Age | Commit message (Collapse) | Author |
|
T5833: Not all AFIs compatible with VRF add verify check (backport #3359)
|
|
Not all FRR address-families compatibe with VRF
```
r4# conf t
r4(config)# router bgp 65001 vrf bgp
r4(config-router)#
r4(config-router)# address-family ipv4 flowspec
Only Unicast/Multicast/EVPN SAFIs supported in non-core instances.
r4(config-router)#
r4(config-router)# address-family ipv4 labeled-unicast
Only Unicast/Multicast/EVPN SAFIs supported in non-core instances.
r4(config-router)#
r4(config-router)# address-family ipv4 vpn
Only Unicast/Multicast/EVPN SAFIs supported in non-core instances.
r4(config-router)#
```
Add verify AFI for VRF
(cherry picked from commit a3713cd64f2f43f321a5138db94bb1a87edbffdd)
|
|
GitHub actions update for sagitta
|
|
T6109: Fix remote logging for sudo commands (backport #3355)
|
|
This fix for bug when `sudo` commands were not send to the remote
syslog server. They stop before the directive that includes all
configurations `$IncludeConfig /etc/rsyslog.d/*.conf`
(cherry picked from commit 7164ad40f5cc47f35c7903626d4d4da048a25113)
|
|
T6255: static-routing: don't render whitespace from static table descriptions (backport #3340)
|
|
(cherry picked from commit 8602c84e1b7c0da4c4c57fc2d034ec18497303fd)
|
|
T6217: Conntrack-sync change the actual name of the script (backport #3354)
|
|
The actual name of the script is `vyos-vrrp-conntracksync.sh`
(cherry picked from commit 7efe245f59bbea9f12d0c7c5a8975380efc6f2d5)
|
|
T6226: add HAPROXY tcp-request related block to load-balancing reverse proxy config (backport #3342)
|
|
config
(cherry picked from commit 984c386d11ead8371b7ac381e6c0921473e557ed)
|
|
image-tools: T6260: remove persistence image directory if no space error (backport #3346)
|
|
connect_disconnect: T6261: correction to typo in check_ppp_running (backport #3347)
|
|
(cherry picked from commit eab0adcbf30734045cf04c140d30efae1abdf194)
|
|
(cherry picked from commit 76cc762ef4aacd1120d533e1122f56ce09a2cfa9)
|
|
(cherry picked from commit c2fc2dba32ba861684f5e34635f810c56d551d51)
|
|
Connect_disconnect: T6261: correction to typo in check_ppp_running function
Changes include:
1. Replaces "beeing" -> being in print statement for check_ppp_running
2. Replaces "can not" -> cannot in print statement on lines 61 and 93
(cherry picked from commit 19e0d3b74f66e082c3f131b9044e7ca2371b1d85)
|
|
xml: T5738: fix typo in radius-additions.xml.i (backport #3339)
|
|
(cherry picked from commit 8d0aa7bfb83aecb989ab01b6d1975cf23f1c7dcb)
|
|
vyos.utils: T6244: add whitespace after time unit in uptime (backport #3336)
|
|
(cherry picked from commit 31b21d26751b7db7ab784486da5b8690ddd4a058)
|
|
We only supported calculating seconds to weeks but not seconds to years. This
has been added.
Testcase:
from vyos.utils.convert import seconds_to_human
minute = 60
hour = minute * 60
day = hour * 24
week = day * 7
year = day * 365.25
for separator in ['', ' ', '-', '/']:
print(f'----- Using separator "{separator}" -----')
print(seconds_to_human(10, separator))
print(seconds_to_human(5* minute, separator))
print(seconds_to_human(3* hour, separator))
print(seconds_to_human(4* day, separator))
print(seconds_to_human(7 * week, separator))
print(seconds_to_human(10 * year, separator))
print(seconds_to_human(5*year + 4*week + 3*day + 2*hour + minute + 5, separator))
print()
cpo@LR1.wue3:~$ ./foo.py
----- Using separator "" -----
10s
5m
3h
4d
7w
10y
5y4w3d2h1m5s
----- Using separator " " -----
10s
5m
3h
4d
7w
10y
5y 4w 3d 2h 1m 5s
----- Using separator "-" -----
10s
5m
3h
4d
7w
10y
5y-4w-3d-2h-1m-5s
----- Using separator "/" -----
10s
5m
3h
4d
7w
10y
5y/4w/3d/2h/1m/5s
(cherry picked from commit 8d8f3137d174a43a259cbe50dd12730805f0200c)
|
|
When handling optional separators rather build up a list and join the list
with the requested delimiter to form the resulting human readable time string.
