Age | Commit message (Collapse) | Author |
|
T5953: Changed values of 'close-action' to Strongswan values (backport #2842)
|
|
Changed the value from 'hold' to 'trap' in the 'close-action'
option in the IKE group.
Changed the value from 'restart' to 'start' in the 'close-action'
option in the IKE group.
(cherry picked from commit 8870fabf1b4358618fca7db459515106653214b5)
|
|
image-tools: T5923: update system_console.py for new GRUB file structure (backport #2818)
|
|
Add util function to set serial console speed in accordance with revised
GRUB file structure; in keeping with the intentions of the config_mode
script, adjust the GRUB var 'console_speed' to only modify ttyS0.
(cherry picked from commit 5ceaff2ef970cb9c567ac317bafbffca5b073f4a)
|
|
T4658: Renamed DPD action value from 'hold' to 'trap' (backport #2837)
|
|
Renamed DPD action value from 'hold' to 'trap'
(cherry picked from commit 9f4aee5778eefa0a17d4795430d50e4a046e88b0)
|
|
T5889: Fix migration scripts nat 5-to-6 (backport #2833)
|
|
The current migration drop interface name for NAT where not should
```
nat {
source {
rule 100 {
outbound-interface {
name "eth0"
...
}
}
}
```
After migration we lost interface:
/home/vyos# /opt/vyatta/etc/config-migrate/migrate/nat/5-to-6 tmp.conf
/home/vyos#
/home/vyos# cat tmp.conf | grep "nat {" -A 10
nat {
source {
rule 100 {
outbound-interface {
interface-name ""
...
}
}
}
```
This commit fixes it.
(cherry picked from commit 813237d9766f636394b9ab385bb825fbf83202b3)
|
|
T671: call dmidecode directly in "show hardware dmi" (backport #2201)
|
|
bgp: T5937: fix migration script for IPv6 AFI peer-group (backport #2834)
|
|
Migrate "bgp <ASN> neighbor <NEIGH> address-family ipv6-unicast peer-group"
to "bgp neighbor <NEIGH> peer-group"
(cherry picked from commit 9febed1344e93815dc3a94047daa69967c3af160)
|
|
The old script isn't doing much, in fact, it's much less informative
than actual dmidecode
(cherry picked from commit 7f0a363c9034a3b1600efab7c30bf7ab06381816)
|
|
ospf: T5936: when migrating passive interfaces set_tag() must be set (backport #2829)
|
|
(cherry picked from commit 495c3c3cc646c378746dc458f30da72c85f16dba)
|
|
T4856: Fix IPsec DHCP-client exit hook (backport #2823)
|
|
T5901: Add DHCP base_path dir during first boot (backport #2824)
|
|
We should create dhclient base_path dir `/run/dhclient` during the
first boot.
It fixes cloud-init boot issues
```
/etc/dhcp/dhclient-exit-hooks.d/03-vyos-dhclient-hook: line 33: /run/dhclient/dhclient_eth0.lease: No such file or directory
```
(cherry picked from commit e613983721c48c13c2e6e73e7c4dbdbaa8e9eacf)
|
|
The script acually does not have the variable `secrets_lines` and
secret lines itself does not have the marker `# dhcp:{interface}`
in `to_find`
Needs to rewrite this script in the future if it is required
This commit fixes DHCP-client exit hook:
```
dhclient[6800]: NameError: name 'secrets_lines' is not defined
root[6801]: /etc/dhcp/dhclient-exit-hooks.d/99-ipsec-dhclient-hook returned non-zero exit status 1
```
(cherry picked from commit a9cf7246d4450c8b3e1b749b36c3393b0963404b)
|
|
op-mode: T5944: remove double whitespace in reboot error message (backport #2825)
|
|
(cherry picked from commit 01b7ae796e870be90d4e448100c5e7551d9767ec)
|
|
T5944: Fix reboot in arg (backport #2821)
|
|
Fix the arg for the `reboot in x` command
The current arg is `--reboot_in [Minutes ...]`
The expected arg is `--reboot-in [Minutes ...]`
(cherry picked from commit 3b27d5bc97372c01cb02d4dd0cd3b0b6fa1c3d94)
|
|
bgp: T591: SRv6 improvements (backport #2819)
|
|
set protocols bgp address-family ipv4-unicast nexthop vpn export <ipv4-address|ipv6-address>
set protocols bgp address-family ipv6-unicast nexthop vpn export <ipv4-address|ipv6-address>
(cherry picked from commit 7349927908206fa83a7295d643f56950309efb4f)
|
|
set protocols bgp address-family ipv4-unicast sid vpn export <auto|1-1048575>
set protocols bgp address-family ipv6-unicast sid vpn export <auto|1-1048575>
(cherry picked from commit d7e248ba514108461ca9d5875c0be077c80ceca7)
|
|
T5925: Containers change systemd KillMode (backport #2814)
|
|
By default we use mode `none` for containers
Unit uses KillMode=none. This is unsafe, as it disables systemd's
process lifecycle management for the service. Please update the
service to use a safer KillMode=, such as 'mixed' or 'control-group'.
