Age | Commit message (Collapse) | Author |
|
Commit b0520172 ("dhcpv6-server: T3549: fix incorrect syntax for global
name-server definition") changed how the daemon configuration represents global
DNS nameservers.
Test updated.
(cherry-picked from commit ae57c5dc783d8c87382e25e031e21d8c2be59d03)
|
|
dhcp6.name-servers is a comma-delimited, multi-value list of name-servers that
should only appear once in the dhcpdv6.conf file.
|
|
It is not possible to change the VLAN encapsulation protocol "on-the-fly". For
this "quirk" we need to actively delete and re-create the VIF-S interface.
(cherry picked from commit cd504035015dca62149b57bc07d8e002bd8723b1)
|
|
As we do not allow any invalid raw options passed into ISC dhcpd we should also
verify this behavior with a smoketest.
(cherry picked from commit 8ab55eb237370b2152b2c0027af5cf16a69675af)
|
|
The problem of using the move() operation over render() is that render will
silently create the directory tree in the background and move() does not.
This means that on first boot when /run/dhcp-server does not exist, move will
fail with a FileNotFoundError.
Instead of using move() we render() the configuration two times, one for
validating it via dhcpd -t and the other time to really apply it to the service.
The performance impact should be little as the config should still be cached in
the system RAM.
(cherry picked from commit 1f68b69328c961e450ac70b12f7bf073d70355d7)
|
|
(cherry picked from commit 37f3ead353625b53cfa8953196a9c32b42a10e7f)
|
|
(cherry picked from commit d96336a808e500934fc4fd9423345d0b965d35ac)
|
|
(cherry picked from commit b3d914edcb506bb25c3798683cda341b8acbb0ad)
|
|
(cherry picked from commit 5501e5f1de0201f4c977a8027b6e97caf1affa1b)
|
|
If the script name is mangled, for any reason (e.g. missing support for
script arguments) checking against the exclude_set will yield a false
positive; check against the include_set, even if this is a longer
search.
(cherry picked from commit 93c07ea1edff3f6f84285322b494a24b807ccc25)
|
|
The current DHCP server implementation comes with options (see below) which
allow the user to pass in any arbitrary option(s) in a verbatim way which will
manifest in dhcpd.conf.
The options are:
* set service dhcp-server global-parameters
* set service dhcp-server shared-network-name foo shared-network-parameters
* set service dhcp-server shared-network-name foo subnet 192.0.2.0/25
subnet-parameters
* set service dhcp-server shared-network-name foo subnet 192.0.2.0/25
static-mapping ff static-mapping-parameters
Having an invalid configuration will yield:
vyos@vyos# commit
[ service dhcp-server ]
Configuration file errors encountered - check your options!
[[service dhcp-server]] failed
(cherry picked from commit 3c754695590b9d9e582c10e6d05c2b628e79262c)
|
|
Option specifying the rate in which we'll ask our link partner to transmit
LACPDU packets in 802.3ad mode.
set interfaces bonding bond0 lacp-rate <slow|fast>
slow: Request partner to transmit LACPDUs every 30 seconds (default)
fast: Request partner to transmit LACPDUs every 1 second
(cherry picked from commit 8e392a3dbc16f7b80a979f7b4e9c11408d700e6f)
|
|
(cherry picked from commit ca75162b3bbace38fcad5c91ad07c4fedac8444c)
|
|
(cherry picked from commit eeb9687bb9aaf6050b0a8759767f08ab8faac442)
|
|
|
|
(cherry picked from commit 59a82d4ba9790a61b5dc321544a7aa2a10e18322)
|
|
|
|
(cherry-picked from commit 60e3b3ef23a56edadab6abac00175433f99986c8)
|
|
(cherry picked from commit 117533482d29ce0bd1bc7f3a3f2536921c16565c)
|
|
ipsec: T3333: Fix status for SA state op-mode
|
|
|
|
(cherry picked from commit 44d4b6e663aa0df979b37299fbbc3b5b698c5379)
|
|
(cherry picked from commit e1563f9d175026488a36d52a6ffcfb6745d56644)
|
|
(cherry picked from commit b6301bfd6a6cb084671fd24970a4a06b10a89d90)
|
|
(cherry-picked from commit efa744c63b388773a4ea76d0f690042ec1689159)
|
|
(cherry picked from commit daf377aca3511e8ad74854828f3aaa1dd99f0a91)
|
|
generate wireguard mobile-config wg0 server wg.vyos.net address 1.2.2.2/24
WireGuard client configuration for interface: wg0
[Interface]
PrivateKey = AEXrZ4b3xFVLg1lql3hy/93+d43q3+3vPdSMUGI6/Fo=
Address = 1.2.2.2/24
[Peer]
PublicKey = h1HkYlSuHdJN6Qv4Hz4bBzjGg5WUty+U1L7DJsZy1iE=
Endpoint = wg.vyos.net:41751
AllowedIPs = 0.0.0.0/0, ::/0
The servers public key and port are automatically extracter from the running
config.
