summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-01-17T5953: Changed values of 'close-action' to Strongswan valuesaapostoliuk
Changed the value from 'hold' to 'trap' in the 'close-action' option in the IKE group. Changed the value from 'restart' to 'start' in the 'close-action' option in the IKE group. (cherry picked from commit 8870fabf1b4358618fca7db459515106653214b5)
2024-01-16Merge pull request #2840 from vyos/mergify/bp/sagitta/pr-2818John Estabrook
image-tools: T5923: update system_console.py for new GRUB file structure (backport #2818)
2024-01-17image-tools: T5923: update system_console.py for new GRUB file structureJohn Estabrook
Add util function to set serial console speed in accordance with revised GRUB file structure; in keeping with the intentions of the config_mode script, adjust the GRUB var 'console_speed' to only modify ttyS0. (cherry picked from commit 5ceaff2ef970cb9c567ac317bafbffca5b073f4a)
2024-01-16Merge pull request #2838 from vyos/mergify/bp/sagitta/pr-2837Christian Breunig
T4658: Renamed DPD action value from 'hold' to 'trap' (backport #2837)
2024-01-16T4658: Renamed DPD action value from 'hold' to 'trap'aapostoliuk
Renamed DPD action value from 'hold' to 'trap' (cherry picked from commit 9f4aee5778eefa0a17d4795430d50e4a046e88b0)
2024-01-16Merge pull request #2836 from vyos/mergify/bp/sagitta/pr-2833John Estabrook
T5889: Fix migration scripts nat 5-to-6 (backport #2833)
2024-01-16T5889: Fix migration scripts nat 5-to-6Viacheslav Hletenko
The current migration drop interface name for NAT where not should ``` nat { source { rule 100 { outbound-interface { name "eth0" ... } } } ``` After migration we lost interface: /home/vyos# /opt/vyatta/etc/config-migrate/migrate/nat/5-to-6 tmp.conf /home/vyos# /home/vyos# cat tmp.conf | grep "nat {" -A 10 nat { source { rule 100 { outbound-interface { interface-name "" ... } } } ``` This commit fixes it. (cherry picked from commit 813237d9766f636394b9ab385bb825fbf83202b3)
2024-01-16Merge pull request #2831 from vyos/mergify/bp/sagitta/pr-2201Christian Breunig
T671: call dmidecode directly in "show hardware dmi" (backport #2201)
2024-01-16Merge pull request #2835 from vyos/mergify/bp/sagitta/pr-2834Christian Breunig
bgp: T5937: fix migration script for IPv6 AFI peer-group (backport #2834)
2024-01-16bgp: T5937: fix migration script for IPv6 AFI peer-groupChristian Breunig
Migrate "bgp <ASN> neighbor <NEIGH> address-family ipv6-unicast peer-group" to "bgp neighbor <NEIGH> peer-group" (cherry picked from commit 9febed1344e93815dc3a94047daa69967c3af160)
2024-01-16T671: call dmidecode directly in "show hardware dmi"Daniil Baturin
The old script isn't doing much, in fact, it's much less informative than actual dmidecode (cherry picked from commit 7f0a363c9034a3b1600efab7c30bf7ab06381816)
2024-01-15Merge pull request #2830 from vyos/mergify/bp/sagitta/pr-2829Christian Breunig
ospf: T5936: when migrating passive interfaces set_tag() must be set (backport #2829)
2024-01-15ospf: T5936: when migrating passive interfaces set_tag() must be setChristian Breunig
(cherry picked from commit 495c3c3cc646c378746dc458f30da72c85f16dba)
2024-01-15Merge pull request #2827 from vyos/mergify/bp/sagitta/pr-2823Christian Breunig
T4856: Fix IPsec DHCP-client exit hook (backport #2823)
2024-01-15Merge pull request #2828 from vyos/mergify/bp/sagitta/pr-2824Christian Breunig
T5901: Add DHCP base_path dir during first boot (backport #2824)
2024-01-15T5901: Add DHCP base_path dir during first bootViacheslav Hletenko
We should create dhclient base_path dir `/run/dhclient` during the first boot. It fixes cloud-init boot issues ``` /etc/dhcp/dhclient-exit-hooks.d/03-vyos-dhclient-hook: line 33: /run/dhclient/dhclient_eth0.lease: No such file or directory ``` (cherry picked from commit e613983721c48c13c2e6e73e7c4dbdbaa8e9eacf)
2024-01-15T4856: Fix IPsec DHCP-client exit hookViacheslav Hletenko
The script acually does not have the variable `secrets_lines` and secret lines itself does not have the marker `# dhcp:{interface}` in `to_find` Needs to rewrite this script in the future if it is required This commit fixes DHCP-client exit hook: ``` dhclient[6800]: NameError: name 'secrets_lines' is not defined root[6801]: /etc/dhcp/dhclient-exit-hooks.d/99-ipsec-dhclient-hook returned non-zero exit status 1 ``` (cherry picked from commit a9cf7246d4450c8b3e1b749b36c3393b0963404b)
