Age | Commit message (Collapse) | Author |
|
The podman version used in VyOS 1.3 differs from the one used in VyOS 1.4 as
it is currently not possible to build podman 4.2 for Debian Buster. Due to this
restriction we need to adjust the handling of the JSON output when working with
container networks.
|
|
Debian: T578: add skopeo dependency on vyos-1x-smoketest
|
|
Dependency is required for the test Docker OCI image used within the
smoketest framework
|
|
container: T578: backport podman from 1.4 development branch (equuleus)
|
|
T4898: add MTU config option for dummy interfaces (equuleus)
|
|
|
|
(cherry picked from commit e5a5684eb4004772439b2dc33ec21b7546db3fe1)
|
|
(cherry picked from commit 7923e7c57a7492111c7cec8b04228db0a6f00af3)
|
|
I use dummy interfaces in a VRF as source-interfaces for VXLAN in order to
force VXLAN send underlay UDP traffic through the VRF where the dummy interface
resides.
However dummy interface has no mtu option so it always gets an MTU of 1500.
This will cause an error when the mtu of dummy is not large enough for the
VXLAN traffic.
Adding this option in the config template will solve this.
(cherry picked from commit 1440ef93e13d15e2247cbfc2cb4ea2afb266fc9e)
|
|
T4809: radvd: (Backport) Allow the use of AdvRASrcAddress
|
|
(cherry picked from commit 65b104d6e0608e229aa36d948fabddaf3f4a0a8b)
|
|
Commit 13071a4a ("T4809: radvd: Allow the use of AdvRASrcAddress") added a new
feature to set the RA source-address. Unfortunately it missed a semicolon.
(cherry picked from commit 4e61fb1f0fd075c5b1a67165204e13f88a7d3015)
|
|
T3810: Fixed all issues in T3810
|
|
1. Added in script update webproxy blacklists generation of all DBs
2. Fixed: if the blacklist category does not have generated db,
the template generates an empty dest category
in squidGuard.conf and a Warning message.
3. Added template generation for local's categories
in the rule section.
4. Changed syntax in the generation dest section for blacklist's
categories
5. Fixed generation dest local sections in squidGuard.conf
6. Fixed bug in syntax. The word 'allow' changed to the word 'any'
in acl squidGuard.conf
7. Backported all changes from 1.4 to 1.3 which were made in T3810
8. Fixed webproxy smoketest
|
|
This add the AdvRASrcAddress configuration option to configure
a source address for the router advertisements. The source
address still must be configured on the system. This is useful
for VRRP setups where you want fe80::1 on the VRRP interface
for cleaner VRRP failovers.
|
|
GitHub: sync to author assign workflow changed from current
|
|
Use the vyos/reviewers team instead of individuals.
|
|
backport: T4515: T4219: policy local-route6 and inbound-interface support
|
|
firewall: T4709: fix firewall MSS clamping issues
|
|
T4874: Added Warning message
|
|
Added the ability to call Warning messages
|
|
T4812: Add op-mode Show vpn ipsec connections
|
|
Add op-mode CLI "show vpn ipsec connections"
Add the ability to show all configured connections/tunnels and
their states.
|
|
backport: T4815: Fix various name server config issues
|
|
This is a backport of https://github.com/vyos/vyos-1x/pull/1656.
Note I also changed `ip-down.script.tmpl` to not wait for `systemctl
stop dhcp6c@$iface.service`, because that command is slow and pppd will
kill the ip-down script if it times out.
I didn't see `ip-down.script.tmpl` or its equivalent in the 1.4 branch.
Not sure if there is another mechanism to handle that functionality or
it is missed.
|
|
backport: dns: T4799: fixed powerdns not being reloaded by vyos-hostsd
|
|
PowerDNS version 4.7 and above has changed the main process name from
'pdns-r/worker' to 'pdns_recursor'. This commit updates the process
name check to use the new name.
(cherry picked from commit ff09d4f47e5f54fad8258cd27fb0adfaa4c552b3)
|
|
strip-private: T4177: Fix for hiding private data token/url/bucket
|
|
Add URL, token and bucket hidind data when is used function
"strip-private"
(cherry picked from commit f12d8b5a575f4b454426fe11f65b5add966ca53c)
|
|
keepalived: T4526: keepalived-fifo.py unable to load config
|
|
snmp: T4785: allow !, @, * and # in SNMP community name (equuleus)
|
|
keepalived-fifo.py cannot load the VyOS config because the
script is started before the commit is completely finished.
This change makes sure the script waits for the commit
to be completed. It retries every 0.5 seconds. If the commit
is still not completed it will continue as did the original
implementation.
|
|
(cherry picked from commit 3f91033927d80748b70e1ef58b2941643d1aca33)
|
|
(cherry picked from commit dda62226353ebc198b4dbbd319412bb5d1d1ece2)
|
|
ddclient: T4743: Add option for IPv6 Dynamic DNS
|
|
monitoring: T4312: Ability to set IP address in the URL
|
|
Use common "url.xml" which allow URL as domain name or IP entrie
|
|
conntrack-sync: T4730: Fix listen-address jinja2 template
|
|
monitoring: T4680: Bracketize prometheus listen-address
|
|
Fix correct format for prometheus listen-address when we use
IPv6 address, we must use square 'brackets'
http://[2001:db8::11e]:9273
|
|
Listen address has option 'multi'
As result we have an incorrect template value for listen-address
- conntrack-sync listen-address '192.0.2.11' in template
It looks like "IPv4_address ['192.0.2.11']" in the conntrackd.conf
but the correct string expected without brackets
Fix it
|
|
Allow to set IPv6 address for Dynamic DNS
set service dns dynamic interface eth2 ipv6-enable
|
|
wireguard: T4702: actively revoke peer if it gets disabled
|
|
smoketest: T4652: upgrade PowerDNS recursor to 4.7 series
|
|
ethernet: T3171: enable RPS (Receive Packet Steering) for all RX queues
|
|
This commit fixes MSS clamping ranges as well as reintroduces the
clamp-mss-to-pmtu option value to clamp to PMTU instead.
|
|
The initial implementation in commit 9fb9e5cade ("ethernet: T3171: add CLI
option to enable RPS (Receive Packet Steering)" only changed the CPU affinity
for RX queue 0.
This commit takes all RX queues into account.
(cherry picked from commit 13645bc2cfd31f1525078469f23e89491987e0ea)
|
|
Co-authored-by: initramfs <initramfs@initramfs.io>
|
|
|
|
When any configured peer is set to `disable` while the Wireguard tunnel is up
and running it does not get actively revoked and removed. This poses a security
risk as connections keep beeing alive.
Whenever any parameter of a peer changes we actively remove the peer and fully
recreate it on the fly.
(cherry picked from commit a4feb96af9ac45aff41ded1744cf302b5c5a9e7e)
|