Age | Commit message (Collapse) | Author |
|
ethernet: T4538: fix wrong systemd unit used for EAPoL (equuleus)
|
|
bridge: T4632: vlan aware bridge lacks CPU forwarding
|
|
The VLAN aware bridge was forwarding traffic between member ports, but traffic
destined torwards the CPU was dropped. This resulted in a gateway not reachable
or DHCP leases that could not be handed out.
Tested via:
VyOS
set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth1 allowed-vlan '10'
set interfaces bridge br0 member interface eth1 allowed-vlan '20'
set interfaces bridge br0 member interface eth1 allowed-vlan '30'
set interfaces bridge br0 member interface eth1 allowed-vlan '40'
set interfaces bridge br0 member interface eth1 native-vlan '40'
set interfaces bridge br0 member interface eth2 allowed-vlan '30'
set interfaces bridge br0 member interface eth2 allowed-vlan '20'
set interfaces bridge br0 member interface eth2 allowed-vlan '10'
set interfaces bridge br0 member interface eth2 allowed-vlan '40'
set interfaces bridge br0 vif 10 address '10.0.10.1/24'
set interfaces bridge br0 vif 20 address '10.0.20.1/24'
set interfaces bridge br0 vif 30 address '10.0.30.1/24'
set interfaces bridge br0 vif 40 address '10.0.40.1/24'
Arista vEOS
vlan 10,20,30,40
interface Ethernet1
switchport trunk allowed vlan 10,20,30,40
interface Vlan10
ip address 10.0.10.2/24
interface Vlan20
ip address 10.0.20.2/24
interface Vlan30
ip address 10.0.30.2/24
interface Vlan40
ip address 10.0.40.2/24
interface Ethernet1
switchport trunk allowed vlan 10,20,30,40
switchport mode trunk
spanning-tree portfast
Cisco vIOS
interface GigabitEthernet0/0
ip address 10.0.40.3 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.10.3 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 10.0.20.3 255.255.255.0
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 10.0.30.3 255.255.255.0
!
(cherry picked from commit f60d0e1ce029925b843f635b36154c90049b9577)
|
|
T4629: Raised ConfigErrors contain dict instead of only the dict key (equuleus)
|
|
interface dict on error
(cherry picked from commit 475fbb785dca76868715827833dc44115635c4a6)
|
|
When MACsec was bound to an ethernet interface and the underlaying
source-interface got changed (even description only) this terminated the
MACsec session running on top of it.
The root cause is when EAPoL was implemented in commit d59354e52a8a7f we
re-used the same systemd unit which is responsible for MACsec. That indeed lead
to the fact that wpa_supplicant was always stopped when anything happened on
the underlaying source-interface that was not related to EAPoL.
(cherry picked from commit f92a23ef9ab8be59681e5b7ba627e399d89bce53)
|
|
ocserv: openconnect: T4614: add support for split-dns (equuleus)
|
|
syslog: T4039: Add protocol23format logging for UDP
|
|
Add protocol23format for rsyslog protocol UDP
Add ability to use IPv6 addresses (bracketize_ipv6) for
protocol TCP and UDP, when protocol is configured explicity
|
|
Debian: T4584: remove version number from hostap package requirement
|
|
(cherry picked from commit 681bdf2946d1d10f3b432f70452a8d018b7a98ae)
|
|
To reproduce:
set vpn openconnect authentication mode local
commit
Traceback (most recent call last):
File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 147, in <module>
verify(c)
File "/usr/libexec/vyos/conf_mode/vpn_openconnect.py", line 64, in verify
if not ocserv["authentication"]["local_users"] or not ocserv["authentication"]["local_users"]["username"]:
KeyError: 'local_users'
|
|
set vpn openconnect network-settings split-dns <domain>
(cherry picked from commit e41685a2f56cca0a53b4f8c084f61a85cf561c80)
|
|
(cherry picked from commit bd102eac6d0c97a5f75324d1248814ebdad42da5)
|
|
MACsec: T4537: fix AES-GCM-256 support
|
|
(cherry picked from commit 0943ac00412b0049b7a20a54e27e7b8025726598)
|
|
AES-GCM-256
(cherry picked from commit e19889adf8cef101d85a279055271a68b078ec73)
|
|
(cherry picked from commit 993961f60ead2a18912eb577b1152463d4eb8b4e)