Support for KillMode=none is deprecated and will eventually be removed.
(cherry picked from commit 4c71c46cbb840167708e75e902de5bfc9e31a03e)
|
|
T5857: Fix op-mode show interfaces wireless info unconf message (backport #2812)
|
|
When a router does not have wireless interfaces the proper
unconfigured message must be exist
(cherry picked from commit c97955b963ecc3da9638717485fe4d2c8599565c)
|
|
image-tools: T5910: explicitly set transmission speed of serial console (backport #2806)
|
|
GRUB defaults to 9600 in case of serial console; explicitly set to
115200.
(cherry picked from commit 70122bef58eaa0084695f89c410992f8d7c1f9f6)
|
|
bgp: T5306: fix verify_remote_as() to support v6only interface with peer-group (backport #2809)
|
|
To test:
set protocols bgp neighbor eth0 interface v6only peer-group 'fabric'
set protocols bgp peer-group fabric address-family ipv4-unicast
set protocols bgp peer-group fabric address-family ipv6-unicast
set protocols bgp peer-group fabric capability extended-nexthop
set protocols bgp peer-group fabric remote-as 'external'
set protocols bgp system-as 64496
(cherry picked from commit 12e81dbb47b942b3d9a7a69189adefb5b176c4ef)
|
|
T5922: firewall: fix intra-zone filtering parsing rules; update firew… (backport #2807)
|
|
smoketest
(cherry picked from commit 5c4c873f9c36459bc7bad73208450ee802440929)
|
|
This reverts commit 61817dbb3f2667bcb0fbd734d70daeb2c4672720.
|
|
firewall: T5814: Retain legacy 'accept' behaviour and re-order migration (backport #2790)
|
|
Pre-1.4 firewall 'accept' action acted as a 'return'. This change ensures the migrated rules meet the expected behaviour.
This commit also re-orders migrated in/out/local jumps ordered by direction instead of interface.
(cherry picked from commit dc542f109460bca6453d1eeba9fe829aea38bb33)
|
|
T5791: T5918: use generic pattern to detect dynamic interfaces for ipsec and dynamic dns (backport #2798)
|
|
syslog: T1487: store all journald log files also in syslog (backport #2797)
|
|
T5919: firewall: fix <show firewall ipv6 ..> command (backport #2799)
|
|
Fix after commit 8452d8f4921 ("T5918: Fix typo in verify vpn ipsec interface")
so that dynamic interfaces can be used by ipsec but a warning is issued that
this will only work after they are available on the system.
PPPoE interfaces are the best example for this, as they are down during system
bootup and will be available anytime after the boot once we've dialed into
the BRAS.
(cherry picked from commit 8c941e316035e56757d77b782cf39702c73546e0)
|
|
This uses a more common pattern froma base class while the original code from
0a1c9bc38 ("T5791: DNS dynamic exclude check for dynamic interfaces PPPoE") is
still retained.
(cherry picked from commit e5ce4222c6e9b24d276625678db7339ada0c54ef)
|
|
T5915: firewall: re-add opmode command for zone based firewall (backport #2784)
|
|
This is useful to send the journal logs to external syslog servers
(cherry picked from commit 800c85a20a00278ab07bbcccd85b753b1ca31e21)
|
|
(cherry picked from commit 089280f82349cd7b77649eb71729be1e73714b52)
|
|
(cherry picked from commit 62f10e0ec8075634e1515d6cecc822d87053bccb)
|
|
T5688: Changed 'range' to multi in 'client-ip-pool' for accell-ppp (backport #2777)
|
|
dhcp: T5787: Prevent duplicate IP addresses on static mappings (backport)
|
|
interface: T5550: Interface source-validation priority over global value (backport)
|