2024-01-15Merge pull request #2826 from vyos/mergify/bp/sagitta/pr-2825Viacheslav Hletenko
op-mode: T5944: remove double whitespace in reboot error message (backport #2825)
2024-01-15op-mode: T5944: remove double whitespace in reboot error messageChristian Breunig
(cherry picked from commit 01b7ae796e870be90d4e448100c5e7551d9767ec)
2024-01-15Merge pull request #2822 from vyos/mergify/bp/sagitta/pr-2821Christian Breunig
T5944: Fix reboot in arg (backport #2821)
2024-01-14T5944: Fix reboot in argViacheslav Hletenko
Fix the arg for the `reboot in x` command The current arg is `--reboot_in [Minutes ...]` The expected arg is `--reboot-in [Minutes ...]` (cherry picked from commit 3b27d5bc97372c01cb02d4dd0cd3b0b6fa1c3d94)
2024-01-14Merge pull request #2820 from vyos/mergify/bp/sagitta/pr-2819Christian Breunig
bgp: T591: SRv6 improvements (backport #2819)
2024-01-14bgp: T591: add VPN nexthop support per address-familyChristian Breunig
set protocols bgp address-family ipv4-unicast nexthop vpn export <ipv4-address|ipv6-address> set protocols bgp address-family ipv6-unicast nexthop vpn export <ipv4-address|ipv6-address> (cherry picked from commit 7349927908206fa83a7295d643f56950309efb4f)
2024-01-14bgp: T591: add SRv6 per address-family SID supportChristian Breunig
set protocols bgp address-family ipv4-unicast sid vpn export <auto|1-1048575> set protocols bgp address-family ipv6-unicast sid vpn export <auto|1-1048575> (cherry picked from commit d7e248ba514108461ca9d5875c0be077c80ceca7)
2024-01-12Merge pull request #2815 from vyos/mergify/bp/sagitta/pr-28141.4.0-rc2Christian Breunig
T5925: Containers change systemd KillMode (backport #2814)
2024-01-12T5925: Containers change systemd KillModeViacheslav Hletenko
By default we use mode `none` for containers Unit uses KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update the service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed. (cherry picked from commit 4c71c46cbb840167708e75e902de5bfc9e31a03e)
2024-01-12Merge pull request #2813 from vyos/mergify/bp/sagitta/pr-2812Christian Breunig
T5857: Fix op-mode show interfaces wireless info unconf message (backport #2812)
2024-01-12T5857: Fix op-mode show interfaces wireless info unconf messageViacheslav Hletenko
When a router does not have wireless interfaces the proper unconfigured message must be exist (cherry picked from commit c97955b963ecc3da9638717485fe4d2c8599565c)
2024-01-12Merge pull request #2811 from vyos/mergify/bp/sagitta/pr-2806Christian Breunig
image-tools: T5910: explicitly set transmission speed of serial console (backport #2806)
2024-01-12image-tools: T5910: explicitly set transmission speed of serial consoleJohn Estabrook
GRUB defaults to 9600 in case of serial console; explicitly set to 115200. (cherry picked from commit 70122bef58eaa0084695f89c410992f8d7c1f9f6)
2024-01-12Merge pull request #2810 from vyos/mergify/bp/sagitta/pr-2809Daniil Baturin
bgp: T5306: fix verify_remote_as() to support v6only interface with peer-group (backport #2809)
2024-01-12bgp: T5306: fix verify_remote_as() to support v6only interface with peer-groupChristian Breunig
To test: set protocols bgp neighbor eth0 interface v6only peer-group 'fabric' set protocols bgp peer-group fabric address-family ipv4-unicast set protocols bgp peer-group fabric address-family ipv6-unicast set protocols bgp peer-group fabric capability extended-nexthop set protocols bgp peer-group fabric remote-as 'external' set protocols bgp system-as 64496 (cherry picked from commit 12e81dbb47b942b3d9a7a69189adefb5b176c4ef)
2024-01-12Merge pull request #2808 from vyos/mergify/bp/sagitta/pr-2807Daniil Baturin
T5922: firewall: fix intra-zone filtering parsing rules; update firew… (backport #2807)
2024-01-12T5922: firewall: fix intra-zone filtering parsing rules; update firewall ↵Nicolas Fort
smoketest (cherry picked from commit 5c4c873f9c36459bc7bad73208450ee802440929)
2024-01-12Revert "syslog: T1487: store all journalctl log files also in syslog"Christian Breunig
This reverts commit 61817dbb3f2667bcb0fbd734d70daeb2c4672720.