(cherry picked from commit 92d62740a1dd84d27ed3006cdc8d2560673f6bca)
|
|
equuleus
|
|
(cherry picked from commit 85d0ae7b434a3ae9f3bd50ad7fee1fcd23b26a26)
|
|
(cherry picked from commit 91130ca7c386ecba291694ff08e521438d352e78)
|
|
The previously used regex allowed an address value of "dhcpfoo" which is invalid
and will raise an OSError. Harden the regex that it explicitly must be dhcp or
dhcpv6.
(cherry picked from commit dd4c60c1c3423f02457bc1dcc25e36d03d537a5f)
|
|
(cherry picked from commit e96932cbd99f508f9f5c24b207b5650aa8817e45)
|
|
(cherry picked from commit bafdc46e7af94b32aa3fed90c287ac170d764b7d)
|
|
util: T3356: Fix password variables
|
|
|
|
Since in some cases a dhclient command may not end with an interface name, the
way to find out a list of dhclients running for a current interface was replaced
to catch PIDs regardless of the exact command syntax.
(cherry picked from commit 13abffe43b2a5c41bb4ec4675c227f6cf1f868da)
|
|
Sometimes a modem might give a local IP before it retrieves a WAN IP.
This can be an issue with failover routes,
since the default route will get overridden.
(cherry picked from commit e8535616aae2bf0c20aacee6a4d0761183bae6d9)
|
|
(cherry picked from commit 0ac696663b6885e659987efdbe83ae7d4a3f7779)
|
|
Removing a VLAN (VIF) interface from the CLI always deleted all interfaces the
kernel listed as "upper" in the /sys/class/net folder. This had the drawback
that when deleting a VIF, also the VRF interface was simply deleted - killing
all VRF related services.
(cherry picked from commit 6458f91735412fb2e6e7e37f7b3e6ca587a5a235)
|
|
Add a new CLI command "monitor log colored" to run the log file monitoring
through grc (https://github.com/garabik/grc).
(cherry picked from commit 6330708f7ad50e56b16e1c7bc671eaddcd758bdb)
|
|
|
|
(cherry picked from commit 52323dcd620ef1b6d716787c9c4729b9ae9ee7e0)
|
|
(cherry picked from commit f22fa8e6454b1cd2539ddb7c354ac9eeeac725c5)
|
|
T3356, T3284: Backport remote.py fixes to Equuleus
|
|
|
|
op-mode: ipsec: T3055: Fixed parsing peer name error
|
|
|
|
(cherry picked from commit 137f50a1f00073842364ee373f98e1e215671c6b)
|
|
We can leak routes back to the default VRF, thus the check added by commit
9184dfb5 ("static: vrf: T3344: add target vrf verify()") must have a "bail out"
option when one want's to leak routes into the default VRF.
(cherry picked from commit 5adcc4ca30676338fca9a06409bbc72af4f68a1f)
|
|
ddclient: T3422: Allow zone property with cloudflare protocol
|