|
|
(cherry picked from commit 17e76dc77801ac58b2587f664c884c0d671a55c0)
|
|
(cherry picked from commit 258e6873b60531fe70d868d2e53ce2f921fe7f13)
|
|
(cherry picked from commit fa25d349aebc86e43957f37db765787fb7e431db)
|
|
(cherry picked from commit 5e919d3f91bccaf64878a94756c21766896db132)
|
|
(cherry picked from commit b2ff1407330e383a9fff688376377efc534bcfbc)
|
|
(cherry picked from commit bc70c1f502bc587627b1bd15f6803c6c09d20a66)
|
|
(cherry picked from commit 82d8494d349edd7707c3811a71ca0e9c0648204e)
|
|
(cherry picked from commit 393355f7feaa921eba46b83d4f15ad4a5c37adab)
|
|
Fix missing dict_search import in interfaces-macsec.py
|
|
|
|
mtu: T4572: Add DHCP-option MTU to get values from DHCP-server
|
|
bridge: bugfixes for equuleus
|
|
backport: router-advert: T4582: fix preferred cannot equal valid lifetime
|
|
Ability to get MTU from DHCP-server and don't touch it per
any interface change if interface 'dhcp-options mtu' is
configured
(cherry picked from commit 29b0ee30bf2622a40ca3d17e3f6b9e94e5b62072)
|
|
(cherry picked from commit a09359828e38c5b51a4579af16b5ea263a98233f)
|
|
We should not print the entire dictionary - we only need the bridge interface
name:
Bug:
Cannot assign address to interface "eth1" as it is a member of bridge
"{'br0': {'allowed_vlan': ['5-50', '101'], 'native_vlan': '101'}}"!
Fixed:
Cannot assign address to interface "eth1" as it is a member of bridge
"br0"!
(cherry picked from commit 71f2f2d789bd3452ca7b5306f39df5f6537bfef0)
|
|
Allows preferred lifetime for prefix advertisements to equal the
configured valid lifetime as per RFC 4861.
(cherry picked from commit f6efe3035d352970dc492450c3c9ddf710dda5fe)
|
|
aware bridge
(cherry picked from commit dbc8e243e13b370e74c6ab20b642c881b6377bd5)
|
|
... otherwise functionality like bridge VLANs will loose configuration
on membe rinterface update (e.g. description)
(cherry picked from commit a295ec1fc4cb9cdbb0bd5efd7c8e72060ce036f5)
|
|
(cherry picked from commit 54227591a0eb3c7aa8c896c6ec8b1826ce070ddf)
|
|
Interface() base class already takes care about VLAN creation/removal of
newly added or no longer required interfaces. No need to code this logic again.
(cherry picked from commit 41477cc85208507be55f8db4e412ad78eae764eb)
|
|
(cherry picked from commit 99ff0ac7d29a65466a0fe4a12ef1a42cce90ece0)
|
|
snmp: T2763: Add protocol TCP for service SNMP
|
|
equuleus: Bond and Bridge interface fixes + new smoketests
|
|
smoketest: T4532: Fix for smoketest flow-accounting
|
|
(cherry picked from commit 81e0f4a8dece85da7169ba05448e870206aaf57b)
|
|
When removing a VRF from an ethernet interface and adding the interface to a
bond in the same commit led to an OSError: [Errno 16] Device or resource busy!
(cherry picked from commit 3592f56a8deb6c44dcdd7a44ef54fc2c39eb1a3b)
|
|
This extends commit 39157912 ("vyos.configdict(): T4228: is_member() must use
the "real" hardware interface") and returns the config dict of the used member
interfaces.
(cherry picked from commit 5b4f76429989a6ab8ca64aeed5a1fae09fe7c6ca)
|
|
It makes no sense to enslave an interface to a bond or a bridge device if it is
bound to a given VRF. If VRFs should be used - the encapuslating/master
interface should be part of the VRF.
Error out if the member interface is part of a VRF.
(cherry picked from commit 87d2dff241d9ab4de9f3a2c7fbf9852934557aef)
|
|
VRF names: "add, all, broadcast, default, delete, dev, get, inet,
mtu, link, type, vrf" are reserved and cannot be used for vrf name
(cherry picked from commit 52342f389af2da2995b858d026e6fbcad5c8bfaa)
|
|
(cherry picked from commit 74d6a7e4fc9e2e929c5f899070e6fc3e3e3b5ceb)
|
|
Commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real"
hardware interface") added a bugfix on calling is_member() to retrieve the real
physical information about an interface. It did not include a code path to also
split up VLAN interfaces.
This has been fixed.
(cherry picked from commit fdeae251431cb747e8f60d96269b4365b7401807)
|