2024-01-11Merge pull request #2805 from vyos/mergify/bp/sagitta/pr-2790Daniil Baturin
firewall: T5814: Retain legacy 'accept' behaviour and re-order migration (backport #2790)
2024-01-11firewall: T5814: Retain legacy 'accept' behaviour and re-order migrationsarthurdev
Pre-1.4 firewall 'accept' action acted as a 'return'. This change ensures the migrated rules meet the expected behaviour. This commit also re-orders migrated in/out/local jumps ordered by direction instead of interface. (cherry picked from commit dc542f109460bca6453d1eeba9fe829aea38bb33)
2024-01-11Merge pull request #2804 from vyos/mergify/bp/sagitta/pr-2798Daniil Baturin
T5791: T5918: use generic pattern to detect dynamic interfaces for ipsec and dynamic dns (backport #2798)
2024-01-11Merge pull request #2803 from vyos/mergify/bp/sagitta/pr-2797Daniil Baturin
syslog: T1487: store all journald log files also in syslog (backport #2797)
2024-01-11Merge pull request #2801 from vyos/mergify/bp/sagitta/pr-2799Daniil Baturin
T5919: firewall: fix <show firewall ipv6 ..> command (backport #2799)
2024-01-11ipsec: T5918: warn when dynamic interfaces are used to bind ipsec daemonChristian Breunig
Fix after commit 8452d8f4921 ("T5918: Fix typo in verify vpn ipsec interface") so that dynamic interfaces can be used by ipsec but a warning is issued that this will only work after they are available on the system. PPPoE interfaces are the best example for this, as they are down during system bootup and will be available anytime after the boot once we've dialed into the BRAS. (cherry picked from commit 8c941e316035e56757d77b782cf39702c73546e0)
2024-01-11dns: T5791: use common pattern for exclude check of dynamic interfacesChristian Breunig
This uses a more common pattern froma base class while the original code from 0a1c9bc38 ("T5791: DNS dynamic exclude check for dynamic interfaces PPPoE") is still retained. (cherry picked from commit e5ce4222c6e9b24d276625678db7339ada0c54ef)
2024-01-11Merge pull request #2800 from vyos/mergify/bp/sagitta/pr-2784Daniil Baturin
T5915: firewall: re-add opmode command for zone based firewall (backport #2784)
2024-01-11syslog: T1487: store all journalctl log files also in syslogChristian Breunig
This is useful to send the journal logs to external syslog servers (cherry picked from commit 800c85a20a00278ab07bbcccd85b753b1ca31e21)
2024-01-11T5919: firewall: fix <show firewall ipv6 ..> commandNicolas Fort
(cherry picked from commit 089280f82349cd7b77649eb71729be1e73714b52)
2024-01-11T5915:firewall: re-add opmode command for zone based firewallNicolas Fort
(cherry picked from commit 62f10e0ec8075634e1515d6cecc822d87053bccb)
2024-01-11Merge pull request #2789 from vyos/mergify/bp/sagitta/pr-2777Christian Breunig
T5688: Changed 'range' to multi in 'client-ip-pool' for accell-ppp (backport #2777)
2024-01-11Merge pull request #2794 from sarthurdev/T5787_sagittaChristian Breunig
dhcp: T5787: Prevent duplicate IP addresses on static mappings (backport)
2024-01-11Merge pull request #2793 from sarthurdev/T5550_sagittaChristian Breunig
interface: T5550: Interface source-validation priority over global value (backport)
2024-01-10Merge pull request #2795 from vyos/mergify/bp/sagitta/pr-2786Daniil Baturin
image-tools: T5917: annotate image list with (running)/(default boot) (backport #2786)