(cherry picked from commit 6e9cd8821ca028b5bc05c14b0b4e3454036da6da)
|
|
T6237: IPSec remote access VPN: ability to set EAP ID of clients (backport #3337)
|
|
(cherry picked from commit 78ea623df20b44309cc6ac9848ed18e97fc4ed03)
|
|
T6246: basic haproxy http-check configuration (backport #3325)
|
|
(cherry picked from commit 050f24770aec7a74c1a07ba64cf2cb83afb72f1a)
|
|
GRE: T6252: fix issues when set mtu higher than 8024 (backport #3333)
|
|
(cherry picked from commit 4cde677e9e128bc9b62fad720b1b6f6cac506954)
|
|
T5996: selectively escape and restore single backslashes in config (backport #3035)
|
|
(cherry picked from commit d2df08856ddc5a6132544d73e1beb3074a352508)
|
|
(cherry picked from commit b16c5fbbcb10b90341b97e25bcf51c440427ea42)
|
|
(cherry picked from commit 785616393557c4e3f616287de81b61a68ba177ac)
|
|
openvpn: T6245: return 'n/a' if client info not available (backport #3330)
|
|
(cherry picked from commit a43f1c00bdc5047eb20840ebb274418362612526)
|
|
T6221: Return default ip rule values after deleting VRF (backport #3326)
|
|
Fix for restoring default ip rule values after deleting VRF
Defult values:
```
$ ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
```
After adding and deleting a VRF we get unexpected values:
```
$ ip rule
1000: from all lookup [l3mdev-table]
2000: from all lookup [l3mdev-table] unreachable
32765: from all lookup local
32766: from all lookup main
32767: from all lookup default
```
(cherry picked from commit ce0bc35f8b5ff80a7b8fbfdf1b9ccc10c5c254fd)
|
|
pki: T6241: do not call dependency before its initialization (backport #3327)
|
|
(cherry picked from commit a88b3bd344cc4a682d16681ef536c1d20e2c2c42)
|
|
image-tools: T6168: compat mode update should preserve console type (backport #3192)
|
|
T6191: do not append action policy route|route6 when its not specified (backport #3320)
|
|
specified, in order to ensure same behavior as in Equuleus
(cherry picked from commit 5ab8f9ac47d9d8d198f5ace0ffc4a0b26af098df)
|
|
Add system image in compatibility mode would set the default boot
without reference to console_type; fix the translation of default to
the correct index in compat grub.cfg.
(cherry picked from commit 1cb05f47ec7e2af265fa6795653f27481dacc37f)
|
|
image-tools: T6154: installer prompts to confirm password (backport #3321)
|
|
(cherry picked from commit f43edbd7cd36f52a0cd9c475b53f317882f4a6f9)
|
|
T6242: load-balancing reverse-proxy: Ability for ssl backends to not verify server certificates (backport #3315)
|
|
T5722: Failover route add option onlink (backport #3313)
|
|
onlink pretend that the nexthop is directly attached to this link,
even if it does not match any interface prefix.
Useful when gateway not in the same interface network
set interfaces ethernet eth0 vif 10 address '10.20.30.1/32'
set protocols static route 10.20.30.0/32 interface eth0.10
set protocols failover route 192.0.2.11/32 next-hop 10.20.30.0 onlink
```
vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 metric 1 proto failover
Error: Nexthop has invalid gateway.
[edit]
vyos@r4#
[edit]
vyos@r4# sudo ip route add 192.0.2.111/32 via 10.20.30.0 dev eth0.10 onlink metric 1 proto failover
[edit]
vyos@r4#
```
(cherry picked from commit bb832acb97881d747a57da2728eab3ad138b8129)
|
|
server certificates
(cherry picked from commit aafe22d08bb38a579dd5075fd27a1b88beeca791)
|
|
T5535: firewall: migrate command <set system ip disable-directed-broadcast> to firewall global-optinos (backport #3309)
|