherry picked from commit 29ba813fb65b8b292105cdae4f8f71fcce6350a1)
|
|
(cherry picked from commit 5fc9ef9e31eb566a601f8a150c69b183a4331564)
|
|
(cherry picked from commit 9e626ce7bad2bd846826822a3622fedf2d937e09)
|
|
openvpn: T3686: Fix for check local-address in script and tmpl
|
|
vrrp: T1972: Ability to set IP address on not vrrp interface
|
|
VLAN isolation can not be "set" when interface is of type wifi.
(cherry picked from commit 1ceaed55a629c92cf42baccdef4106e8d0e4914e)
|
|
|
|
Ability to set virtual_address on not vrrp-listen interface
Add ability don't track primary vrrp interface "exclude-vrrp-interface"
Add ability to set tracking (state UP/Down) on desired interfaces
For example eth0 is used for vrrp and we want to track another eth1
interface that not belong to any vrrp-group
set high-avail vrrp group WAN interface 'eth0'
set high-avail vrrp group WAN virtual-address 192.0.2.222/24 interface 'eth2'
set high-avail vrrp group WAN track exclude-vrrp-interface
set high-avail vrrp group WAN track interface 'eth1'
|
|
dhcpv6-server: T3494: Get address from network to correct sorting
|
|
|
|
Local-address should be checked/executed only if it exists in the
openvpn configuration, dictionary, jinja2 template
(cherry picked from commit 230ac0a202acd7ae9ad9bccb9e777ee5a0e0b7b7)
|
|
.sort() is an inplace operation and return None...
|
|
|
|
|
|
Adds support for `ip -6 rule` policy based routing.
Also, extends the existing ipv4 implemenation with a
`destination` key, which is translated as
`ip rule add to x.x.x.x/x` rules.
https://phabricator.vyos.net/T4151
|
|
(cherry picked from commit 122c7a53575f67759f157e02eca776f799658dc1)
|
|
interface
It is impossible for the OS kernel to distinguish multiple GRE tunnels when no
"gre key" is configured when sourcing tunnels from the same interface.
(cherry picked from commit 6f1326d6b68f6dcb83843374c876407ef2922bd1)
|
|
We always mangled and worked on the "ip rule" singleton even when nothing
needed to be changed. This resulted in a VRF hickup when the same VRF was added
and removed multiple times.
set interfaces ethernet eth1 vrf foo
set vrf name foo table '1000'
commit
delete interfaces ethernet eth1 vrf
delete vrf
commit
set interfaces ethernet eth1 vrf foo
set vrf name foo table '1000'
commit
broke reachability on eth1 - a reboot was required.
This change will now only alter the ip rule tables once when VRF instances
are created for the first time and will not touch the Kernel "ip rule"
representation afterwards.
(cherry picked from commit 2cec431e5caf9df85640f707cd6dc3077c17c238)
|
|
(cherry picked from commit b40315b3c5051888f499961e63410e14c5d1bad7)
|
|
(cherry picked from commit 812d9770619b968b04961aebf3944fde13df491b)
|
|
(cherry picked from commit d96bab4e6da517f07133667834cd6f8bcfb5160f)
|
|
conntrack-sync: T4237: Fix checks for listen-address list to str
|
|
Verify section conntrack_sync.py funciton 'is_addr_assigned'
should checks address as string not as list
|
|
As INFLUX_TOKEN is present in override.conf.tmpl environment we expect
variable "$INFLUX_TOKEN" in the telegraf template and config but not
value of the token
(cherry picked from commit 19f65290529ac642da419ac77003ddaa70d0cc67)
|
|
monitoring: T3872: Add new feature service monitoring telegraf
|